• Centos7部署kubernetes-ETCD集群(三)

    1、下载etcd软件包
    [root@linux-node1 src]# tar -zxvf etcd-v3.2.18-linux-amd64.tar.gz
    [root@linux-node1 src]# cd etcd-v3.2.18-linux-amd64
    [root@linux-node1 etcd-v3.2.18-linux-amd64]# cp etcd etcdctl /opt/kubernetes/bin/
    [root@linux-node1 etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 192.168.43.22:/opt/kubernetes/bin/
    [root@linux-node1 etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 192.168.43.23:/opt/kubernetes/bin/
    2、创建etcd证书签名请求
    [root@linux-node1 ~]# cd /usr/local/src/ssl/
    [root@linux-node1 ssl]# vim etcd-csr.json
    {
    "CN": "etcd",
    "hosts": [
    "127.0.0.1",
    "192.168.43.21",
    "192.168.43.22",
    "192.168.43.23"
    ],
    "key": {
    "algo": "rsa",
    "size": 2048
    },
    "names": [
    {
    "C": "CN",
    "ST": "BeiJing",
    "L": "BeiJing",
    "O": "k8s",
    "OU": "System"
    }
    ]
    }
    3、生成etcd证书和私钥
    [root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem
    > -ca-key=/opt/kubernetes/ssl/ca-key.pem
    > -config=/opt/kubernetes/ssl/ca-config.json
    > -profile=kubernetes etcd-csr.json | cfssljson -bare etcd
    [root@linux-node1 ssl]# ls -l etcd*
    -rw-r--r-- 1 root root 1062 Jun 11 00:28 etcd.csr
    -rw-r--r-- 1 root root 287 Jun 11 00:26 etcd-csr.json
    -rw------- 1 root root 1679 Jun 11 00:28 etcd-key.pem
    -rw-r--r-- 1 root root 1436 Jun 11 00:28 etcd.pem
    4、将证书移动到opt/kubernetes/ssl目录下
    [root@linux-node1 ssl]# cp etcd*.pem /opt/kubernetes/ssl
    [root@linux-node1 ssl]# scp etcd*.pem 192.168.43.22:/opt/kubernetes/ssl
    [root@linux-node1 ssl]# scp etcd*.pem 192.168.43.23:/opt/kubernetes/ssl
    5、设置ETCD配置文件
    [root@linux-node1 ssl]# vim /opt/kubernetes/cfg/etcd.conf
    #[member]
    ETCD_NAME="etcd-node1"
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    #ETCD_SNAPSHOT_COUNTER="10000"
    #ETCD_HEARTBEAT_INTERVAL="100"
    #ETCD_ELECTION_TIMEOUT="1000"
    ETCD_LISTEN_PEER_URLS="https://192.168.43.21:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.43.21:2379,https://127.0.0.1:2379"
    #ETCD_MAX_SNAPSHOTS="5"
    #ETCD_MAX_WALS="5"
    #ETCD_CORS=""
    #[cluster]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.43.21:2380"
    # if you use different ETCD_NAME (e.g. test),
    # set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
    ETCD_INITIAL_CLUSTER="etcd-node1=https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380,etcd-node3=https://192.168.43.23:2380"
    ETCD_INITIAL_CLUSTER_STATE="new"
    ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.43.21:2379"
    #[security]
    CLIENT_CERT_AUTH="true"
    ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
    ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
    ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
    PEER_CLIENT_CERT_AUTH="true"
    ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem"
    ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
    ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
     
    6、创建ETCD系统服务
    [root@linux-node1 ~]# vim /etc/systemd/system/etcd.service
    [Unit]
    Description=Etcd Server
    After=network.target
    [Service]
    Type=simple
    WorkingDirectory=/var/lib/etcd
    EnvironmentFile=-/opt/kubernetes/cfg/etcd.conf
    # set GOMAXPROCS to number of processors
    ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /opt/kubernetes/bin/etcd"
    Type=notify
    [Install]
    WantedBy=multi-user.target
    7、重新加载系统服务,并修改node1、node2节点的etcd.conf的配置文件为自己本机的主机名、IP
    [root@linux-node1 ~]# systemctl daemon-reload
    [root@linux-node1 ~]# systemctl enable etcd
    [root@linux-node1 ssl]# scp /opt/kubernetes/cfg/etcd.conf 192.168.43.22:/opt/kubernetes/cfg/
    [root@linux-node1 ssl]# scp /etc/systemd/system/etcd.service 192.168.43.22:/etc/systemd/system/
