• k8s集群安装etcd组件部署问题


    https://www.jianshu.com/p/1f9ba144ef34

    etcd v3.4.9

    使用member list查询etcd状态或者使用endpoint health查询群集状态时

    #etcdctl member list

    出现如下信息,切记不是报错信息,只是通过客户端访问的时候需要带上证书访问

    {"level":"warn","ts":"2021-02-23T02:42:32.148-0500","caller":"clientv3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"endpoint://client-633d3464-2a3d-432c-a269-01eb26d31ba0/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:2379: connect: connection refused""}

    Error: context deadline exceeded

    #etcdctl endpoint health

    {"level":"warn","ts":"2021-02-23T02:42:32.148-0500","caller":"clientv3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"endpoint://client-633d3464-2a3d-432c-a269-01eb26d31ba0/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:2379: connect: connection refused""}

    Error: context deadline exceeded

    正确的访问方法:

    #etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem

    >--endpoints="https://192.168.100.71:2379,https://192.168.100.72:2379,https://192.168.100.73:2379" member list

    结果:

    41077e602e1d7711, started, etcd-3, https://192.168.100.73:2380, https://192.168.100.73:2379, false

    e3dca3d7a066519b, started, etcd-2, https://192.168.100.72:2380, https://192.168.100.72:2379, false

    e8e1060c65b6e78b, started, etcd-1, https://192.168.100.71:2380, https://192.168.100.71:2379, false



    作者:Landely
    链接:https://www.jianshu.com/p/1f9ba144ef34
    来源:简书
    著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
     
     
     
    https://blog.csdn.net/snipercai/article/details/101012124
     

    主机列表
    本次实验选择5台主机,3台作为master主机,2台作为node节点

    节点ip OS版本 hostname -f 安装软件
    192.168.0.1 RHEL7.4 k8s-master01 docker,etcd,flanneld,kube-apiserver,kube-controller-manager,kube-scheduler
    192.168.0.2 RHEL7.4 k8s-master02 docker,etcd,flanneld,kube-apiserver,kube-controller-manager,kube-scheduler
    192.168.0.3 RHEL7.4 k8s-master03 docker,etcd,flanneld,kube-apiserver,kube-controller-manager,kube-scheduler
    192.168.0.4 RHEL7.4 k8s-node01 docker,flanneld,kubelet,kube-proxy
    192.168.0.5 RHEL7.4 k8s-node02 docker,flanneld,kubelet,kube-proxy
    下载安装包(etcd最新版本3.4.0)
    wget https://github.com/etcd-io/etcd/releases/download/v3.4.0/etcd-v3.4.0-linux-amd64.tar.gz
    tar -xvf etcd-v3.3.10-linux-amd64.tar.gz
    cp etcd etcdctl /k8s/etcd/bin/

    修改配置文件
    cat << EOF > /k8s/etcd/cfg/etcd
    #[Member]
    ETCD_NAME="etcd01"
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    ETCD_LISTEN_PEER_URLS="https://192.168.0.1:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.0.1:2379"

    #[Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.0.1:2380"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.0.1:2379"
    ETCD_INITIAL_CLUSTER="etcd01=https://192.168.0.1:2380,etcd02=https://192.168.0.2:2380,etcd03=https://192.168.0.3:2380"
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
    ETCD_INITIAL_CLUSTER_STATE="new"
    ETCD_ENABLE_V2="true"
    EOF

     提示:

    其他etcd节点按照以上配置文件修改其中红字部分即可
    flannel操作etcd使用的是v2的API,而kubernetes操作etcd使用的v3的API,为了兼容flannel,将默认开启v2版本,故配置文件中设置 ETCD_ENABLE_V2="true"
    创建TLS 密钥和证书
    为了保证通信安全,客户端(如etcdctl)与etcd 集群、etcd 集群之间的通信需要使用TLS 加密。
    创建etcd 证书签名请求:

    cat > etcd-csr.json <<EOF
    {
      "CN": "etcd",
      "hosts": [
        "192.168.0.1",
        "192.168.0.2",
        "192.168.0.3"
      ],
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names": [
        {
          "C": "CN",
          "ST": "BeiJing",
          "L": "BeiJing",
          "O": "k8s",
          "OU": "System"
        }
      ]
    }
    EOF

