关于kubernetes:k8setcd

master: 192.168.1.193

node1:  192.168.1.194node2:  192.168.1.195tls认证须要为 etcd 集群创立加密通信的 TLS 证书，这里复用以前创立的 kubernetes 证书cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl====install etcd=====yum install etcd -ymkdir /var/lib/etcd/创立etcd.service 文件master  vi /usr/lib/systemd/system/etcd.service<code>[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.targetDocumentation=https://github.com/coreos[Service]Type=notifyUser=rootWorkingDirectory=/var/lib/etcd/ExecStart=/usr/bin/etcd \--name node1 \--cert-file=/etc/kubernetes/ssl/kubernetes.pem \--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--initial-advertise-peer-urls https://192.168.1.193:2380 \--listen-peer-urls https://192.168.1.193:2380 \--listen-client-urls https://192.168.1.193:2379,http://localhost:2379 \--advertise-client-urls https://192.168.1.193:2379 \--initial-cluster-token cluster1 \--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \--initial-cluster-state new \--data-dir=/var/lib/etcdRestart=on-failureRestartSec=5LimitNOFILE=65536[Install]WantedBy=multi-user.target</code>node1  vi /usr/lib/systemd/system/etcd.service<code>[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.targetDocumentation=https://github.com/coreos[Service]Type=notifyUser=rootWorkingDirectory=/var/lib/etcd/ExecStart=/usr/bin/etcd \--name node2 \--cert-file=/etc/kubernetes/ssl/kubernetes.pem \--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--initial-advertise-peer-urls https://192.168.1.194:2380 \--listen-peer-urls https://192.168.1.194:2380 \--listen-client-urls https://192.168.1.194:2379,http://localhost:2379 \--advertise-client-urls https://192.168.1.194:2379 \--initial-cluster-token cluster1 \--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \--initial-cluster-state new \--data-dir=/var/lib/etcdRestart=on-failureRestartSec=5LimitNOFILE=65536[Install]WantedBy=multi-user.target</code>node2  vi /usr/lib/systemd/system/etcd.service<code>[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.targetDocumentation=https://github.com/coreos[Service]Type=notifyUser=rootWorkingDirectory=/var/lib/etcd/ExecStart=/usr/bin/etcd \--name node3 \--cert-file=/etc/kubernetes/ssl/kubernetes.pem \--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \--initial-advertise-peer-urls https://192.168.1.195:2380 \--listen-peer-urls https://192.168.1.195:2380 \--listen-client-urls https://192.168.1.195:2379,http://localhost:2379 \--advertise-client-urls https://192.168.1.195:2379 \--initial-cluster-token cluster1 \--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \--initial-cluster-state new \--data-dir=/var/lib/etcdRestart=on-failureRestartSec=5LimitNOFILE=65536[Install]WantedBy=multi-user.target</code>###start etc cluster###systemctl start etcd###etcd test###etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health如果重建集群，须要删除rm -rf /var/lib/etcd/*