k8s 集群搭建-04-部署 ETCD 集群
四、部署ETCD集群
Kubernetes组件是无状态的,并在etcd中存储集群状态。 在本小节中,我们将部署三个节点的etcd群集,并对其进行配置以实现高可用性和安全的远程访问。
1. 配置etcd
copy必要的证书文件,一下命令在三个节点同时操作;
$ mkdir -p /etc/etcd /var/lib/etcd
$ chmod 700 /var/lib/etcd
$ cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/配置etcd.service文件,由于ETCD_IP每个节点的都不同,所以需要每个节点进行操作
$ ETCD_NAME=$(hostname -s)
# $ ETCD_IP=10.155.19.223 (删掉)
$ ETCD_IP=192.168.1.123 # node-1执行
#$ ETCD_IP=192.168.1.124 # node-2执行
# $ ETCD_IP=192.168.1.125 # node-3执行
# etcd所有节点的ip地址
#$ ETCD_NAMES=(node-1 node-2 node-3) (参考)
# $ ETCD_IPS=(10.155.19.223 10.155.19.64 10.155.19.147)(参考)
# --------------------- 以下命令三个节点共同执行 ------------------------------------
$ ETCD_NAMES=(homaybd03 homaybd04 homaybd05)
$ ETCD_IPS=(192.168.1.123 192.168.1.124 192.168.1.125)
$ cat <<EOF > /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \\
--name ${ETCD_NAME} \\
--cert-file=/etc/etcd/kubernetes.pem \\
--key-file=/etc/etcd/kubernetes-key.pem \\
--peer-cert-file=/etc/etcd/kubernetes.pem \\
--peer-key-file=/etc/etcd/kubernetes-key.pem \\
--trusted-ca-file=/etc/etcd/ca.pem \\
--peer-trusted-ca-file=/etc/etcd/ca.pem \\
--peer-client-cert-auth \\
--client-cert-auth \\
--initial-advertise-peer-urls https://${ETCD_IP}:2380 \\
--listen-peer-urls https://${ETCD_IP}:2380 \\
--listen-client-urls https://${ETCD_IP}:2379,https://127.0.0.1:2379 \\
--advertise-client-urls https://${ETCD_IP}:2379 \\
--initial-cluster-token etcd-cluster-0 \\
--initial-cluster ${ETCD_NAMES[0]}=https://${ETCD_IPS[0]}:2380,${ETCD_NAMES[1]}=https://${ETCD_IPS[1]}:2380,${ETCD_NAMES[2]}=https://${ETCD_IPS[2]}:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF检查配置是否成功:
[root@homaybd03 ~]# cat /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \
--name homaybd03 \
--cert-file=/etc/etcd/kubernetes.pem \
--key-file=/etc/etcd/kubernetes-key.pem \
--peer-cert-file=/etc/etcd/kubernetes.pem \
--peer-key-file=/etc/etcd/kubernetes-key.pem \
--trusted-ca-file=/etc/etcd/ca.pem \
--peer-trusted-ca-file=/etc/etcd/ca.pem \
--peer-client-cert-auth \
--client-cert-auth \
--initial-advertise-peer-urls https://192.168.1.123:2380 \
--listen-peer-urls https://192.168.1.123:2380 \
--listen-client-urls https://192.168.1.123:2379,https://127.0.0.1:2379 \
--advertise-client-urls https://192.168.1.123:2379 \
--initial-cluster-token etcd-cluster-0 \
--initial-cluster homaybd03=https://192.168.1.123:2380,homaybd04=https://192.168.1.124:2380,homaybd05=https://192.168.1.125:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
[root@homaybd03 ~]#
2. 启动etcd集群(三个节点)
所有etcd节点都配置好etcd.service后,启动etcd集群,每个节点都启动该命令
$ systemctl daemon-reload && systemctl enable etcd && systemctl restart etcd3. 验证etcd集群
验证etcd集群状态
ETCDCTL_API=3 etcdctl member list \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/etcd/ca.pem \
--cert=/etc/etcd/kubernetes.pem \
--key=/etc/etcd/kubernetes-key.pem打印查看:
[root@hombd03 ~]# ETCDCTL_API=3 etcdctl member list \
> --endpoints=https://127.0.0.1:2379 \
> --cacert=/etc/etcd/ca.pem \
> --cert=/etc/etcd/kubernetes.pem \
> --key=/etc/etcd/kubernetes-key.pem
5b795d7d31fbab6d, started, homaybd04, https://192.168.1.124:2380, https://192.168.1.124:2379, false
7a9a899a0680e6b2, started, homaybd03, https://192.168.1.123:2380, https://192.168.1.123:2379, false
c1d4e5207b663ed0, started, homaybd05, https://192.168.1.125:2380, https://192.168.1.125:2379, false
[root@homaybd03 ~]# 可以看到各个节点的ETCD 都开启了,而且对应的Hostname 和 IP都和预期一样。
为者常成,行者常至
自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)