    生成etcd证书和私钥
    # cfssl gencert -ca=/k8s/kubernetes/ssl/ca.pem -ca-key=/k8s/kubernetes/ssl/ca-key.pem  -config=/k8s/kubernetes/ssl/ca-config.json  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

    # ls etcd*
    etcd.csr  etcd-csr.json  etcd-key.pem  etcd.pem

    创建 etcd的 systemd unit 文件
    cat << EOF > /lib/systemd/system/etcd.service
    [Unit]
    Description=Etcd Server
    After=network.target
    After=network-online.target
    Wants=network-online.target

    [Service]
    Type=notify
    EnvironmentFile=/k8s/etcd/cfg/etcd
    ExecStart=/k8s/etcd/bin/etcd
    --cert-file=/k8s/etcd/ssl/etcd.pem
    --key-file=/k8s/etcd/ssl/etcd-key.pem
    --peer-cert-file=/k8s/etcd/ssl/etcd.pem
    --peer-key-file=/k8s/etcd/ssl/etcd-key.pem
    --trusted-ca-file=/k8s/kubernetes/ssl/ca.pem
    --peer-trusted-ca-file=/k8s/kubernetes/ssl/ca.pem
    Restart=on-failure
    LimitNOFILE=65536

    [Install]
    WantedBy=multi-user.target
    EOF

    分发文件至其他节点
    cd /k8s/ 
    scp -r etcd/ 192.168.0.2:/k8s/
    scp -r etcd/ 192.168.0.3:/k8s/

    scp /lib/systemd/system/etcd.service 192.168.0.2:/lib/systemd/system/etcd.service
    scp /lib/systemd/system/etcd.service 192.168.0.3:/lib/systemd/system/etcd.service

    启动etcd 服务
    systemctl daemon-reload
    systemctl enable etcd
    systemctl start etcd

    # /k8s/etcd/bin/etcdctl --cacert=/k8s/kubernetes/ssl/ca.pem --cert=/k8s/etcd/ssl/etcd.pem --key=/k8s/etcd/ssl/etcd-key.pem --endpoints="https://192.168.0.3:2379,https://192.168.0.2:2379,https://192.168.0.1:2379" endpoint health
    https://192.168.0.2:2379 is healthy: successfully committed proposal: took = 24.271259ms
    https://192.168.0.3:2379 is healthy: successfully committed proposal: took = 31.633027ms
    https://192.168.0.1:2379 is healthy: successfully committed proposal: took = 37.463262ms

    etcd 3.4注意事项
    ETCD3.4版本ETCDCTL_API=3 etcdctl 和 etcd --enable-v2=false 成为了默认配置,如要使用v2版本,执行etcdctl时候需要设置ETCDCTL_API环境变量,例如:ETCDCTL_API=2 etcdctl
    ETCD3.4版本会自动读取环境变量的参数,所以EnvironmentFile文件中有的参数,不需要再次在ExecStart启动参数中添加,二选一,如同时配置,会触发以下类似报错“etcd: conflicting environment variable "ETCD_NAME" is shadowed by corresponding command-line flag (either unset environment variable or disable flag)”
    flannel操作etcd使用的是v2的API,而kubernetes操作etcd使用的v3的API
    ————————————————
    版权声明:本文为CSDN博主「snipercai」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
    原文链接:https://blog.csdn.net/snipercai/article/details/101012124

  • 相关阅读:
    鸟哥的Linux私房菜学习笔记(1)
    Linux下搭建Oracle11g RAC(4)----配置oracle,grid用户SSH对等性
    解决升级windows8.1 Oracle服务被刷新
    Linux下搭建Oracle11g RAC(3)----创建用户及配置相关文件
    Linux下搭建Oracle11g RAC(2)----配置DNS服务器,确认SCAN IP可以被解析
    Linux下搭建Oracle11g RAC(1)----IP分配与配置IP
    Oracle11g新特性导致空表不能导出问题
    svn is already locked 最终解决方案
    .cur 图片加载提示 You may need an appropriate loader to handle this file type
    Request header field userRole is not allowed by Access-Control-Allow-Headers in preflight response.
  • 原文地址:https://www.cnblogs.com/kebibuluan/p/14548752.html
Copyright © 2020-2023  润新知