ETCD安装

ETCD安装

1.下载并解压

1.wget https://github.com/etcd-io/etcd/releases/download/v3.3.6/etcd-v3.3.6-linux-amd64.tar.gz 2 tar -xzvf etcd-v3.3.6-linux-amd64 -C /usr/local/
2. mkdir -p /data/kubernetes/bin
3. cp -r /usr/local/etcd-v3.3.6-linux-amd64/etcd* /data/kubernetes/bin/

2.创建证书

       1.创建config.json

cat ca-config.json 
{
    "signing": {
        "default": {
            "expiry": "175200h"
        },
        "profiles": {
            "server": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "client": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "peer": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
                    "client auth"
                ]
            }
        }
    }
}

       2.创建etcd证书

cat etcd-peer-csr.json 
{
    "CN": "etcd-cluster",
    "hosts": [
        "192.20.50.115",
        "192.20.50.116",
        "192.20.50.117"
    ],
    "key": {
        
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "bj",
            "L": "bj",
            "O": "df",
            "OU": "ops"
        }
    ]
}

      3.执行命令

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-peer-csr.json |cfssl-json -bare etcd-peer

     4.ca证书查看

https://www.cnblogs.com/hushaojie/p/13202708.html

3.创建启动脚本

cat /usr/lib/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
ExecStart=/data/kubernetes/bin/etcd --name etcd1 \
--data-dir /data/kubernetes/data/etcd-data/ \
--listen-peer-urls https://192.20.50.115:2380 \
--listen-client-urls https://192.20.50.115:2379,http://127.0.0.1:2379 \
--quota-backend-bytes 8000000000 \
--initial-advertise-peer-urls https://192.20.50.115:2380 \
--advertise-client-urls https://192.20.50.115:2379,http://127.0.0.1:2379 \
--initial-cluster etcd1=https://192.20.50.115:2380,etcd2=https://192.20.50.116:2380,etcd3=https://192.20.50.117:2380 \
--ca-file=/usr/local/certs/ca.pem \
--cert-file=/usr/local/certs/etcd-peer.pem \
--key-file=/usr/local/certs/etcd-peer-key.pem \
--client-cert-auth \
--trusted-ca-file=/usr/local/certs/ca.pem \
--peer-ca-file=/usr/local/certs/ca.pem \
--peer-cert-file=/usr/local/certs/etcd-peer.pem \
--peer-key-file=/usr/local/certs/etcd-peer-key.pem \
--peer-client-cert-auth \
--peer-trusted-ca-file=/usr/local/certs/ca.pem \

Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

4.授权添加开机自启

systemctl enable etcd

5.启动

 systemctl daemon-reload
 systemctl restart etcd.service

6.验证

#查看端口
netstat -luntp|grep etcd
#查看集群健康状态
etcdctl cluster-health
#查看集群所有节点
etcdctl member list
#把一台设备移除出集群 , 后面是集群节点号 , 使用list可以查看到
#移除之后,该节点的etcd服务自动关闭
etcdctl member remove 1e82894832618580
#更新一个节点
etcdctl member update 1e82894832618580
#设置key=hello , value=world
etcdctl set  hello world
#查看key的值
etcdctl get hello

 7.环境变量

ln -s /data/kubernetes/bin /root/bin