1 etcd 是基于 raft 的分布式 key-value 存储系统,由 coreos 开发,常用于服务发现、共享配置以及并发控制(如 leader 选举、分布式锁等)。kubernetes 使用 etcd 存储所有运行数据。 2 [root@k8smaster01 ~]# cd /opt/k8s/work 3 [root@k8smaster01 work]# wget https://github.com/coreos/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz 4 [root@k8smaster01 work]# tar -xvf etcd-v3.3.13-linux-amd64.tar.gz
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 scp etcd-v3.3.13-linux-amd64/etcd* root@${master_ip}:/opt/k8s/bin 7 ssh root@${master_ip} "chmod +x /opt/k8s/bin/*" 8 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# cat > etcd-csr.json <<eof 3 { 4 "cn": "etcd", 5 "hosts": [ 6 "127.0.0.1", 7 "172.24.8.71", 8 "172.24.8.72", 9 "172.24.8.73" 10 ], 11 "key": { 12 "algo": "rsa", 13 "size": 2048 14 }, 15 "names": [ 16 { 17 "c": "cn", 18 "st": "shanghai", 19 "l": "shanghai", 20 "o": "k8s", 21 "ou": "system" 22 } 23 ] 24 } 25 eof 26 #创建etcd的ca证书请求文件
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# cfssl gencert -ca=/opt/k8s/work/ca.pem \ 3 -ca-key=/opt/k8s/work/ca-key.pem -config=/opt/k8s/work/ca-config.json \ 4 -profile=kubernetes etcd-csr.json | cfssljson -bare etcd #生成ca密钥(ca-key.pem)和证书(ca.pem)
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 ssh root@${master_ip} "mkdir -p /etc/etcd/cert" 7 scp etcd*.pem root@${master_ip}:/etc/etcd/cert/ 8 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# cat > etcd.service.template <<eof 4 [unit] 5 description=etcd server 6 after=network.target 7 after=network-online.target 8 wants=network-online.target 9 documentation=https://github.com/coreos 10 11 [service] 12 type=notify 13 workingdirectory=${etcd_data_dir} 14 execstart=/opt/k8s/bin/etcd \\ 15 --data-dir=${etcd_data_dir} \\ 16 --wal-dir=${etcd_wal_dir} \\ 17 --name=##master_name## \\ 18 --cert-file=/etc/etcd/cert/etcd.pem \\ 19 --key-file=/etc/etcd/cert/etcd-key.pem \\ 20 --trusted-ca-file=/etc/kubernetes/cert/ca.pem \\ 21 --peer-cert-file=/etc/etcd/cert/etcd.pem \\ 22 --peer-key-file=/etc/etcd/cert/etcd-key.pem \\ 23 --peer-trusted-ca-file=/etc/kubernetes/cert/ca.pem \\ 24 --peer-client-cert-auth \\ 25 --client-cert-auth \\ 26 --listen-peer-urls=https://##master_ip##:2380 \\ 27 --initial-advertise-peer-urls=https://##master_ip##:2380 \\ 28 --listen-client-urls=https://##master_ip##:2379,http://127.0.0.1:2379 \\ 29 --advertise-client-urls=https://##master_ip##:2379 \\ 30 --initial-cluster-token=etcd-cluster-0 \\ 31 --initial-cluster=${etcd_nodes} \\ 32 --initial-cluster-state=new \\ 33 --auto-compaction-mode=periodic \\ 34 --auto-compaction-retention=1 \\ 35 --max-request-bytes=33554432 \\ 36 --quota-backend-bytes=6442450944 \\ 37 --heartbeat-interval=250 \\ 38 --election-timeout=2000 39 restart=on-failure 40 restartsec=5 41 limitnofile=65536 42 43 [install] 44 wantedby=multi-user.target 45 eof
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for (( i=0; i < 3; i++ )) 4 do 5 sed -e "s/##master_name##/${master_names[i]}/" -e "s/##master_ip##/${master_ips[i]}/" etcd.service.template > etcd-${master_ips[i]}.service 6 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 scp etcd-${master_ip}.service root@${master_ip}:/etc/systemd/system/etcd.service 7 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 ssh root@${master_ip} "mkdir -p ${etcd_data_dir} ${etcd_wal_dir}" 7 ssh root@${master_ip} "systemctl daemon-reload && systemctl enable etcd && systemctl restart etcd " & 8 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 ssh root@${master_ip} "systemctl status etcd|grep active" 7 done
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for master_ip in ${master_ips[@]} 4 do 5 echo ">>> ${master_ip}" 6 etcdctl_api=3 /opt/k8s/bin/etcdctl \ 7 --endpoints=https://${master_ip}:2379 \ 8 --cacert=/etc/kubernetes/cert/ca.pem \ 9 --cert=/etc/etcd/cert/etcd.pem \ 10 --key=/etc/etcd/cert/etcd-key.pem endpoint health 11 done
1 [root@k8smaster01 ~]# source /opt/k8s/bin/environment.sh 2 [root@k8smaster01 ~]# etcdctl_api=3 /opt/k8s/bin/etcdctl \ 3 -w table --cacert=/etc/kubernetes/cert/ca.pem \ 4 --cert=/etc/etcd/cert/etcd.pem \ 5 --key=/etc/etcd/cert/etcd-key.pem \ 6 --endpoints=${etcd_endpoints} endpoint status
如对本文有疑问, 点击进行留言回复!!
linux下文本编辑器vim的使用方法(复制、粘贴、替换、行号、撤销、多文件操作)
网友评论