k8s-etcd

芒果牛奶 2021-02-23 15:59:21
技术开发 etcd SegmentFault k8s-etcd


master: 192.168.1.193

node1: 192.168.1.194
node2: 192.168.1.195
tls认证
需要为 etcd 集群创建加密通信的 TLS 证书,这里复用以前创建的 kubernetes 证书
cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl
====install etcd=====
yum install etcd -y
mkdir /var/lib/etcd/
创建etcd.service 文件
master
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node1 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.193:2380 \
--listen-peer-urls https://192.168.1.193:2380 \
--listen-client-urls https://192.168.1.193:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.193:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node1
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node2 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.194:2380 \
--listen-peer-urls https://192.168.1.194:2380 \
--listen-client-urls https://192.168.1.194:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.194:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node2
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node3 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.195:2380 \
--listen-peer-urls https://192.168.1.195:2380 \
--listen-client-urls https://192.168.1.195:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.195:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
###start etc cluster###
systemctl start etcd
###etcd test###
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
如果重建集群,需要删除rm -rf /var/lib/etcd/*
版权声明
本文为[芒果牛奶]所创,转载请带上原文链接,感谢
https://segmentfault.com/a/1190000039262672

  1. Redis 日志篇:系统高可用的杀手锏
  2. Java中把一个对象的值复制给另外一个对象引发的思考
  3. Java serialization / call wildfly service interface exception: ejbclient000409
  4. Docker compose deploy stack
  5. Mac下查看已安装的jdk版本及其安装目录
  6. Redis log: the killer of system high availability
  7. mybatis映射xml配置文件报错:<statement> or DELIMITER expected, got ‘id‘
  8. Thinking about copying the value of one object to another in Java
  9. IntelliJ IDEA 还能画思维导图,果然最强 IDE!
  10. vue使用sdk进行七牛云上传
  11. IntelliJ IDEA 还能画思维导图,果然最强 IDE!
  12. Spring原来还可以这么玩!阿里新产Spring全线宝典成功颠覆了我对Spring的认知!
  13. View the installed JDK version and its installation directory under mac
  14. Error in mybatis mapping XML configuration file: < statement > or delay expected, got 'ID‘
  15. IntelliJ IDEA 还能画思维导图,果然最强 IDE!
  16. Javascript性能优化【内联缓存】 V8引擎特性
  17. IntelliJ idea can also draw mind maps. It's really the strongest ide!
  18. Vue uses SDK to upload Qi Niu cloud
  19. IntelliJ idea can also draw mind maps. It's really the strongest ide!
  20. 深入理解 Web 协议 (三):HTTP 2
  21. Spring can still play like this! Ali's new spring product has successfully overturned my understanding of spring!
  22. IntelliJ idea can also draw mind maps. It's really the strongest ide!
  23. JavaScript performance optimization [inline cache] V8 engine features
  24. linux 配置java环境
  25. linux find 查找文件
  26. 深入理解 Web 协议 (三):HTTP 2
  27. IntelliJ IDEA 相关问题记录
  28. Deep understanding of Web protocol (3): http 2
  29. 深入理解 Web 协议 (三):HTTP 2
  30. 腾讯IEG开源AI SDK:自动化测试吃鸡、MOBA类游戏
  31. Mysql Command
  32. Configuring Java environment with Linux
  33. Find files in Linux
  34. docker-Dockerfile 创建镜像
  35. Redis Cluster
  36. 深入理解 Web 协议 (三):HTTP 2
  37. JavaScriptBOM操作
  38. JavaScriptBOM操作
  39. Deep understanding of Web protocol (3): http 2
  40. Record of IntelliJ idea related problems
  41. Deep understanding of Web protocol (3): http 2
  42. Tencent IEG open source AI SDK: automatic testing of chicken eating and MoBa games
  43. Mysql Command
  44. Docker dockerfile create image
  45. Redis Cluster
  46. 死磕Spring之IoC篇 - 文章导读
  47. Deep understanding of Web protocol (3): http 2
  48. JavaScript BOM operation
  49. JavaScript BOM operation
  50. 死磕Spring之IoC篇 - 文章导读
  51. k8s node 操作与维护
  52. k8s 证书更新
  53. 【Java面试题第三期】JVM中哪些地方会出现内存溢出?出现的原因是什么?
  54. HashMap连环问你能答出几道?
  55. k8s-cronjob
  56. k8s-cert
  57. Spring: an introduction to IOC
  58. Spring: an introduction to IOC
  59. Operation and maintenance of k8s node
  60. K8s certificate update