Kubernetes安装系列之ETCD安装
这篇文章整理以下ETCD的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。
整体操作
- https://blog.csdn.net/liumiaocn/article/details/88413428
ETCD设定文件
[root@host131 ~]# cat /etc/etcd/etcd.conf
#[ETCD Member Settings]
ETCD_NAME="etcd-01"
ETCD_DATA_DIR="/var/lib/etcd//default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.163.131:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.163.131:2379"
#[ETCD Clustering Settings]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.163.131:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.163.131:2379"
ETCD_INITIAL_CLUSTER="etcd-01=https://192.168.163.131:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#[ETCD TLS Certificate Settings]
ETCD_CERT_FILE="/etc/ssl/etcd/cert-etcd.pem"
ETCD_KEY_FILE="/etc/ssl/etcd/cert-etcd-key.pem"
ETCD_PEER_CERT_FILE="/etc/ssl/etcd/cert-etcd.pem"
ETCD_PEER_KEY_FILE="/etc/ssl/etcd/cert-etcd-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/ssl/ca/ca.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/ssl/ca/ca.pem"
#[ETCD Other Settings]
ETCD_LOCALHOST_CLIENT="http://127.0.0.1:2379"
[root@host131 ~]#
Systemd服务配置文件
[root@host131 ~]# cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
EnvironmentFile=-/etc/etcd/etcd.conf
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/local/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},${ETCD_LOCALHOST_CLIENT} \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=${ETCD_CERT_FILE} \
--key-file=${ETCD_KEY_FILE} \
--peer-cert-file=${ETCD_PEER_CERT_FILE} \
--peer-key-file=${ETCD_PEER_KEY_FILE} \
--trusted-ca-file=${ETCD_TRUSTED_CA_FILE} \
--peer-trusted-ca-file=${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
[root@host131 ~]#
脚本示例
[root@host131 shell]# cat step2-install-etcd.sh
#!/bin/sh
. ./install.cfg
echo -e "\n## stop etcd service"
systemctl stop etcd 2>/dev/null
echo "## are you sure to delete ${ENV_ETCD_DATA_DIR} with all files in it ? "
read answers
if [ _"${answers}" = _"y" -o _"${answers}" = _"Y" ]; then
rm -rf "${ENV_ETCD_DATA_DIR}/default.etcd"
fi
mkdir -p ${ENV_ETCD_DIR_BIN}
chmod 755 ${ENV_HOME_ETCD}/etc*
cp -p ${ENV_HOME_ETCD}/etc* ${ENV_ETCD_DIR_BIN}
if [ $? -ne 0 ]; then
echo "please check etcd binary files existed in ${ENV_HOME_ETCD}/ or not"
exit
fi
# create etcd config dir when needed
mkdir -p `dirname ${ENV_ETCD_CONF}`
# The etcd configuration file.
cat <<EOF >${ENV_ETCD_CONF}
#[ETCD Member Settings]
ETCD_NAME="${ENV_ETCD_CURRENT_NAME}"
ETCD_DATA_DIR="${ENV_ETCD_DATA_DIR}/default.etcd"
ETCD_LISTEN_PEER_URLS="https://${ENV_CURRENT_HOSTIP}:${ENV_ETCD_PEER_PORT}"
ETCD_LISTEN_CLIENT_URLS="https://${ENV_CURRENT_HOSTIP}:${ENV_ETCD_CLIENT_PORT}"
#[ETCD Clustering Settings]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ENV_CURRENT_HOSTIP}:${ENV_ETCD_PEER_PORT}"
ETCD_ADVERTISE_CLIENT_URLS="https://${ENV_CURRENT_HOSTIP}:${ENV_ETCD_CLIENT_PORT}"
EOF
echo ${ENV_ETCD_HOSTS} |awk -v etcd_names="${ENV_ETCD_NAMES}" \
-v port=${ENV_ETCD_PEER_PORT} -F" " 'BEGIN{
split(etcd_names,names);
printf("ETCD_INITIAL_CLUSTER=\"");
}
{
for(cnt=1; cnt$cnt ,port);
}
printf("%s=https://%s:%s\"\n",names[cnt],$cnt,port);
}' >>${ENV_ETCD_CONF}
cat <<EOF >>${ENV_ETCD_CONF}
ETCD_INITIAL_CLUSTER_TOKEN="${ENV_ETCD_INITIAL_CLUSTER_TOKEN}"
ETCD_INITIAL_CLUSTER_STATE="${ENV_ETCD_INITIAL_CLUSTER_STATE}"
#[ETCD TLS Certificate Settings]
ETCD_CERT_FILE="${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}.pem"
ETCD_KEY_FILE="${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}-key.pem"
ETCD_PEER_CERT_FILE="${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}.pem"
ETCD_PEER_KEY_FILE="${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}-key.pem"
ETCD_TRUSTED_CA_FILE="${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM}"
ETCD_PEER_TRUSTED_CA_FILE="${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM}"
#[ETCD Other Settings]
ETCD_LOCALHOST_CLIENT="${ENV_ETCD_LOCALHOST_CLIENT}"
