2.从0安装kubernetes集群-配置etcd

## 1.将所有文件放置/data/download

## 2.在master1需要安装CFSSL工具，这将会用来建立 TLS certificates。
cp /data/download/cfssl /usr/local/bin/cfssl
cp /data/download/cfssljson /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson

## 3.创建集群ca和certificates
mkdir -p /etc/etcd/ssl
cd /etc/etcd/ssl

## 3.1.下载ca-config.json与etcd-ca-csr.json文件，并产生 CA 密钥：
cp /data/download/ca-config.json /etc/etcd/ssl/ca-config.json
cp /data/download/etcd-ca-csr.json /etc/etcd/ssl/etcd-ca-csr.json

cfssl gencert -initca etcd-ca-csr.json | cfssljson -bare etcd-ca
ls etcd-ca*.pem

## 3.2.下载etcd-csr.json文件，并产生 kube-apiserver certificate 证书：
## 注意IP
cp /data/download/etcd-csr.json /etc/etcd/ssl/etcd-csr.json
cfssl gencert \
-ca=etcd-ca.pem \
-ca-key=etcd-ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
etcd-csr.json | cfssljson -bare etcd
ls etcd*.pem
ls /etc/etcd/ssl
## 确保有：etcd-ca.csr  etcd-ca-key.pem  etcd-ca.pem  etcd.csr  etcd-key.pem  etcd.pem

## 4.安装etcd
#yum install etcd -y

## 5.etcd管理文件
## 注意IP
cp /data/download/etcd.conf /etc/etcd/etcd.conf
cp /data/download/etcd.service /lib/systemd/system/etcd.service

## 6.建立 var 存放信息，然后启动 Etcd 服务:
mkdir -p /var/lib/etcd && chown etcd:etcd -R /var/lib/etcd /etc/etcd
systemctl enable etcd.service
systemctl start etcd.service

## 7.检查健康状态，注意IP
export CA="/etc/etcd/ssl"
ETCDCTL_API=3 etcdctl \
  --cacert=${CA}/etcd-ca.pem \
  --cert=${CA}/etcd.pem \
  --key=${CA}/etcd-key.pem \
  --endpoints="https://192.168.162.128:2379" \
  endpoint health