k8s etcd 集群配置安装

还是接着上面的博客 继续写

  里面使用到的证书签发方法在 https://www.cnblogs.com/S--S/p/10885952.html 直接找 etcd签发证书那部分既可以完成以下的操作

  准备三台主机如下:

  192.168.1.71

  192.168.1.72

  192.168.1.73

  3台主机分别执行下面的命令

step1:

  yum install etcd -y 

 

  首先在 第一台主机进行设置启动etcd

  192.168.1.71

step2:

  cd /etc/etcd/

  创建保存证书的文件目录 ssl

  mkdir ssl

  cp -rf /etc/ssl/k8s/etcd/etcd-1-71* ./ssl/

  创建统一保存k8s根证书的文件目录

  mkdir -pv /etc/kubernetes/ssl/

  cp -rf /etc/ssl/k8s/ca.pem /etc/kubernetes/ssl/

step3:

  编辑etcd配置文件 下面只保存精简部分

  vi etcd.conf   

[Member]
ETCD_DATA_DIR="/var/lib/etcd/etcd1"
ETCD_LISTEN_PEER_URLS="https://192.168.1.71:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.71:2379"
ETCD_NAME="etcd1"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.71:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.71:2379"
ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
ETCD_INITIAL_CLUSTER_STATE="new"
[Security]
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-71.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-71.key"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_AUTO_TLS="true"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-71.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-71.key"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_AUTO_TLS="true"

step4:

  编辑etcd启动程序文件 这个文件同时在以下三节点都修改

  192.168.1.71

  192.168.1.72

  192.168.1.73

  vi /usr/lib/systemd/system/etcd.service  

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
 
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
User=etcd
 
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd \
    --name=\"${ETCD_NAME}\" \
    --cert-file=\"${ETCD_CERT_FILE}\" \
    --key-file=\"${ETCD_KEY_FILE}\" \
    --peer-cert-file=\"${ETCD_PEER_CERT_FILE}\" \
    --peer-key-file=\"${ETCD_PEER_KEY_FILE}\" \
    --trusted-ca-file=\"${ETCD_TRUSTED_CA_FILE}\" \
    --peer-trusted-ca-file=\"${ETCD_PEER_TRUSTED_CA_FILE}\" \
    --initial-advertise-peer-urls=\"${ETCD_INITIAL_ADVERTISE_PEER_URLS}\" \
    --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" \
    --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" \
    --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" \
    --initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" \
    --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" \
    --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\" \
    --data-dir=\"${ETCD_DATA_DIR}\""
 
Restart=on-failure
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target

step5:

  第一台etcd启动

  systemctl daemon-reload    --> 3台主机都执行

  systemctl start etcd

  systemctl enable etcd

 

下面是部署其它2个节点 添加端口不能出错

  部署第二节点 192.168.1.72

  step1:

    pwd -> /etc/etcd/

    创建存放证书的目录

    mkdir ssl

    mkdir -pv /etc/kubernetes/ssl

    在192.168.1.71 执行

    拿到已经签发的证书

    scp -r ca.pem etcd/etcd-1-72.* 192.168.1.72:/etc/etcd/ssl/

    回到 192.168.1.72 主机执行

    pwd -> /etc/etcd/ssl

    cp ca.pem /etc/kubernetes/ssl/

    pwd -> /etc/etcd

    在 192.168.1.71 主机执行

    etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member add etcd2 https://192.168.1.72:2380

    在 192.168.1.72 主机开始修改 etcd 配置文件

    编辑 etcd 配置文件    

[Member]
ETCD_DATA_DIR="/var/lib/etcd/etcd2"
ETCD_LISTEN_PEER_URLS="https://192.168.1.72:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.72:2379"
ETCD_NAME="etcd2"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.72:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.72:2379"
ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd2=https://192.168.1.72:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
[Security]
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-72.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-72.key"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_AUTO_TLS="true"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-72.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-72.key"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_AUTO_TLS="true"

   step2:

    启动第二台etcd

      systemctl start etcd

      systemctl enable etcd

使用同样的步骤对第三台主机 进行配置加入集群 不能出错

    192.168.1.73

    执行

    mkdir -pv /etc/etcd/ssl /etc/kubernetes/ssl

 

    192.168.1.71

    执行

    pwd -> /etc/ssl/k8s

    scp -r ca.pem etcd/etcd-1-73.* 192.168.1.73:/etc/etcd/ssl/

    etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member add etcd3 https://192.168.1.73:2380

    

    192.168.1.73

    执行

    pwd -> /etc/etcd/ssl

    cp ca.pem /etc/kubernetes/ssl/

    pwd -> /etc/etcd

    编辑 etcd.conf 配置文件

    vi etcd.conf    

[Member]
ETCD_DATA_DIR="/var/lib/etcd/etcd3"
ETCD_LISTEN_PEER_URLS="https://192.168.1.73:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.73:2379"
ETCD_NAME="etcd3"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.73:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.73:2379"
ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd3=https://192.168.1.73:2380,etcd2=https://192.168.1.72:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
[Security]
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-73.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-73.key"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_AUTO_TLS="true"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-73.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-73.key"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_AUTO_TLS="true"

      启动 etcd

      systemctl start etcd

由上面的步骤3台主机依次加入了集群 在第一台可以查看集群状态

  etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member list

  如果出现 端口 ip地址配错的情况 请使用

  etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member remove id号删除 然后再重新添加

 

最后

  再次修改三台主机的etcd.conf配置文件 主要修改 2 行左右

  192.168.1.71

  192.168.1.72

  192.168.1.73

 

  vi etcd.conf  

ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd3=https://192.168.1.73:2380,etcd2=https://192.168.1.72:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"

  3台 etcd 都重启 设置开机启动 以后一般不会有问题

  建议 etcd 服务使用 SSD 硬盘 我在本地测试  HDD在后期对k8s支持过程中严重出现超时 故障

  systemctl start etcd

  systemctl enable etcd

自己写的博客肯定有错误 希望大家看见多多指导留言  看到会及时改正

posted @ 2019-05-18 18:34  超我  阅读(1418)  评论(0编辑  收藏  举报