EOF
mkdir -p ${ENV_ETCD_DATA_DIR}
# The etcd servcie configuration file.
cat <<EOF >${ENV_ETCD_SERVICE}
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
EnvironmentFile=-${ENV_ETCD_CONF}
WorkingDirectory=${ENV_ETCD_DATA_DIR}
ExecStart=${ENV_ETCD_DIR_BIN}/etcd \\
EOF
cat <<"EOF" >> ${ENV_ETCD_SERVICE}
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},${ETCD_LOCALHOST_CLIENT} \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=${ETCD_CERT_FILE} \
--key-file=${ETCD_KEY_FILE} \
--peer-cert-file=${ETCD_PEER_CERT_FILE} \
--peer-key-file=${ETCD_PEER_KEY_FILE} \
--trusted-ca-file=${ETCD_TRUSTED_CA_FILE} \
--peer-trusted-ca-file=${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
echo -e "\n## daemon reload service "
systemctl daemon-reload
echo -e "\n## start etcd service "
systemctl start etcd
echo -e "\n## enable etcd service "
systemctl enable etcd
echo -e "\n## check etcd status"
systemctl status etcd
echo -e "\n## etcd version"
etcd --version
echo -e "\n## etcd cluster health"
export ETCDCTL_API=3
for etcd_member in ${ENV_ETCD_HOSTS}
do
etcdctl --endpoints=https://${etcd_member}:2379 --cacert=${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM} --cert=${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}.pem --key=${ENV_SSL_ETCD_DIR}/${ENV_SSL_ETCD_CERT_PRIFIX}-key.pem endpoint health
done
[root@host131 shell]#
执行示例
[root@host131 shell]# sh step2-install-etcd.sh
## stop etcd service
## are you sure to delete /var/lib/etcd/ with all files in it ?
y
## daemon reload service
## start etcd service
## enable etcd service
## check etcd status
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-03-23 12:06:36 CST; 164ms ago
Docs: https://github.com/coreos
Main PID: 8451 (etcd)
CGroup: /system.slice/etcd.service
└─8451 /usr/local/bin/etcd --name=etcd-01 --data-dir=/var/lib/etcd//default.etcd --listen-peer-urls=https://192.168.163.13...
Mar 23 12:06:36 host131 etcd[8451]: raft.node: 4d54a02094212b0 elected leader 4d54a02094212b0 at term 2
Mar 23 12:06:36 host131 etcd[8451]: setting up the initial cluster version to 3.3
Mar 23 12:06:36 host131 etcd[8451]: published {Name:etcd-01 ClientURLs:[https://192.168.163.131:2379]} to cluster cbd0f7b15d201540
Mar 23 12:06:36 host131 etcd[8451]: ready to serve client requests
Mar 23 12:06:36 host131 etcd[8451]: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged!
Mar 23 12:06:36 host131 etcd[8451]: ready to serve client requests
Mar 23 12:06:36 host131 etcd[8451]: serving client requests on 192.168.163.131:2379
Mar 23 12:06:36 host131 systemd[1]: Started Etcd Server.
Mar 23 12:06:36 host131 etcd[8451]: set the initial cluster version to 3.3
Mar 23 12:06:36 host131 etcd[8451]: enabled capabilities for version 3.3
## etcd version
etcd Version: 3.3.12
Git SHA: d57e8b8
Go Version: go1.10.8
Go OS/Arch: linux/amd64
## etcd cluster health
https://192.168.163.131:2379 is healthy: successfully committed proposal: took = 1.290479ms
[root@host131 shell]#
这样以HTTPS方式启动的ETCD服务就就绪了,接下来就可以设定和配置K8S的Master节点的APIServer服务了。
参考文章
https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md