k8s之创建etcd集群

主机规划

maste01——192.168.10.63

master02——192.168.10.64

node01——192.168.10.65

node02——192.168.10.66

1、为保证k8s集群正常工作，建议先将selinux彻底改为disabled
[root@k8s-master01-10 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

2、将防火墙关掉，并设置成开机不启动。防火墙在配置之前也最好清除一下。

systemctl stop firewalld

systemctl disable firewalld

iptables -F

 3、上面三步都做好了之后可以直接reboot主机

4、在主机上面创建一个目录、/opt/etcd/{bin,cfg,ssl}
将ca和server证书复制到这个ssl证书目录下。

5、上github上下载一个对应的包
https://github.com/etcd-io/etcd/releases
这里以etcd-v3.3.10-linux-amd64.tar.gz为列

解压出来到本地，进入解压好的文件夹。

会有一个、etcd和etcdctl的二进制文件，将他们复制或移动到之前定好的目录/opt/etcd/bin下面

通过以下脚本生成启动文件

#!/bin/bash
# example: ./etcd.sh etcd01 192.168.10.63 etcd02=https://192.168.10.64:2380,etcd03=https://192.168.10.65:2380

ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3

WORK_DIR=/opt/etcd

cat <<EOF >$WORK_DIR/cfg/etcd
#[Member]
ETCD_NAME="${ETCD_NAME}"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

cat <<EOF >/usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=${WORK_DIR}/cfg/etcd
ExecStart=${WORK_DIR}/bin/etcd \
--name=\${ETCD_NAME} \
--data-dir=\${ETCD_DATA_DIR} \
--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=\${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=${WORK_DIR}/ssl/server.pem \
--key-file=${WORK_DIR}/ssl/server-key.pem \
--peer-cert-file=${WORK_DIR}/ssl/server.pem \
--peer-key-file=${WORK_DIR}/ssl/server-key.pem \
--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \
--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd

6、各启动脚本生成之后即可直接启动etcd

官方建议etcd最少3个节点，保证高可用。也可以多个奇数节点。

systemctl start etcd

启动即可，其它两个或多个节点同理布置。

如果有其它问题请先看日志/var/log/messages