Kubernetes组件是无状态的,并在etcd中存储集群状态等数据。 在本小节中,我们将部署三个节点的etcd群集,并对其进行配置以实现高可用性和安全的远程访问。
ETCD是用于存储的组件。
K8S的各个组件基本上是无状态的,并且会把数据都存在ETCD中。
[root@node-X ~]# pwd
/root
配置etcd
#每个节点都执行:创建etcd配置文件和工作目录,并拷贝必要的证书文件。
[root@node-X ~]# mkdir -p /etc/etcd /var/lib/etcd
[root@node-X ~]# chmod 700 /var/lib/etcd
[root@node-X ~]# ll -ld /etc/etcd
drwxr-xr-x 2 root root 4096 Nov 4 00:17 /etc/etcd
[root@node-X ~]# ll -ld /var/lib/etcd
drwx------ 2 root root 4096 Nov 4 00:17 /var/lib/etcd
[root@node-X ~]# cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/
[root@node-X ~]# ll /etc/etcd/
total 12
-rw-r--r-- 1 root root 1367 Nov 4 00:21 ca.pem
-rw------- 1 root root 1679 Nov 4 00:21 kubernetes-key.pem
-rw-r--r-- 1 root root 1647 Nov 4 00:21 kubernetes.pem
#每个节点都执行:配置etcd.service文件
[root@node-X ~]# ETCD_NAME=$(hostname -s)
[root@node-1 ~]# echo $ETCD_NAME
node-1
[root@node-2 ~]# echo $ETCD_NAME
node-2
[root@node-3 ~]# echo $ETCD_NAME
node-3
#在每个节点设置不同的内网IP:注意每个节点的IP都不同。
[root@node-1 ~]# ETCD_IP=172.16.1.21
[root@node-1 ~]# echo $ETCD_IP
172.16.1.21
[root@node-2 ~]# ETCD_IP=172.16.1.22
[root@node-2 ~]# echo $ETCD_IP
172.16.1.22
[root@node-3 ~]# ETCD_IP=172.16.1.23
[root@node-3 ~]# echo $ETCD_IP
172.16.1.23
#每个节点都执行:etcd所有节点ip的host映射名称
[root@node-X ~]# ETCD_NAMES=(node-1 node-2 node-3)
#每个节点都执行:etcd所有节点的ip地址
[root@node-X ~]# ETCD_IPS=(172.16.1.21 172.16.1.22 172.16.1.23)
#每个节点都执行:写入/etc/systemd/system/etcd.service
[root@node-X ~]# cat <<EOF > /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \\
--name ${ETCD_NAME} \\
--cert-file=/etc/etcd/kubernetes.pem \\
--key-file=/etc/etcd/kubernetes-key.pem \\
--peer-cert-file=/etc/etcd/kubernetes.pem \\
--peer-key-file=/etc/etcd/kubernetes-key.pem \\
--trusted-ca-file=/etc/etcd/ca.pem \\
--peer-trusted-ca-file=/etc/etcd/ca.pem \\
--peer-client-cert-auth \\
--client-cert-auth \\
--initial-advertise-peer-urls https://${ETCD_IP}:2380 \\
--listen-peer-urls https://${ETCD_IP}:2380 \\
--listen-client-urls https://${ETCD_IP}:2379,https://127.0.0.1:2379 \\
--advertise-client-urls https://${ETCD_IP}:2379 \\
--initial-cluster-token etcd-cluster-0 \\
--initial-cluster ${ETCD_NAMES[0]}=https://${ETCD_IPS[0]}:2380,${ETCD_NAMES[1]}=https://${ETCD_IPS[1]}:2380,${ETCD_NAMES[2]}=https://${ETCD_IPS[2]}:2380 \\
--initial-cluster-state new \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
#每个节点都执行:不同的节点生成的IP和IP映射host名称内容不一样!这里一定要检查变量是否生效!!!!!!!!否则一个个的节点重新设置变量,并重新生成文件!!!!
[root@node-X ~]# cat /etc/systemd/system/etcd.service
启动etcd集群
#所有etcd节点都配置好etcd.service后,启动etcd集群
[root@node-X ~]# systemctl daemon-reload && systemctl enable etcd && systemctl restart etcd && systemctl status etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /etc/systemd/system/etcd.service.
Active: active (running) since Fri 2022-11-04 00:40:05 CST; 26ms ago
验证etcd集群
#验证etcd集群状态
[root@node-X ~]# ETCDCTL_API=3 etcdctl member list \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/etcd/ca.pem \
--cert=/etc/etcd/kubernetes.pem \
--key=/etc/etcd/kubernetes-key.pem
17699d00ab051ce0, started, node-3, https://172.16.1.23:2380, https://172.16.1.23:2379, false
30f1ad6e6bfae91e, started, node-1, https://172.16.1.21:2380, https://172.16.1.21:2379, false
bf0f7b27e53ff62b, started, node-2, https://172.16.1.22:2380, https://172.16.1.22:2379, false
[root@node-X ~]# netstat -lntup|grep 2379
tcp 0 0 172.16.1.21:2379 0.0.0.0:* LISTEN 1933/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 1933/etcd
[root@node-X ~]# netstat -lntup|grep 2380
tcp 0 0 172.16.1.21:2380 0.0.0.0:* LISTEN 1933/etcd
标题:Kubernetes(五)kubernetes-the-hard-way方式(5.4)部署etcd集群
作者:yazong
地址:https://blog.llyweb.com/articles/2022/11/04/1667497600335.html