kubernetesetcd組件部署-創(chuàng)新互聯(lián)

這篇文章為大家?guī)碛嘘P(guān)kubernetes中etcd組件的部署方法。文章涵蓋etcd組件的簡介和etcd組件的部署方法，希望大家通過這篇文章能有所收獲。

為武鄉(xiāng)等地區(qū)用戶提供了全套網(wǎng)頁設(shè)計制作服務(wù)，及武鄉(xiāng)網(wǎng)站建設(shè)行業(yè)解決方案。主營業(yè)務(wù)為成都網(wǎng)站制作、網(wǎng)站建設(shè)、外貿(mào)網(wǎng)站建設(shè)、武鄉(xiāng)網(wǎng)站設(shè)計，以傳統(tǒng)方式定制建設(shè)網(wǎng)站，并提供域名空間備案等一條龍服務(wù)，秉承以專業(yè)、用心的態(tài)度為用戶提供真誠的服務(wù)。我們深信只要達到每一位用戶的要求，就會得到認可，從而選擇與我們長期合作。這樣，我們也可以走得更遠！

etcd組件部署

etcd簡介

etcd是CoreOS團隊于2013年6月發(fā)起的開源項目，它的目標(biāo)是構(gòu)建一個高可用的分布式鍵值(key-value)數(shù)據(jù)庫。etcd內(nèi)部采用raft協(xié)議作為一致性算法，etcd基于Go語言實現(xiàn)。
etcd作為服務(wù)發(fā)現(xiàn)系統(tǒng)，有以下的特點：
- 簡單：安裝配置簡單，而且提供了HTTP API進行交互，使用也很簡單
- 安全：支持SSL證書驗證
- 快速：根據(jù)官方提供的benchmark數(shù)據(jù)，單實例支持每秒2k+讀操作
- 可靠：采用raft算法，實現(xiàn)分布式系統(tǒng)數(shù)據(jù)的可用性和一致性

master01服務(wù)器操作

自簽etcd組件證書

[root@master01 ~]# systemctl stop firewalld.service  //關(guān)閉防火墻
[root@master01 ~]# setenforce 0            //關(guān)閉selinux
[root@master01 ~]# mkdir k8s     //創(chuàng)建k8s目錄
[root@master01 ~]# ls
anaconda-ks.cfg  k8s
[root@master01 ~]# mount.cifs //192.168.80.2/shares/K8S/k8s01 /mnt/   //掛載宿主機中準(zhǔn)備好的軟件包
Password for root@//192.168.80.2/shares/K8S/k8s01:
[root@master01 ~]# cd /mnt/
[root@master01 mnt]# ls
etcd-cert   etcd-v3.3.10-linux-amd64.tar.gz   k8s-cert.sh              master.zip
etcd-cert.sh  flannel.sh              kubeconfig.sh             node.zip
etcd.sh    flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master01 mnt]# cd /root/k8s/       //回到k8s目錄
[root@master01 k8s]# vim cfssl.sh        //編輯腳本下載cfssl官方包  做ca認證的軟件包
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
:wq
[root@master01 k8s]# bash cfssl.sh       //執(zhí)行腳本，下載cfssl官方包
% Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
               Dload  Upload  Total  Spent   Left  Speed
100  9.8M  100  9.8M   0   0  457k    0  0:00:22  0:00:22 --:--:--  581k
% Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
               Dload  Upload  Total  Spent   Left  Speed
100 2224k  100 2224k   0   0  300k    0  0:00:07  0:00:07 --:--:--  517k
% Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
               Dload  Upload  Total  Spent   Left  Speed
100 6440k  100 6440k   0   0  276k    0  0:00:23  0:00:23 --:--:--  221k
[root@master01 k8s]# ls /usr/local/bin/        //查看證書是否成功下載
cfssl  cfssl-certinfo  cfssljson
[root@master01 k8s]# mkdir etcd-cert      //創(chuàng)建證書存放目錄
[root@master01 k8s]# ls
etcd-cert
[root@master01 k8s]# cd etcd-cert/       //進入證書存放目錄
[root@master01 etcd-cert]# cat > ca-config.json <<EOF    //定義ca證書
> {
>  "signing": {
>   "default": {
>    "expiry": "87600h"      //證書失效
>   },
>   "profiles": {
>    "www": {
>      "expiry": "87600h",
>      "usages": [
>       "signing",
>       "key encipherment",
>       "server auth",     //服務(wù)端驗證
>       "client auth"     //客戶端驗證
>     ]
>    }
>   }
>  }
> }
> EOF
[root@master01 etcd-cert]# cat > ca-csr.json <<EOF   //實現(xiàn)證書簽名
> {
>   "CN": "etcd CA",
>   "key": {
>     "algo": "rsa",     //使用非對稱密鑰
>     "size": 2048      //密鑰長度
>   },
>   "names": [
>     {
>       "C": "CN",       //標(biāo)識信息，可自行定義
>       "L": "Beijing",
>       "ST": "Beijing"
>     }
>   ]
> }
> EOF
[root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -   //使用命令生成ca證書
2020/02/09 16:53:08 [INFO] generating a new CA key and certificate from CSR
2020/02/09 16:53:08 [INFO] generate received request
2020/02/09 16:53:08 [INFO] received CSR
2020/02/09 16:53:08 [INFO] generating key: rsa-2048
2020/02/09 16:53:08 [INFO] encoded CSR
2020/02/09 16:53:08 [INFO] signed certificate with serial number 400787333165311350366024741004548366561538833100
[root@master01 etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem   //ca證書生成成功
[root@master01 etcd-cert]# cat > server-csr.json <<EOF    //指定etcd三個節(jié)點之間的通信驗證
> {
>   "CN": "etcd",
>   "hosts": [
>   "192.168.80.12",     //群集IP地址設(shè)定，master地址
>   "192.168.80.13",     //node01IP地址
>   "192.168.80.14"      //node02IP地址
>   ],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing",
>       "ST": "BeiJing"
>     }
>   ]
> }
> EOF
[root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server   //生成ETCD證書 server-key.pem  server.pem
2020/02/09 16:59:12 [INFO] generate received request
2020/02/09 16:59:12 [INFO] received CSR
2020/02/09 16:59:12 [INFO] generating key: rsa-2048
2020/02/09 16:59:12 [INFO] encoded CSR
2020/02/09 16:59:12 [INFO] signed certificate with serial number 155295832576786241095177900248601469934260652049
2020/02/09 16:59:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@master01 etcd-cert]# ls
ca-config.json  ca-csr.json  ca.pem    server-csr.json  server.pem
ca.csr      ca-key.pem  server.csr  server-key.pem          //生成成功

