k8s二进制部署

下载etcd

[root@hdss7-12 ~]# useradd -s /sbin/nologin -M etcd
[root@hdss7-12 ~]# cd /opt/src/
[root@hdss7-12 src]# wget https://github.com/etcd-io/etcd/releases/download/v3.1.20/etcd-v3.1.20-linux-amd64.tar.gz
[root@hdss7-12 src]# tar -xf etcd-v3.1.20-linux-amd64.tar.gz 
[root@hdss7-12 src]# mv etcd-v3.1.20-linux-amd64 /opt/release/etcd-v3.1.20
[root@hdss7-12 src]# ln -s /opt/release/etcd-v3.1.20 /opt/apps/etcd
[root@hdss7-12 src]# ll /opt/apps/etcd
lrwxrwxrwx 1 root root 25 Jan 5 17:56 /opt/apps/etcd -> /opt/release/etcd-v3.1.20
[root@hdss7-12 src]# mkdir -p /opt/apps/etcd/certs /data/etcd /data/logs/etcd-server

下发证书到各个etcd上

[root@hdss7-200 ~]# cd /opt/certs/
[root@hdss7-200 certs]# for i in 12 21 22;do scp ca.pem etcd-peer.pem etcd-peer-key.pem hdss7-${i}:/opt/apps/etcd/certs/ ;done

创建启动脚本(部分参数每台机器不同)

[root@hdss7-12 ~]# vim /opt/apps/etcd/etcd-server-startup.sh
#!/bin/sh
# listen-peer-urls etcd节点之间通信端口
# listen-client-urls 客户端与etcd通信端口
# quota-backend-bytes 配额大小
# 需要修改的参数：name,listen-peer-urls,listen-client-urls,initial-advertise-peer-urls

WORK_DIR=$(dirname $(readlink -f $0))
[ $? -eq 0 ] && cd $WORK_DIR || exit

/opt/apps/etcd/etcd --name etcd-server-7-12 
--data-dir /data/etcd/etcd-server 
--listen-peer-urls https://10.4.7.12:2380 
--listen-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379 
--quota-backend-bytes 8000000000 
--initial-advertise-peer-urls https://10.4.7.12:2380 
--advertise-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379 
--initial-cluster etcd-server-7-12=https://10.4.7.12:2380,etcd-server-7-21=https://10.4.7.21:2380,etcd-server-7-22=https://10.4.7.22:2380 
--ca-file ./certs/ca.pem 
--cert-file ./certs/etcd-peer.pem 
--key-file ./certs/etcd-peer-key.pem 
--client-cert-auth 
--trusted-ca-file ./certs/ca.pem 
--peer-ca-file ./certs/ca.pem 
--peer-cert-file ./certs/etcd-peer.pem 
--peer-key-file ./certs/etcd-peer-key.pem 
--peer-client-cert-auth 
--peer-trusted-ca-file ./certs/ca.pem 
--log-output stdout

 修改文件和目录属性

[root@hdss7-12 ~]# chmod u+x /opt/apps/etcd/etcd-server-startup.sh
[root@hdss7-12 ~]# chown -R etcd.etcd /opt/apps/etcd/ /data/etcd /data/logs/etcd-server

启动etcd
因为这些进程都是要启动为后台进程，要么手动启动，要么采用后台进程管理工具，实验中使用后台管理工具

[root@hdss7-12 ~]# chmod u+x /opt/apps/etcd/etcd-server-startup.sh
[root@hdss7-12 ~]# chown -R etcd.etcd /opt/apps/etcd/ /data/etcd /data/logs/etcd-server

etcd 进程状态查看

[root@hdss7-12 ~]# supervisorctl status # supervisorctl 状态
etcd-server-7-12 RUNNING pid 22375, uptime 0:00:39

[root@hdss7-12 ~]# netstat -lntp|grep etcd
tcp 0 0 10.4.7.12:2379 0.0.0.0:* LISTEN 22379/etcd 
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 22379/etcd 
tcp 0 0 10.4.7.12:2380 0.0.0.0:* LISTEN 22379/etcd

[root@hdss7-12 ~]# /opt/apps/etcd/etcdctl member list # 随着etcd重启，leader会变化
988139385f78284: name=etcd-server-7-22 peerURLs=https://10.4.7.22:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.22:2379 isLeader=false
5a0ef2a004fc4349: name=etcd-server-7-21 peerURLs=https://10.4.7.21:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.21:2379 isLeader=true
f4a0cb0a765574a8: name=etcd-server-7-12 peerURLs=https://10.4.7.12:2380 clientURLs=http://127.0.0.1:2379,https://10.4.7.12:2379 isLeader=false

[root@hdss7-12 ~]# /opt/apps/etcd/etcdctl cluster-health
member 988139385f78284 is healthy: got healthy result from http://127.0.0.1:2379
member 5a0ef2a004fc4349 is healthy: got healthy result from http://127.0.0.1:2379
member f4a0cb0a765574a8 is healthy: got healthy result from http://127.0.0.1:2379
cluster is healthy　

etcd 启停方式

[root@hdss7-12 ~]# supervisorctl start etcd-server-7-12
[root@hdss7-12 ~]# supervisorctl stop etcd-server-7-12
[root@hdss7-12 ~]# supervisorctl restart etcd-server-7-12
[root@hdss7-12 ~]# supervisorctl status etcd-server-7-12