etcd部署
cd /usr/local/src wget cd etcd-v3.2.18-linux-amd64 cp etcd etcdctl /opt/kubernetes/bin/ cd /opt/kubernetes/bin/ scp etcd etcdctl 192.168.56.11:/opt/kubernetes/bin/ scp etcd etcdctl 192.168.56.12:/opt/kubernetes/bin/ cd /usr/local/src/ssl vim etcd-csr.json { "CN": "etcd", "hosts": [ "127.0.0.1", "192.168.56.10", "192.168.56.11", "192.168.56.12" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "System" } ] } cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \ -ca-key=/opt/kubernetes/ssl/ca-key.pem \ -config=/opt/kubernetes/ssl/ca-config.json \ -profile=kubernetes etcd-csr.json | cfssljson -bare etcd scp etcd.pem etcd-key.pem /opt/kubernetes/ssl/ scp etcd.pem etcd-key.pem 192.168.56.11:/opt/kubernetes/ssl/ scp etcd.pem etcd-key.pem 192.168.56.12:/opt/kubernetes/ssl/
k8s-master
[root@k8s-master ssl]# cat /opt/kubernetes/cfg/etcd.conf #[member] ETCD_NAME="etcd-node0" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD_SNAPSHOT_COUNTER="10000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" ETCD_LISTEN_PEER_URLS="https://192.168.56.10:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.56.10:2379,https://127.0.0.1:2379" #ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_WALS="5" #ETCD_CORS="" #[cluster] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.56.10:2380" # if you use different ETCD_NAME (e.g. test), # set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..." ETCD_INITIAL_CLUSTER="etcd-node0=https://192.168.56.10:2380,etcd-node1=https://192.168.56.11:2380,etcd-node2=https://192.168.56.12:2380" ETCD_INITIAL_CLUSTER_STATE="new" ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.56.10:2379" #[security] CLIENT_CERT_AUTH="true" ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem" ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem" ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem" PEER_CLIENT_CERT_AUTH="true" ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem" ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem" ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
[root@k8s-master ssl]# cat /etc/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target [Service] Type=simple WorkingDirectory=/var/lib/etcd EnvironmentFile=-/opt/kubernetes/cfg/etcd.conf # set GOMAXPROCS to number of processors ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /opt/kubernetes/bin/etcd" Type=notify [Install] WantedBy=multi-user.target [root@k8s-master ssl]#
k8s-node照着该就行了
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
[root@k8s-node2 src]# etcdctl --endpoints=https://192.168.56.11:2379 \ > --ca-file=/opt/kubernetes/ssl/ca.pem \ > --cert-file=/opt/kubernetes/ssl/etcd.pem \ > --key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health member 435fb0a8da627a4c is healthy: got healthy result from https://192.168.56.12:2379 member 6566e06d7343e1bb is healthy: got healthy result from https://192.168.56.11:2379 member db88edfbb8de7fa0 is healthy: got healthy result from https://192.168.56.10:2379 cluster is healthy [root@k8s-node2 src]#