kubernetes集群搭建三:安装及配置etcd
2018-12-18 本文已影响0人
开始懂了90
创建etcd证书
创建证书签名请求文件
cat > etcd-csr.json <<EOF
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"10.39.7.51",
"10.39.7.52",
"10.39.7.57"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
- hosts 字段指定授权使用该证书的 etcd 节点 IP 或域名列表,这里将 etcd 集群的三个节点 IP 都列在其中
生成etcd证书
cd /opt/ssl &&
cfssl gencert -ca=/opt/ssl/ca.pem \
-ca-key=/opt/ssl/ca-key.pem \
-config=/opt/ssl/ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd
分发etcd证书
scp /opt/ssl/* root@10.39.7.52:/etc/kubernetes/ssl/
scp /opt/ssl/* root@10.39.7.57:/etc/kubernetes/ssl/
安装etcd
下载 etcd
export ETCD_URL="https://github.com/coreos/etcd/releases/download"
cd && wget -qO- --progress=bar:force "${ETCD_URL}/v3.2.9/etcd-v3.2.9-linux-amd64.tar.gz" | tar -zx
mv etcd-v3.2.9-linux-amd64/etcd* /usr/local/bin/ && rm -rf etcd-v3.2.9-linux-amd64
分发
scp /usr/local/bin/etcd* root@10.39.7.52:/usr/local/bin/
scp /usr/local/bin/etcd* root@10.39.7.57:/usr/local/bin/
创建 etcd 的 systemd unit 模板文件
- 主机 k8s-master-51
cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
--data-dir=/var/lib/etcd \
--name=k8s-master-51 \
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
--peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--listen-peer-urls=https://10.39.7.51:2380 \
--initial-advertise-peer-urls=https://10.39.7.51:2380 \
--listen-client-urls=https://10.39.7.51:2379,http://127.0.0.1:2379 \
--advertise-client-urls=https://10.39.7.51:2379 \
--initial-cluster-token=etcd-k8s-cluster \
--initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
--initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
- 主机 k8s-master-52
cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
--data-dir=/var/lib/etcd \
--name=k8s-master-52 \
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
--peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--listen-peer-urls=https://10.39.7.52:2380 \
--initial-advertise-peer-urls=https://10.39.7.52:2380 \
--listen-client-urls=https://10.39.7.52:2379,http://127.0.0.1:2379 \
--advertise-client-urls=https://10.39.7.52:2379 \
--initial-cluster-token=etcd-k8s-cluster \
--initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
--initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
- 主机 k8s-master-57
cat > /etc/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
User=root
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
--data-dir=/var/lib/etcd \
--name=k8s-master-57 \
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
--peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--listen-peer-urls=https://10.39.7.57:2380 \
--initial-advertise-peer-urls=https://10.39.7.57:2380 \
--listen-client-urls=https://10.39.7.57:2379,http://127.0.0.1:2379 \
--advertise-client-urls=https://10.39.7.57:2379 \
--initial-cluster-token=etcd-k8s-cluster \
--initial-cluster=k8s-master-51=https://10.39.7.51:2380,k8s-master-52=https://10.39.7.52:2380,k8s-master-57=https://10.39.7.57:2380 \
--initial-cluster-state=new
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
创建 etcd 的 WorkingDirectory
mkdir -pv /var/lib/etcd/
启动etcd服务
systemctl daemon-reload
systemctl start etcd
systemctl enable etcd
查看etcd启动日志: journalctl -f -u etcd
验证etcd集群
- 输入
export CA="/etc/kubernetes/ssl"
ETCDCTL_API=3 etcdctl \
--cacert=${CA}/etcd.pem \
--cert=${CA}/etcd.pem \
--key=${CA}/etcd-key.pem \
--endpoints="https://10.39.7.51:2379,https://10.39.7.52:2379,https://10.39.7.57:2379" \
endpoint health
- 结果
https://10.39.7.51:2379 is healthy: successfully committed proposal: took = 3.206881ms
https://10.39.7.57:2379 is healthy: successfully committed proposal: took = 1.786664ms
https://10.39.7.52:2379 is healthy: successfully committed proposal: took = 1.953967ms
- 方法2
[root@k8s-master-51 ssl]# curl http://127.0.0.1:2379/v2/keys/bian -XPUT -d value="this is etcd test"
{"action":"set","node":{"key":"/bian","value":"this is etcd test","modifiedIndex":11,"createdIndex":11}}
[root@k8s-master-51 ssl]# curl -X GET http://127.0.0.1:2379/v2/keys/bian
{"action":"get","node":{"key":"/bian","value":"this is etcd test","modifiedIndex":11,"createdIndex":11}}
- 查看etcd leader
[root@k8s-master-6 tmp]# curl http://127.0.0.1:2379/v2/stats/leader
{"message":"not current leader"}
[root@k8s-master-8 ~]# curl http://127.0.0.1:2379/v2/stats/leader
{"message":"not current leader"}
[root@k8s-master-9 ~]# curl http://127.0.0.1:2379/v2/stats/leader
{"leader":"2e8494ff03b78b1c","followers":{"9d96727b10a9c6b1":{"latency":{"current":0.001582,"average":0.0030155161290322564,"standardDeviation":0.0023266274341806,"minimum":0.000623,"maximum":0.009272},"counts":{"fail":0,"success":31}},"ab59e250c56d7f5":{"latency":{"current":0.000829,"average":0.0027508387096774186,"standardDeviation":0.0016266853314436153,"minimum":0.000827,"maximum":0.005443},"counts":{"fail":0,"success":31}}}}
- 查看etcd 集群成员
etcdctl --endpoints=https://10.39.7.51:2379,https://10.39.7.52:2379,https://10.39.7.57:2379\
--cert-file=/etc/kubernetes/ssl/etcd.pem \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--key-file=/etc/kubernetes/ssl/etcd-key.pem \
member list
结果
ab59e250c56d7f5: name=k8s-master-6 peerURLs=https://10.39.7.51:2380 clientURLs=https://10.39.7.51:2379 isLeader=false
2e8494ff03b78b1c: name=k8s-master-9 peerURLs=https://10.39.7.52:2380 clientURLs=https://10.39.7.52:2379 isLeader=true
9d96727b10a9c6b1: name=k8s-master-8 peerURLs=https://10.39.7.57:2380 clientURLs=https://10.39.7.57:2379 isLeader=false
