由图中可以看出,Etcd是kube-apiserver用于存储的一个集群。
安装的下载地址为https://github.com/etcd-io/etcd/releases/tag/v3.2.12,找到其中的
etcd-v3.2.12-linux-amd64.tar.gz
在三台机依次解压,执行以下命令
tar -xzvf etcd-v3.2.12-linux-amd64.tar.gz
cd etcd-v3.2.12-linux-amd64
mkdir -p /opt/kubernetes/{bin,cfg,ssl}
mv etcd /opt/kubernetes/bin/
mv etcdctl /opt/kubernetes/bin/
cd /opt/kubernetes/cfg
touch etcd
vim etcd
内容如下
#[Member] ETCD_NAME="etcd01" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PFER_URLS="https://172.18.98.48:2380" ETCD_LISTEN_CLIENT_URLS="https://172.18.98.48:2379"
#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.18.98.48:2380" ETCD_ADVERTISE_CLIENT_URLS="https://172.18.98.48:2379" ETCD_INITIAL_CLUSTER="etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
以上的IP地址根据你自己的IP地址来定。不同的服务器需要修改
ETCD_NAME,ETCD_LISTEN_PFER_URLS,ETCD_LISTEN_CLIENT_URLS,ETCD_INITIAL_ADVERTISE_PEER_URLS,ETCD_ADVERTISE_CLIENT_URLS
cd /usr/lib/systemd/system/
touch etcd.service
vim etcd.service
内容如下
[Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target
[Service] Type=notify EnvironmentFile=-/opt/kubernetes/cfg/etcd ExecStart=/opt/kubernetes/bin/etcd \ --name=${ETCD_NAME} \ --data-dir=${ETCD_DATA_DIR} \ --listen-peer-urls=${ETCD_LISTEN_PFER_URLS} \ --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-state=new \ --cert-file=/opt/kubernetes/ssl/server.pem \ --key-file=/opt/kubernetes/ssl/server-key.pem \ --peer-cert-file=/opt/kubernetes/ssl/server.pem \ --peer-key-file=/opt/kubernetes/ssl/server-key.pem \ --trusted-ca-file=/opt/kubernetes/ssl/ca.pem \ --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem Restart=on-failure LimitNOFILE=65536
[Install] WantedBy=multi-user.target
进入之前存储证书文件的目录
cd ssl
cp server*pem ca*.pem /opt/kubernetes/ssl/
systemctl daemon-reload & systemctl start etcd进行启动
如果启动中有错误,可以通过journalctl -u etcd或者tail -100f /var/log/messages来查看错误日志。
启动成功,查看进程
# ps -ef | grep etcd root 5243 1 3 16:42 ? 00:00:00 /opt/kubernetes/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://172.18.98.48:2380 --listen-client-urls=https://172.18.98.48:2379,http://127.0.0.1:2379 --advertise-client-urls=https://172.18.98.48:2379 --initial-advertise-peer-urls=https://172.18.98.48:2380 --initial-cluster=etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380 --initial-cluster-token=etcd01=https://172.18.98.48:2380,etcd02=https://172.18.98.47:2380,etcd03=https://172.18.98.46:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
测试Etcd集群
vim /etc/profile
在最末尾增加
PATH=$PATH:/opt/kubernetes/bin
保存退出
source /etc/profile
cd /opt/kubernetes/ssl/
# etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379" cluster-health member 617854a0804804e is healthy: got healthy result from https://172.18.98.47:2379 member 93b5038b85e12bf7 is healthy: got healthy result from https://172.18.98.48:2379 member d848850d091a45de is healthy: got healthy result from https://172.18.98.46:2379 cluster is healthy