k8s部署配置文件统一存放位置:
[root@master ~]
Etcd配置开始
二进制包下载地址:https://github.com/coreos/etcd/releases/tag/v3.2.12
下载好后解压并把可执行文件放到统一配置目录
[root@master ~]# tar zxvf etcd-v3.2.12-linux-amd64.tar.gz
[root@master ~]# mv etcd-v3.2.12-linux-amd64/etcd /opt/kubernetes/bin/
[root@master ~]# mv etcd-v3.2.12-linux-amd64/etcdctl /opt/kubernetes/bin/
创建etcd配置文件,注意ETCD_NAME和ETCD_INITIAL_CLUSTER(这个里面要把其他节点ip也加上)
[root@master ~]# vi /opt/kubernetes/cfg/etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.10.60:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.10.60:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.10.60:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.10.60:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.10.60:2380,etcd02=https://192.168.10.61:2380,etcd03=https://192.168.10.62:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
创建etcd服务
[root@master ~]# vi /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/opt/kubernetes/ssl/server.pem \
--key-file=/opt/kubernetes/ssl/server-key.pem \
--peer-cert-file=/opt/kubernetes/ssl/server.pem \
--peer-key-file=/opt/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
把需要证书拷贝到配置目录
[root@master ~]# cp ssl/server*pem ssl/ca*.pem /opt/kubernetes/ssl/
运行etcd,可能会出现卡死直接ctrl+c
[root@master ~]# systemctl start etcd
检查下是否启动etcd,好像启动了嘿嘿
[root@master ~]# ps -ef |grep etcd
root 21792 1 2 16:23 ? 00:00:00 /opt/kubernetes/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.10.60:2380 --listen-client-urls=https://192.168.10.60:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.10.60:2379 --initial-advertise-peer-urls=https://192.168.10.60:2380 --initial-cluster=etcd01=https://192.168.10.60:2380,etcd02=https://192.168.10.61:2380,etcd03=https://192.168.10.62:2380 --initial-cluster-token=etcd01=https://192.168.10.60:2380,etcd02=https://192.168.10.61:2380,etcd03=https://192.168.10.62:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
root 21799 21313 0 16:23 pts/0 00:00:00 grep --color=auto etcd
加入开机启动
[root@master ~]# systemctl enable etcd