etcd安装

机器信息

主机名称	IP地址	etcd名称
k8s-master01	172.16.50.180	etcd1
k8s-master02	172.16.50.181	etcd2
k8s-master03	172.16.50.182	etcd3

系统初始化

# 关闭防火墙
systemctl stop firewalld
systemctl disabled firewalld

# 关闭selinux
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
setenforce 0
getenforce

# 三台机器分别创建用户
useradd -s /sbin/nologin -M etcd

生成证书

# k8s-master01上创建/usr/local/kubernetes/cert/etcd-csr.json文件
cat > /usr/local/kubernetes/cert/etcd-csr.json EOF
{
  "CN": "etcd",
  "hosts": ["127.0.0.1", "172.16.50.180", "172.16.50.181", "172.16.50.182"],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "GuangDong",
      "O": "ws",
      "OU": "ops",
      "ST": "ShenZhen"
    }
  ]
}
EOF
# 执行生成证书命令
cfssl gencert   -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes   etcd-csr.json | cfssl-json -bare etcd
# 拷贝证书到所有机器
scp ca.pem ca-key.pem etcd.pem  etcd-key.pem root@172.16.50.180:/usr/local/kubernetes/cert/
scp ca.pem ca-key.pem etcd.pem  etcd-key.pem root@172.16.50.181:/usr/local/kubernetes/cert/
scp ca.pem ca-key.pem etcd.pem  etcd-key.pem root@172.16.50.182:/usr/local/kubernetes/cert/

下载解压

# 三台机器执行如下操作
cd /usr/local/src && wget https://mirrors.huaweicloud.com/etcd/v3.4.14/etcd-v3.4.14-linux-amd64.tar.gz
tar xf etcd-v3.4.14-linux-amd64.tar.gz
mkdir -p /usr/local/kubernetes/{bin,cert,conf} 
mv ./etcd-v3.4.14-linux-amd64/etcd* /usr/local/kubernetes/bin/
echo 'export PATH=$PATH:/usr/local/kubernetes/bin' > /etc/profile.d/kube.sh
source /etc/profie

编写配置文件

# 三台机器进入到/usr/local/kubernetes/conf目录下


# etcd01
cat /usr/local/kubernetes/conf/etcd.conf
# [member]
ETCD_NAME="etcd1"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_PEER_URLS="https://172.16.50.180:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.16.50.180:2379,http://127.0.0.1:2379"
     
# [cluster]
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.50.180:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.50.180:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.16.50.180:2380,etcd2=https://172.16.50.181:2380,etcd3=https://172.16.50.182:2380"
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_INITIAL_CLUSTER_TOKEN=kubernetes-etcd-cluster
ETCD_ENABLE_V2="false"

# etcd02
cat /usr/local/kubernetes/conf/etcd.conf
# [member]
ETCD_NAME="etcd2"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_PEER_URLS="https://172.16.50.181:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.16.50.181:2379,http://127.0.0.1:2379"
     
# [cluster]
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.50.181:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.50.181:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.16.50.180:2380,etcd2=https://172.16.50.181:2380,etcd3=https://172.16.50.182:2380"
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_INITIAL_CLUSTER_TOKEN=kubernetes-etcd-cluster
ETCD_ENABLE_V2="false"

# etcd03
cat /usr/local/kubernetes/conf/etcd.conf
# [member]
ETCD_NAME="etcd3"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_PEER_URLS="https://172.16.50.182:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.16.50.182:2379,http://127.0.0.1:2379"
     
# [cluster]
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.50.182:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.50.182:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.16.50.180:2380,etcd2=https://172.16.50.181:2380,etcd3=https://172.16.50.182:2380"
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_INITIAL_CLUSTER_TOKEN=kubernetes-etcd-cluster
ETCD_ENABLE_V2="false"


# 创建数据存储目录，修改属组属主
mkdir /var/lib/etcd
chown -R etcd. /var/lib/etcd


# 创建etcd.service
 cat /etc/systemd/system/etcd.service 
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
 
[Service]
Type=notify
User=etcd
EnvironmentFile=/usr/local/kubernetes/conf/etcd.conf
ExecStart=/usr/local/kubernetes/bin/etcd 
--cert-file=/usr/local/kubernetes/cert/etcd.pem 
--key-file=/usr/local/kubernetes/cert/etcd-key.pem 
--peer-cert-file=/usr/local/kubernetes/cert/etcd.pem 
--peer-key-file=/usr/local/kubernetes/cert/etcd-key.pem 
--trusted-ca-file=/usr/local/kubernetes/cert/ca.pem 
--peer-trusted-ca-file=/usr/local/kubernetes/cert/ca.pem
Restart=on-failure
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target

# 重载systemctl
systemctl deamon-reload
systemctl start etcd
systemctl status etcd

# 查看集群曾缘
etcdctl --endpoints=https://172.16.50.180:2379 --cacert="/usr/local/kubernetes/cert/ca.pem" --cert="/usr/local/kubernetes/cert/etcd.pem" --key="/usr/local/kubernetes/cert/etcd-key.pem" member list

# 检查集群是否健康
etcdctl --endpoints=https://172.16.50.180:2379 --cacert="/usr/local/kubernetes/cert/ca.pem" --cert="/usr/local/kubernetes/cert/etcd.pem" --key="/usr/local/kubernetes/cert/etcd-key.pem" endpoint health
etcdctl --endpoints=https://172.16.50.181:2379 --cacert="/usr/local/kubernetes/cert/ca.pem" --cert="/usr/local/kubernetes/cert/etcd.pem" --key="/usr/local/kubernetes/cert/etcd-key.pem" endpoint health
etcdctl --endpoints=https://172.16.50.182:2379 --cacert="/usr/local/kubernetes/cert/ca.pem" --cert="/usr/local/kubernetes/cert/etcd.pem" --key="/usr/local/kubernetes/cert/etcd-key.pem" endpoint health