k8s集群部署三（部署Etcd集群） 顶

由图中可以看出，Etcd是kube-apiserver用于存储的一个集群。

安装的下载地址为https://github.com/etcd-io/etcd/releases/tag/v3.2.12，找到其中的

etcd-v3.2.12-linux-amd64.tar.gz

在三台机依次解压,执行以下命令

tar -xzvf etcd-v3.2.12-linux-amd64.tar.gz

cd etcd-v3.2.12-linux-amd64

mkdir -p /opt/kubernetes/{bin,cfg,ssl}

mv etcd /opt/kubernetes/bin/

mv etcdctl /opt/kubernetes/bin/

cd /opt/kubernetes/cfg

touch etcd

vim etcd

内容如下

#[Member] ETCD_NAME="etcd01" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PFER_URLS="https://172.18.98.48:2380" ETCD_LISTEN_CLIENT_URLS="https://172.18.98.48:2379"

#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.18.98.48:2380" ETCD_ADVERTISE_CLIENT_URLS="https://172.18.98.48:2379" ETCD_INITIAL_CLUSTER="etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"

以上的IP地址根据你自己的IP地址来定。不同的服务器需要修改

ETCD_NAME，ETCD_LISTEN_PFER_URLS，ETCD_LISTEN_CLIENT_URLS，ETCD_INITIAL_ADVERTISE_PEER_URLS，ETCD_ADVERTISE_CLIENT_URLS

cd /usr/lib/systemd/system/

touch etcd.service

vim etcd.service

内容如下

[Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target

[Service] Type=notify EnvironmentFile=-/opt/kubernetes/cfg/etcd ExecStart=/opt/kubernetes/bin/etcd \ --name=${ETCD_NAME} \ --data-dir=${ETCD_DATA_DIR} \ --listen-peer-urls=${ETCD_LISTEN_PFER_URLS} \ --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-state=new \ --cert-file=/opt/kubernetes/ssl/server.pem \ --key-file=/opt/kubernetes/ssl/server-key.pem \ --peer-cert-file=/opt/kubernetes/ssl/server.pem \ --peer-key-file=/opt/kubernetes/ssl/server-key.pem \ --trusted-ca-file=/opt/kubernetes/ssl/ca.pem \ --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem Restart=on-failure LimitNOFILE=65536

[Install] WantedBy=multi-user.target

进入之前存储证书文件的目录

cd ssl

cp server*pem ca*.pem /opt/kubernetes/ssl/

systemctl daemon-reload & systemctl start etcd进行启动

如果启动中有错误，可以通过journalctl -u etcd或者tail -100f /var/log/messages来查看错误日志。

启动成功，查看进程

# ps -ef | grep etcd root 5243 1 3 16:42 ? 00:00:00 /opt/kubernetes/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://172.18.98.48:2380 --listen-client-urls=https://172.18.98.48:2379,http://127.0.0.1:2379 --advertise-client-urls=https://172.18.98.48:2379 --initial-advertise-peer-urls=https://172.18.98.48:2380 --initial-cluster=etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380 --initial-cluster-token=etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem

测试Etcd集群

vim /etc/profile

在最末尾增加

PATH=$PATH:/opt/kubernetes/bin

保存退出

source /etc/profile

cd /opt/kubernetes/ssl/

# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" cluster-health member 617854a0804804e is healthy: got healthy result from https://172.18.98.47:2379 member 93b5038b85e12bf7 is healthy: got healthy result from https://172.18.98.48:2379 member d848850d091a45de is healthy: got healthy result from https://172.18.98.46:2379 cluster is healthy