二进制安装k8s - 0.4 ETCD 单节点安装

二进制安装k8s - 0.4 ETCD 单节点安装

---

---

---

---

创建目录 & 拷贝文件

[root@master ~]# mkdir -p /data/etcd/{
    
    bin,ssl}
[root@master ~]# mv /data/k8s/bin/etcd* /data/etcd/bin/

---

---

---

---

创建etcd证书请求

创建证书文件

[root@master data]# cd /data/etcd/ssl
[root@master data]# vim /data/etcd/ssl/etcd-csr.json

{
    
    
  "CN": "etcd",
  "hosts": [
    "{
    
    { host }}",
    "127.0.0.1"
  ],
  "key": {
    
    
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
    
    
      "C": "CN",
      "ST": "SiChuan",
      "L": "ChengDu",
      "O": "k8s",
      "OU": "Lswzw"
    }
  ]
}

注：我这里的 host 为 192.168.100.59 把 { { host }} 替换即可

生成etcd证书和私钥

/data/etcd/ssl

cfssl gencert \
  -ca=/data/k8s/cert/ca.pem \
  -ca-key=/data/k8s/cert/ca-key.pem \
  -config=/data/k8s/cert/ca-config.json \
  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

[root@master ssl]# ll 
total 16
-rw-r--r-- 1 root root 1045 May 15 15:22 etcd.csr
-rw-r--r-- 1 root root  258 May 15 15:22 etcd-csr.json
-rw------- 1 root root 1675 May 15 15:22 etcd-key.pem
-rw-r--r-- 1 root root 1419 May 15 15:22 etcd.pem

---

---

---

---

配置启动文件

[root@master ~]# vim /etc/systemd/system/etcd.service

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/data/etcd/
ExecStart=/data/etcd/bin/etcd \
  --name={
    
    {
    
     NODE_NAME }} \
  --cert-file=/data/etcd/ssl/etcd.pem \
  --key-file=/data/etcd/ssl/etcd-key.pem \
  --peer-cert-file=/data/etcd/ssl/etcd.pem \
  --peer-key-file=/data/etcd/ssl/etcd-key.pem \
  --trusted-ca-file=/data/k8s/cert/ca.pem \
  --peer-trusted-ca-file=/data/k8s/cert/ca.pem \
  --initial-advertise-peer-urls=https://{
    
    {
    
     Host_IP }}:2380 \
  --listen-peer-urls=https://{
    
    {
    
     Host_IP }}:2380 \
  --listen-client-urls=https://{
    
    {
    
     Host_IP }}:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://{
    
    {
    
     Host_IP }}:2379 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster={
    
    {
    
     ETCD_NODES }} \
  --initial-cluster-state=new \
  --data-dir=/data/etcd \
  --snapshot-count=50000 \
  --auto-compaction-retention=1 \
  --max-request-bytes=10485760 \
  --quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

注： { { NODE_NAME }} 集群部署 须填写多个。 我这里只有1个可以替换为 etcd0
{ { Host_IP }} 为etcd 部署主机ip。 我这里为 192.168.100.59
{ { ETCD_NODES }} 我这里只有1个为 etcd0=https://192.168.100.59:2380

---

---

---

---

开启ETCD

systemctl daemon-reload
systemctl start etcd
systemctl enable etcd

# 检查服务状态
systemctl status etcd.service

[root@master ssl]# ss -ntl | egrep "2379|2380"
LISTEN     0      128    192.168.100.59:2379                     *:*                  
LISTEN     0      128    127.0.0.1:2379                     *:*                  
LISTEN     0      128    192.168.100.59:2380                     *:*    

---

---

---

---