    [root@linux-node1 ssl]# scp /opt/kubernetes/cfg/etcd.conf 192.168.43.23:/opt/kubernetes/cfg/
    [root@linux-node1 ssl]# scp /etc/systemd/system/etcd.service 192.168.43.23:/etc/systemd/system/
    [root@linux-node2 ~]# vim /opt/kubernetes/cfg/etcd.conf
    #[member]
    ETCD_NAME="etcd-node2"
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    #ETCD_SNAPSHOT_COUNTER="10000"
    #ETCD_HEARTBEAT_INTERVAL="100"
    #ETCD_ELECTION_TIMEOUT="1000"
    ETCD_LISTEN_PEER_URLS="https://192.168.43.22:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.43.22:2379,https://127.0.0.1:2379"
    #ETCD_MAX_SNAPSHOTS="5"
    #ETCD_MAX_WALS="5"
    #ETCD_CORS=""
    #[cluster]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.43.22:2380"
    # if you use different ETCD_NAME (e.g. test),
    # set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
    ETCD_INITIAL_CLUSTER="etcd-node1=https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380,etcd-node3=https://192.168.43.23:2380"
    ETCD_INITIAL_CLUSTER_STATE="new"
    ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.43.22:2379"
    #[security]
    CLIENT_CERT_AUTH="true"
    ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
    ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
    [root@linux-node3 ~]# vim /opt/kubernetes/cfg/etcd.conf
    #[member]
    ETCD_NAME="etcd-node3"
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    #ETCD_SNAPSHOT_COUNTER="10000"
    #ETCD_HEARTBEAT_INTERVAL="100"
    #ETCD_ELECTION_TIMEOUT="1000"
    ETCD_LISTEN_PEER_URLS="https://192.168.43.23:2380"
    ETCD_LISTEN_CLIENT_URLS="https://192.168.43.23:2379,https://127.0.0.1:2379"
    #ETCD_MAX_SNAPSHOTS="5"
    #ETCD_MAX_WALS="5"
    #ETCD_CORS=""
    #[cluster]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.43.23:2380"
    # if you use different ETCD_NAME (e.g. test),
    # set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
    ETCD_INITIAL_CLUSTER="etcd-node1=https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380,etcd-node3=https://192.168.43.23:2380"
    ETCD_INITIAL_CLUSTER_STATE="new"
    ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.43.23:2379"
    #[security]
    CLIENT_CERT_AUTH="true"
    ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
    ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
    在所有节点创建etcd存储目录并启动etcd,默认是不会创建的。
    [root@linux-node1 ~]# mkdir /var/lib/etcd
    [root@linux-node2 ~]# mkdir /var/lib/etcd
    [root@linux-node3 ~]# mkdir /var/lib/etcd
    [root@linux-node1 ~]# systemctl daemon-reload
    [root@linux-node1 ~]# systemctl enable etcd
    [root@linux-node2 ~]# systemctl daemon-reload
    [root@linux-node2 ~]# systemctl enable etcd
    [root@linux-node3 ~]# systemctl daemon-reload
    [root@linux-node3 ~]# systemctl enable etcd
    [root@linux-node1 ~]# systemctl start etcd
    [root@linux-node2 ~]# systemctl start etcd
    [root@linux-node3 ~]# systemctl start etcd
    8、验证集群
    [root@linux-node1 ~]# etcdctl --endpoints=https://192.168.43.21:2379
    > --ca-file=/opt/kubernetes/ssl/ca.pem
    > --cert-file=/opt/kubernetes/ssl/etcd.pem
    > --key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health
    member 6617b5aaafae24e4 is healthy: got healthy result from https://192.168.43.23:2379
    member bb1998338f4e535e is healthy: got healthy result from https://192.168.43.21:2379
    member dcf594c5976bb617 is healthy: got healthy result from https://192.168.43.22:2379
    cluster is healthy
  • 相关阅读:
    基于express框架的Token实现方案
    书籍整理
    openfire4.0.2开发环境搭建(windows)
    Express4.x动态的销毁或者替换中间件(app.unuse)
    mysql学习笔记(三)----函数
    mysql学习笔记(二)----数据类型
    mysql学习笔记(一)----建表操作
    Windows-mysql5.7安装
    JavaScript学习笔记–(new关键字)
    n枚硬币问题(找假币)
  • 原文地址:https://www.cnblogs.com/xiaoliangxianshen/p/9165522.html
Copyright © 2020-2023  润新知