部署etcd服務(wù)

[root@master01 etcd-cert]# cd /mnt/      //進入宿主機掛載過來的目錄
[root@master01 mnt]# ls
etcd-cert   etcd-v3.3.10-linux-amd64.tar.gz   k8s-cert.sh              master.zip
etcd-cert.sh  flannel.sh              kubeconfig.sh             node.zip
etcd.sh    flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master01 mnt]# cp etcd-v3.3.10-linux-amd64.tar.gz flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz etcd.sh /root/k8s/   //將軟件包與etcd執(zhí)行腳本復(fù)制到k8s工作目錄中
[root@master01 mnt]# cd /root/k8s/          //回到k8s工作目錄
[root@master01 k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz    //解壓etcd軟件包
etcd-v3.3.10-linux-amd64/
etcd-v3.3.10-linux-amd64/Documentation/
etcd-v3.3.10-linux-amd64/Documentation/platforms/
etcd-v3.3.10-linux-amd64/Documentation/platforms/container-linux-systemd.md
etcd-v3.3.10-linux-amd64/Documentation/platforms/aws.md
etcd-v3.3.10-linux-amd64/Documentation/platforms/freebsd.md
etcd-v3.3.10-linux-amd64/Documentation/rfc/
...
[root@master01 k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p   //遞歸創(chuàng)建etcd工作目錄
[root@master01 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/  //將etcd命令文件復(fù)制到工作目錄中bin目錄下
[root@master01 k8s]# ls /opt/etcd/bin/    //查看
etcd  etcdctl
[root@master01 k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/   //拷貝證書文件到etcd工作目錄ssl目錄下
[root@master01 k8s]# ls /opt/etcd/ssl/     //查看
ca-key.pem  ca.pem  server-key.pem  server.pem
[root@master01 k8s]# bash etcd.sh etcd01 192.168.80.12 etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380   //執(zhí)行啟動腳本 etcd01為master01服務(wù)器地址 etcd02、etcd03為node01、node02IP地址，稍后我們將分別在node01、node02中部署etcd，組成etcd群集，腳本執(zhí)行同時生成etcd配置文件
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
//執(zhí)行啟動腳本后會進入卡住狀態(tài)，等待其他節(jié)點加入，它也有一定的超時時間，超過超時時間會出現(xiàn)報錯，不用理會

