(4)ectd集群部署

为了节省成本, 将etcd集群和master服务部署到同一台主机

创建相关目录

三台master主机

# 创建证书目录
mkdir -p /etc/etcd/cert

# 创建etcd存储相关文件夹
mkdir -p /k8s/etcd/data
mkdir -p /k8s/etcd/wal

部署机器

# 复制二进制文件
cd /opt/k8s-playbook
tar -zxvf etcd-v3.3.7-linux-amd64.tar.gz
cp etcd-v3.3.7/etcd /opt/k8s/bin/

# 分发
scp /opt/k8s/bin/etcd root@master-02:/opt/k8s/bin
scp /opt/k8s/bin/etcd root@master-03:/opt/k8s/bin

三台master主机

# 添加可执行权限
chmod +x /opt/k8s/bin/etcd

创建证书

cd /opt/k8s-playbook/ssl
vim etcd-csr.json
###########################
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "192.168.104.61",
    "192.168.104.62",
    "192.168.104.63"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Shenzhen",
      "L": "Shenzhen",
      "O": "zhfi",
      "OU": "magina"
    }
  ]
}
###########################

生成

cfssl gencert -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

分发

cp etcd*.pem /etc/etcd/cert

scp etcd*.pem root@master-02:/etc/etcd/cert/
scp etcd*.pem root@master-03:/etc/etcd/cert/

创建service服务(3台master服务器)

新增配置文件

vim /etc/systemd/system/etcd.service
###########################
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/k8s/etcd/data
ExecStart=/opt/k8s/bin/etcd \
  --data-dir=/k8s/etcd/data \
  --wal-dir=/k8s/etcd/wal \
  --name=master-01 \
  --cert-file=/etc/etcd/cert/etcd.pem \
  --key-file=/etc/etcd/cert/etcd-key.pem \
  --trusted-ca-file=/etc/k8s/cert/ca.pem \
  --peer-cert-file=/etc/etcd/cert/etcd.pem \
  --peer-key-file=/etc/etcd/cert/etcd-key.pem \
  --peer-trusted-ca-file=/etc/k8s/cert/ca.pem \
  --peer-client-cert-auth \
  --client-cert-auth \
  --listen-peer-urls=https://192.168.104.61:2380 \
  --initial-advertise-peer-urls=https://192.168.104.61:2380 \
  --listen-client-urls=https://192.168.104.61:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://192.168.104.61:2379 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster=master-01=https://192.168.104.61:2380,master-02=https://192.168.104.62:2380,master-03=https://192.168.104.63:2380 \
  --initial-cluster-state=new \
  --auto-compaction-mode=periodic \
  --auto-compaction-retention=1 \
  --max-request-bytes=33554432 \
  --quota-backend-bytes=6442450944 \
  --heartbeat-interval=250 \
  --election-timeout=2000
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
###########################
  • --name: 每台master服务器修改成本机的主机名
  • --listen-peer-urls: 修改成本机ip
  • --initial-advertise-peer-urls: 修改成本机ip
  • --listen-client-urls: 修改成本机ip和回环ip
  • --advertise-client-urls: 修改成本机ip

启动服务

systemctl start etcd

验证

查看集群状态

/opt/k8s/bin/etcdctl \
  --endpoints=https://192.168.104.61:2379  \
  --ca-file=/etc/k8s/cert/ca.pem \
  --cert-file=/etc/etcd/cert/etcd.pem \
  --key-file=/etc/etcd/cert/etcd-key.pem \
  cluster-health

展示评论