k8s-1(etcd安装)
1、环境准备
1 2 3 4 5 | 准备三台服务器CentOS 7.4master 192.168.56.11node01 192.168.56.12node02 192.168.56.13 |
etcd 二进制包下载地址
https://github.com/etcd-io/etcd/releases
上传etcd二进制文件
1 2 3 4 5 6 7 8 | [root@linux-node1 k8s]# pwd/root/k8s[root@linux-node1 k8s]# ll *.gz-rw-r--r--. 1 root root 11353259 Jan 9 16:57 etcd-v3.3.10-linux-amd64.tar.gz-rw-r--r--. 1 root root 9706487 Jan 9 18:15 flannel-v0.10.0-linux-amd64.tar.gz-rw-r--r--. 1 root root 422748874 Jan 9 17:00 kubernetes-server-linux-amd64.tar.gz[root@linux-node1 k8s]# tar xf etcd-v3.3.10-linux-amd64.tar.gz [root@linux-node1 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/ |
2、脚本
安装cfssl脚本
[root@linux-node1 k8s]# cat cfssl.sh curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
etcd证书脚本
[root@linux-node1 etcd-cert]# cat etcd-cert.sh cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "87600h" }, "profiles": { "www": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF cat > ca-csr.json <<EOF { "CN": "etcd CA", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Beijing", "ST": "Beijing" } ] } EOF cfssl gencert -initca ca-csr.json | cfssljson -bare ca - #----------------------- # 改成etcd集群ip cat > server-csr.json <<EOF { "CN": "etcd", "hosts": [ "192.168.56.11", "192.168.56.12", "192.168.56.13" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
etcd自启动脚本
[root@linux-node1 k8s]# cat etcd.sh #!/bin/bash # example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380 ETCD_NAME=$1 ETCD_IP=$2 ETCD_CLUSTER=$3 WORK_DIR=/opt/etcd cat <<EOF >$WORK_DIR/cfg/etcd #[Member] ETCD_NAME="${ETCD_NAME}" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380" ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380" ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379" ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOF cat <<EOF >/usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=${WORK_DIR}/cfg/etcd ExecStart=${WORK_DIR}/bin/etcd \ --name=\${ETCD_NAME} \ --data-dir=\${ETCD_DATA_DIR} \ --listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=\${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \ --initial-cluster-state=new \ --cert-file=${WORK_DIR}/ssl/server.pem \ --key-file=${WORK_DIR}/ssl/server-key.pem \ --peer-cert-file=${WORK_DIR}/ssl/server.pem \ --peer-key-file=${WORK_DIR}/ssl/server-key.pem \ --trusted-ca-file=${WORK_DIR}/ssl/ca.pem \ --peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable etcd systemctl restart etcd
3、安装
准备:创建etcd 目录 mkdir /opt/etcd/{cfg,bin,ssl} -p 一、安装cfssl [root@linux-node1 k8s]# pwd /root/k8s [root@linux-node1 k8s]# sh cfssl.sh 二、生产etcd证书 [root@linux-node1 etcd-cert]# pwd /root/k8s/etcd-cert [root@linux-node1 etcd-cert]# sh etcd-cert.sh [root@linux-node1 etcd-cert]# ls ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem etcd-cert.sh server.csr server-csr.json server-key.pem server.pem 三、拷贝证书 [root@linux-node1 etcd-cert]# cp *.pem /opt/etcd/ssl/ [root@linux-node1 etcd-cert]# ls /opt/etcd/ssl/ ca-key.pem ca.pem server-key.pem server.pem 四、生成etcd启动文件 [root@linux-node1 k8s]# pwd /root/k8s [root@linux-node1 k8s]# sh etcd.sh etcd01 192.168.56.11 etcd02=https://192.168.56.12:2380,etcd03=https://192.168.56.13:2380
4、拷贝配置文件
scp -r /opt/etcd root@192.168.56.13:/opt/ scp -r /opt/etcd root@192.168.56.12:/opt/ scp /usr/lib/systemd/system/etcd.service root@192.168.56.12:/usr/lib/systemd/system/ scp /usr/lib/systemd/system/etcd.service root@192.168.56.13:/usr/lib/systemd/system/
[root@linux-node2 ssl]# cat /opt/etcd/cfg/etcd #[Member] ETCD_NAME="etcd02" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.56.12:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.56.12:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.56.12:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.56.12:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.56.11:2380,etcd02=https://192.168.56.12:2380,etcd03=https://192.168.56.13:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
[root@linux-node3 ssl]# cat /opt/etcd/cfg/etcd #[Member] ETCD_NAME="etcd03" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.56.13:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.56.13:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.56.13:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.56.13:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.56.11:2380,etcd02=https://192.168.56.12:2380,etcd03=https://192.168.56.13:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
5、启动etcd
1 2 3 | systemctl daemon-reloadsystemctl enable etcdsystemctl start etcd |
6、检查集群状态
[root@linux-node1 k8s]# cd /opt/etcd/ssl/ [root@linux-node1 ssl]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379" cluster-health member 16946dc3570ef393 is healthy: got healthy result from https://192.168.56.13:2379 member 2c14ec94752d5694 is healthy: got healthy result from https://192.168.56.12:2379 member bf624c9e82dced96 is healthy: got healthy result from https://192.168.56.11:2379 cluster is healthy
分类:
k8s二进制安装
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· winform 绘制太阳,地球,月球 运作规律
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)