重新開啟新的會話框

[root@master01 ~]# ps -ef | grep etcd   //查看進程是否開啟
root    16146    1  0 17:14 ?     00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.80.12:2380 --listen-client-urls=https://192.168.80.12:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.80.12:2379 --initial-advertise-peer-urls=https://192.168.80.12:2380 --initial-cluster=etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root    16191  16160  0 17:15 pts/1   00:00:00 grep --color=auto etcd   //成功開啟
[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.13:/opt/      //拷貝etcd工作目錄到node01節(jié)點
The authenticity of host '192.168.80.13 (192.168.80.13)' can't be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.13' (ECDSA) to the list of known hosts.
root@192.168.80.13's password:
etcd                                    100%  509  495.7KB/s  00:00
etcd                                    100%  18MB  98.7MB/s  00:00
etcdctl                                   100%  15MB  95.0MB/s  00:00
ca-key.pem                                 100% 1675   1.6MB/s  00:00
ca.pem                                   100% 1265  416.6KB/s  00:00
server-key.pem                               100% 1675   2.3MB/s  00:00
server.pem                                 100% 1338   2.0MB/s  00:00
[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.14:/opt/     //拷貝etcd工作目錄到node02節(jié)點
The authenticity of host '192.168.80.14 (192.168.80.14)' can't be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.14' (ECDSA) to the list of known hosts.
root@192.168.80.14's password:
etcd                                    100%  509  523.8KB/s  00:00
etcd                                    100%  18MB  79.6MB/s  00:00
etcdctl                                   100%  15MB 140.4MB/s  00:00
ca-key.pem                                 100% 1675   1.9MB/s  00:00
ca.pem                                   100% 1265  296.4KB/s  00:00
server-key.pem                               100% 1675   2.4MB/s  00:00
server.pem                                 100% 1338  423.3KB/s  00:00
[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.13:/usr/lib/systemd/system/        //啟動腳本拷貝到node01節(jié)點
root@192.168.80.13's password:
etcd.service                                100%  923  628.8KB/s  00:00
[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.14:/usr/lib/systemd/system/        //啟動腳本拷貝到node02節(jié)點
root@192.168.80.14's password:
etcd.service                                100%  923  684.8KB/s  00:00

node01服務(wù)器操作

更改復(fù)制過來的etcd配置文件

[root@node01 ~]# systemctl stop firewalld.service    //關(guān)閉防火墻
[root@node01 ~]# setenforce 0              //關(guān)閉selinux
[root@node01 ~]# vim /opt/etcd/cfg/etcd
#[Member] 
ETCD_NAME="etcd02"         //更改名稱為etcd02
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.80.13:2380"   //更改IP地址為192.168.80.13
ETCD_LISTEN_CLIENT_URLS="https://192.168.80.13:2379"  //更改IP地址為192.168.80.13

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.13:2380"  //更改IP地址為192.168.80.13
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.13:2379"     //更改IP地址為192.168.80.13
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"              //注意：此處不用改動
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
:wq 
[root@node01 ~]# systemctl start etcd       //編輯完成后直接啟動etcd服務(wù)
[root@node01 ~]# systemctl status etcd       //查看服務(wù)狀態(tài)
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-02-09 17:25:38 CST; 50s ago   //正常運行
Main PID: 15905 (etcd)
...

node02服務(wù)器操作

更改復(fù)制過來的etcd配置文件

[root@node02 ~]# systemctl stop firewalld.service     //關(guān)閉防火墻
[root@node02 ~]# setenforce 0              //關(guān)閉selinux
[root@node02 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03"                   //更改名稱為etcd03
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.80.14:2380"   //更改IP地址為192.168.80.14
ETCD_LISTEN_CLIENT_URLS="https://192.168.80.14:2379"  //更改IP地址為192.168.80.14

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.14:2380"    //更改IP地址為192.168.80.14
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.14:2379"       //更改IP地址為192.168.80.14
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"       //注意：此處不用改動
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
:wq
[root@node02 ~]# systemctl start etcd     //啟動服務(wù)
[root@node02 ~]# systemctl status etcd    //查看狀態(tài)
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-02-09 17:32:29 CST; 4s ago  //成功運行
Main PID: 15926 (etcd)
...

回到master01服務(wù)器操作

檢查群集狀態(tài)

[root@master01 k8s]# cd etcd-cert/    //進入證書目錄 因為要使用ca證書驗證查看，所有要進入證書存放目錄中查看
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" cluster-health     //使用目錄查看群集狀態(tài)
member accc4008f61328 is healthy: got healthy result from https://192.168.80.13:2379
member 88ef2b8e883800a0 is healthy: got healthy result from https://192.168.80.12:2379
member fafd8a15257570ee is healthy: got healthy result from https://192.168.80.14:2379
cluster is healthy     //群集創(chuàng)建成功

看完這篇文章，你們學(xué)會kubernetes中etcd組件的部署方法了嗎？如果還想學(xué)到更多技能或想了解更多相關(guān)內(nèi)容，歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道，感謝各位的閱讀！

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機、免備案服務(wù)器”等云主機租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價比高”等特點與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

文章題目：kubernetesetcd組件部署-創(chuàng)新互聯(lián)
標(biāo)題路徑：http://aaarwkj.com/article6/pjpig.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)站策劃、品牌網(wǎng)站制作、網(wǎng)站排名、動態(tài)網(wǎng)站、電子商務(wù)、網(wǎng)站設(shè)計

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容