k8s-etcd
Posted 芒果牛奶
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s-etcd相关的知识,希望对你有一定的参考价值。
master: 192.168.1.193
node1: 192.168.1.194
node2: 192.168.1.195
tls认证
需要为 etcd 集群创建加密通信的 TLS 证书,这里复用以前创建的 kubernetes 证书
cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl
====install etcd=====
yum install etcd -y
mkdir /var/lib/etcd/
创建etcd.service 文件
master
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
--name node1 \\
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--initial-advertise-peer-urls https://192.168.1.193:2380 \\
--listen-peer-urls https://192.168.1.193:2380 \\
--listen-client-urls https://192.168.1.193:2379,http://localhost:2379 \\
--advertise-client-urls https://192.168.1.193:2379 \\
--initial-cluster-token cluster1 \\
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node1
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
--name node2 \\
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--initial-advertise-peer-urls https://192.168.1.194:2380 \\
--listen-peer-urls https://192.168.1.194:2380 \\
--listen-client-urls https://192.168.1.194:2379,http://localhost:2379 \\
--advertise-client-urls https://192.168.1.194:2379 \\
--initial-cluster-token cluster1 \\
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node2
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \\
--name node3 \\
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\
--initial-advertise-peer-urls https://192.168.1.195:2380 \\
--listen-peer-urls https://192.168.1.195:2380 \\
--listen-client-urls https://192.168.1.195:2379,http://localhost:2379 \\
--advertise-client-urls https://192.168.1.195:2379 \\
--initial-cluster-token cluster1 \\
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
###start etc cluster###
systemctl start etcd
###etcd test###
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
如果重建集群,需要删除rm -rf /var/lib/etcd/*以上是关于k8s-etcd的主要内容,如果未能解决你的问题,请参考以下文章