zoukankan      html  css  js  c++  java
  • k8s etcd 集群配置安装

    还是接着上面的博客 继续写

      里面使用到的证书签发方法在 https://www.cnblogs.com/S--S/p/10885952.html 直接找 etcd签发证书那部分既可以完成以下的操作

      准备三台主机如下:

      192.168.1.71

      192.168.1.72

      192.168.1.73

      3台主机分别执行下面的命令

    step1:

      yum install etcd -y 

      首先在 第一台主机进行设置启动etcd

      192.168.1.71

    step2:

      cd /etc/etcd/

      创建保存证书的文件目录 ssl

      mkdir ssl

      cp -rf /etc/ssl/k8s/etcd/etcd-1-71* ./ssl/

      创建统一保存k8s根证书的文件目录

      mkdir -pv /etc/kubernetes/ssl/

      cp -rf /etc/ssl/k8s/ca.pem /etc/kubernetes/ssl/

    step3:

      编辑etcd配置文件 下面只保存精简部分

      vi etcd.conf   

    [Member]
    ETCD_DATA_DIR="/var/lib/etcd/etcd1"
    ETCD_LISTEN_PEER_URLS="https://192.168.1.71:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.1.71:2379"
    ETCD_NAME="etcd1"
    [Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.71:2380"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.71:2379"
    ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380"
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
    ETCD_INITIAL_CLUSTER_STATE="new"
    [Security]
    ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-71.pem"
    ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-71.key"
    ETCD_CLIENT_CERT_AUTH="true"
    ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_AUTO_TLS="true"
    ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-71.pem"
    ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-71.key"
    ETCD_PEER_CLIENT_CERT_AUTH="true"
    ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_PEER_AUTO_TLS="true"

    step4:

      编辑etcd启动程序文件 这个文件同时在以下三节点都修改

      192.168.1.71

      192.168.1.72

      192.168.1.73

      vi /usr/lib/systemd/system/etcd.service  

    [Unit]
    Description=Etcd Server
    After=network.target
    After=network-online.target
    Wants=network-online.target
     
    [Service]
    Type=notify
    WorkingDirectory=/var/lib/etcd/
    EnvironmentFile=-/etc/etcd/etcd.conf
    User=etcd
     
    ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd 
        --name="${ETCD_NAME}" 
        --cert-file="${ETCD_CERT_FILE}" 
        --key-file="${ETCD_KEY_FILE}" 
        --peer-cert-file="${ETCD_PEER_CERT_FILE}" 
        --peer-key-file="${ETCD_PEER_KEY_FILE}" 
        --trusted-ca-file="${ETCD_TRUSTED_CA_FILE}" 
        --peer-trusted-ca-file="${ETCD_PEER_TRUSTED_CA_FILE}" 
        --initial-advertise-peer-urls="${ETCD_INITIAL_ADVERTISE_PEER_URLS}" 
        --listen-peer-urls="${ETCD_LISTEN_PEER_URLS}" 
        --listen-client-urls="${ETCD_LISTEN_CLIENT_URLS}" 
        --advertise-client-urls="${ETCD_ADVERTISE_CLIENT_URLS}" 
        --initial-cluster-token="${ETCD_INITIAL_CLUSTER_TOKEN}" 
        --initial-cluster="${ETCD_INITIAL_CLUSTER}" 
        --initial-cluster-state="${ETCD_INITIAL_CLUSTER_STATE}" 
        --data-dir="${ETCD_DATA_DIR}""
     
    Restart=on-failure
    LimitNOFILE=65536
     
    [Install]
    WantedBy=multi-user.target

    step5:

      第一台etcd启动

      systemctl daemon-reload    --> 3台主机都执行

      systemctl start etcd

      systemctl enable etcd

     

    下面是部署其它2个节点 添加端口不能出错

      部署第二节点 192.168.1.72

      step1:

        pwd -> /etc/etcd/

        创建存放证书的目录

        mkdir ssl

        mkdir -pv /etc/kubernetes/ssl

        在192.168.1.71 执行

        拿到已经签发的证书

        scp -r ca.pem etcd/etcd-1-72.* 192.168.1.72:/etc/etcd/ssl/

        回到 192.168.1.72 主机执行

        pwd -> /etc/etcd/ssl

        cp ca.pem /etc/kubernetes/ssl/

        pwd -> /etc/etcd

        在 192.168.1.71 主机执行

        etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member add etcd2 https://192.168.1.72:2380

