k8s二进制安装03-部署etcd
下载etcd
## 创建保存配置的文件夹
mkdir -p /root/etcd/{bin,config,service,ssl,app}
cd /root/etcd
## 下载etcd二进制文件
## github二进制包下载地址:https://github.com/etcd-io/etcd/releases
wget https://github.com/etcd-io/etcd/releases/download/v3.5.2/etcd-v3.5.2-linux-amd64.tar.gz -O app/etcd-v3.5.2.tar.gz
tar -xf app/etcd-v3.5.2.tar.gz --strip-components=1 -C bin/ etcd-v3.5.2-linux-amd64/etcd{,ctl}
生成证书
生成脚本gen_etcd_cert.sh
cat <<'EOF' | sudo tee gen_etcd_cert.sh
#!/bin/bash
## example: ./etcd-cert.sh 127.0.0.1,master01,master02,master03,192.168.10.51,192.168.10.52,192.168.10.53
HOSTNAME=$1
## etcd ca的配置文件
cat > ca-config.json < etcd-ca-csr.json < etcd-csr.json < 运行
## example:bash gen_etcd_cert.sh
bash gen_etcd_cert.sh 127.0.0.1,m01,m02,m03,192.168.1.51,192.168.1.52,192.168.1.53
## 在ssl目录下生成
├── etcd-ca.csr
├── etcd-ca-key.pem
├── etcd-ca.pem
├── etcd.csr
├── etcd-key.pem
├── etcd.pem
生成参数文件及启动service文件
生成脚本etcd_config.sh
cat <<'EOF' | sudo tee etcd_config.sh
#!/bin/bash
## example: ./etcd_config.sh master01 192.168.1.51 master02=https://192.168.1.52:2380,master03=https://192.168.1.53:2380
ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3
WORK_DIR=/opt/etcd
ETCD_CONF_DIR=/opt/etcd/config
ETCD_CA_CERT=etcd-ca.pem
ETCD_SERVER_CERT_PREFIX=etcd
cat > config/etcd.config.yaml.$1 < service/etcd.service < 执行
## 3台etcd服务器的文件配置不同,生成3个配置文件
## example:./etcd_config.sh
bash etcd_config.sh m01 192.168.1.51 m02=https://192.168.1.52:2380,m03=https://192.168.1.53:2380
bash etcd_config.sh m02 192.168.1.52 m01=https://192.168.1.51:2380,m03=https://192.168.1.53:2380
bash etcd_config.sh m03 192.168.1.53 m01=https://192.168.1.51:2380,m02=https://192.168.1.52:2380
## 在config目录下生成
├── etcd.config.yaml.m01
├── etcd.config.yaml.m02
├── etcd.config.yaml.m03
## 在service目录下生成
├── etcd.service
分发etcd二进制文件、证书、配置及服务文件
for i in m01 m02 m03; do \
ssh $i "mkdir -p /opt/etcd/{config,data,ssl}"; \
scp bin/etcd* $i:/usr/local/bin; \
scp ssl/etcd{,-key,-ca}.pem $i:/opt/etcd/ssl/; \
scp config/etcd.config.yaml.$i $i:/opt/etcd/config/etcd.config.yaml; \
scp service/etcd.service $i:/usr/lib/systemd/system/; \
done
启动etcd服务
for i in m01 m02 m03; do \
ssh $i "systemctl daemon-reload"; \
ssh $i "systemctl enable etcd"; \
ssh $i "systemctl restart etcd --no-block"; \
ssh $i "systemctl is-active etcd"; \
done
验证集群
## 查看集群
$ export ETCDCTL_API=3
etcdctl \
--endpoints="192.168.1.51:2379,192.168.1.52:2379,192.168.1.53:2379" \
--cacert=/opt/etcd/ssl/etcd-ca.pem \
--cert=/opt/etcd/ssl/etcd.pem \
--key=/opt/etcd/ssl/etcd-key.pem endpoint status \
--write-out=table
+------------------+---------+------+---------------------------+---------------------------+------------+
| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |
+------------------+---------+------+---------------------------+---------------------------+------------+
| 238b72cdd26e304f | started | m02 | https://192.168.1.52:2380 | https://192.168.1.52:2379 | false |
| 8034142cf01c5d1c | started | m03 | https://192.168.1.53:2380 | https://192.168.1.53:2379 | false |
| 8da171dbef9ded69 | started | m01 | https://192.168.1.51:2380 | https://192.168.1.51:2379 | false |
+------------------+---------+------+---------------------------+---------------------------+------------+
etcdctl \
--endpoints="192.168.1.51:2379,192.168.1.52:2379,192.168.1.53:2379" \
--cacert=/opt/etcd/ssl/etcd-ca.pem \
--cert=/opt/etcd/ssl/etcd.pem \
--key=/opt/etcd/ssl/etcd-key.pem member list \
--write-out=table
+-------------------+--------+--------------+---------------------------+
| ENDPOINT | HEALTH | TOOK | ERROR |
+-------------------+--------+--------------+---------------------------+
| 192.168.1.51:2379 | true | 28.668399ms | |
| 192.168.1.53:2379 | true | 29.078085ms | |
| 192.168.0.52:2379 | false | 5.003967604s | context deadline exceeded |
+-------------------+--------+--------------+---------------------------+
etcdctl \
--endpoints="192.168.1.51:2379,192.168.1.52:2379,192.168.1.53:2379" \
--cacert=/opt/etcd/ssl/etcd-ca.pem \
--cert=/opt/etcd/ssl/etcd.pem \
--key=/opt/etcd/ssl/etcd-key.pem endpoint health \
--write-out=table
+-------------------+--------+-------------+-------+
| ENDPOINT | HEALTH | TOOK | ERROR |
+-------------------+--------+-------------+-------+
| 192.168.1.51:2379 | true | 30.342531ms | |
| 192.168.1.52:2379 | true | 31.598332ms | |
| 192.168.1.53:2379 | true | 40.204582ms | |
+-------------------+--------+-------------+-------+