共计 3752 个字符,预计需要花费 10 分钟才能阅读完成。
master: 192.168.1.193
node1: 192.168.1.194
node2: 192.168.1.195
tls 认证
须要为 etcd 集群创立加密通信的 TLS 证书,这里复用以前创立的 kubernetes 证书
cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl
====install etcd=====
yum install etcd -y
mkdir /var/lib/etcd/
创立 etcd.service 文件
master
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node1 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.193:2380 \
--listen-peer-urls https://192.168.1.193:2380 \
--listen-client-urls https://192.168.1.193:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.193:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node1
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node2 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.194:2380 \
--listen-peer-urls https://192.168.1.194:2380 \
--listen-client-urls https://192.168.1.194:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.194:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node2
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node3 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.195:2380 \
--listen-peer-urls https://192.168.1.195:2380 \
--listen-client-urls https://192.168.1.195:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.195:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
###start etc cluster###
systemctl start etcd
###etcd test###
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
如果重建集群,须要删除 rm -rf /var/lib/etcd/*
正文完
发表至: kubernetes
2021-02-23