        在 192.168.1.72 主机开始修改 etcd 配置文件

        编辑 etcd 配置文件    

    [Member]
    ETCD_DATA_DIR="/var/lib/etcd/etcd2"
    ETCD_LISTEN_PEER_URLS="https://192.168.1.72:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.1.72:2379"
    ETCD_NAME="etcd2"
    [Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.72:2380"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.72:2379"
    ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd2=https://192.168.1.72:2380"
    ETCD_INITIAL_CLUSTER_STATE="existing"
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
    [Security]
    ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-72.pem"
    ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-72.key"
    ETCD_CLIENT_CERT_AUTH="true"
    ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_AUTO_TLS="true"
    ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-72.pem"
    ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-72.key"
    ETCD_PEER_CLIENT_CERT_AUTH="true"
    ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_PEER_AUTO_TLS="true"

       step2:

        启动第二台etcd

          systemctl start etcd

          systemctl enable etcd

    使用同样的步骤对第三台主机 进行配置加入集群 不能出错

        192.168.1.73

        执行

        mkdir -pv /etc/etcd/ssl /etc/kubernetes/ssl

        192.168.1.71

        执行

        pwd -> /etc/ssl/k8s

        scp -r ca.pem etcd/etcd-1-73.* 192.168.1.73:/etc/etcd/ssl/

        etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member add etcd3 https://192.168.1.73:2380

        

        192.168.1.73

        执行

        pwd -> /etc/etcd/ssl

        cp ca.pem /etc/kubernetes/ssl/

        pwd -> /etc/etcd

        编辑 etcd.conf 配置文件

        vi etcd.conf    

    [Member]
    ETCD_DATA_DIR="/var/lib/etcd/etcd3"
    ETCD_LISTEN_PEER_URLS="https://192.168.1.73:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.1.73:2379"
    ETCD_NAME="etcd3"
    [Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.73:2380"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.73:2379"
    ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd3=https://192.168.1.73:2380,etcd2=https://192.168.1.72:2380"
    ETCD_INITIAL_CLUSTER_STATE="existing"
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-k8s"
    [Security]
    ETCD_CERT_FILE="/etc/etcd/ssl/etcd-1-73.pem"
    ETCD_KEY_FILE="/etc/etcd/ssl/etcd-1-73.key"
    ETCD_CLIENT_CERT_AUTH="true"
    ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_AUTO_TLS="true"
    ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-1-73.pem"
    ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-1-73.key"
    ETCD_PEER_CLIENT_CERT_AUTH="true"
    ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
    ETCD_PEER_AUTO_TLS="true"

          启动 etcd

          systemctl start etcd

    由上面的步骤3台主机依次加入了集群 在第一台可以查看集群状态

      etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member list

      如果出现 端口 ip地址配错的情况 请使用

      etcdctl --endpoints=https://192.168.1.71:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd-1-71.pem --key-file=/etc/etcd/ssl/etcd-1-71.key member remove id号删除 然后再重新添加

    最后

      再次修改三台主机的etcd.conf配置文件 主要修改 2 行左右

      192.168.1.71

      192.168.1.72

      192.168.1.73

      vi etcd.conf  

    ETCD_INITIAL_CLUSTER="etcd1=https://192.168.1.71:2380,etcd3=https://192.168.1.73:2380,etcd2=https://192.168.1.72:2380"
    ETCD_INITIAL_CLUSTER_STATE="existing"

      3台 etcd 都重启 设置开机启动 以后一般不会有问题

      建议 etcd 服务使用 SSD 硬盘 我在本地测试  HDD在后期对k8s支持过程中严重出现超时 故障

      systemctl start etcd

      systemctl enable etcd

    自己写的博客肯定有错误 希望大家看见多多指导留言  看到会及时改正

  • 相关阅读:
    Java 简单算法--打印乘法口诀(只使用一次循环)
    Java简单算法--求100以内素数
    ubuntu 16.04 chrome flash player 过期
    java 网络API访问 web 站点
    java scoket (UDP通信模型)简易聊天室
    leetcode1105 Filling Bookcase Shelves
    leetcode1140 Stone Game II
    leetcode1186 Maximum Subarray Sum with One Deletion
    leetcode31 Next Permutation
    leetcode834 Sum of Distances in Tree
  • 原文地址:https://www.cnblogs.com/S--S/p/10886661.html
Copyright © 2011-2022 走看看