ETCD安装
1.下载并解压
1.wget https://github.com/etcd-io/etcd/releases/download/v3.3.6/etcd-v3.3.6-linux-amd64.tar.gz 2 tar -xzvf etcd-v3.3.6-linux-amd64 -C /usr/local/
2. mkdir -p /data/kubernetes/bin
3. cp -r /usr/local/etcd-v3.3.6-linux-amd64/etcd* /data/kubernetes/bin/
2.创建证书
1.创建config.json
cat ca-config.json { "signing": { "default": { "expiry": "175200h" }, "profiles": { "server": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth" ] }, "client": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "client auth" ] }, "peer": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }
2.创建etcd证书
cat etcd-peer-csr.json { "CN": "etcd-cluster", "hosts": [ "192.20.50.115", "192.20.50.116", "192.20.50.117" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "bj", "L": "bj", "O": "df", "OU": "ops" } ] }
3.执行命令
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-peer-csr.json |cfssl-json -bare etcd-peer
4.ca证书查看
https://www.cnblogs.com/hushaojie/p/13202708.html
3.创建启动脚本
cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
ExecStart=/data/kubernetes/bin/etcd --name etcd1 \
--data-dir /data/kubernetes/data/etcd-data/ \
--listen-peer-urls https://192.20.50.115:2380 \
--listen-client-urls https://192.20.50.115:2379,http://127.0.0.1:2379 \
--quota-backend-bytes 8000000000 \
--initial-advertise-peer-urls https://192.20.50.115:2380 \
--advertise-client-urls https://192.20.50.115:2379,http://127.0.0.1:2379 \
--initial-cluster etcd1=https://192.20.50.115:2380,etcd2=https://192.20.50.116:2380,etcd3=https://192.20.50.117:2380 \
--ca-file=/usr/local/certs/ca.pem \
--cert-file=/usr/local/certs/etcd-peer.pem \
--key-file=/usr/local/certs/etcd-peer-key.pem \
--client-cert-auth \
--trusted-ca-file=/usr/local/certs/ca.pem \
--peer-ca-file=/usr/local/certs/ca.pem \
--peer-cert-file=/usr/local/certs/etcd-peer.pem \
--peer-key-file=/usr/local/certs/etcd-peer-key.pem \
--peer-client-cert-auth \
--peer-trusted-ca-file=/usr/local/certs/ca.pem \
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
4.授权添加开机自启
systemctl enable etcd
5.启动
systemctl daemon-reload
systemctl restart etcd.service
6.验证
1 #查看端口 2 netstat -luntp|grep etcd 3 #查看集群健康状态 4 etcdctl cluster-health 5 #查看集群所有节点 6 etcdctl member list 7 #把一台设备移除出集群 , 后面是集群节点号 , 使用list可以查看到 8 #移除之后,该节点的etcd服务自动关闭 9 etcdctl member remove 1e82894832618580 10 #更新一个节点 11 etcdctl member update 1e82894832618580 12 #设置key=hello , value=world 13 etcdctl set hello world 14 #查看key的值 15 etcdctl get hello
7.环境变量
ln -s /data/kubernetes/bin /root/bin