1. Download ETCD PackageWgethttps://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz[email protected] src]# TAR-ZXVF etcd-v3.2.18-linux-amd64.tar.gz[email protected] src]# CD ETCD-V3.2.18-LINUX-AMD64[email protected] etcd-v3.2.18-linux-amd64]# CP ETCD etcdctl/opt/kubernetes/bin/[email protected] etcd-v3.2.18-linux-amd64]# SCP etcd etcdctl 192.168.43.22:/opt/kubernetes/bin/[email protected] etcd-v3.2.18-linux-amd64]# SCP etcd etcdctl 192.168.43.23:/opt/kubernetes/bin/2. Create a ETCD certificate signing request[email protected] ~]# cd/usr/local/src/ssl/[email protected] ssl]# vim Etcd-csr.json{" CN": "Etcd","hosts": ["127.0.0.1","192.168.43.21","192.168.43.22","192.168.43.23" ],"key": {" algo": "RSA","size": 2048 },"Names": [ {"C": "CN"," ST": "Beijing"," L": "Beijing","O": "K8s","OU": "System" } ]}3. Generate ETCD certificate and private key[email protected] ssl]# Cfssl GENCERT-CA=/OPT/KUBERNETES/SSL/CA.PEM \>-ca-key=/opt/kubernetes/ssl/ca-key.pem \>-config=/opt/kubernetes/ssl/ca-config.json \>-profile=kubernetes Etcd-csr.json | cfssljson-bare etcd[email protected] ssl]# ls-l etcd*-rw-r--r--1 root root 1062 June 00:28 ETCD.CSR-rw-r--r--1 root root 287 June 00:26 Etcd-csr.json-rw-------1 root root 1679 June 00:28 Etcd-key.pem-rw-r--r--1 root root 1436 June 00:28 Etcd.pem4. Move the certificate to the Opt/kubernetes/ssl directory[email protected] ssl]# CP Etcd*.pem/opt/kubernetes/ssl[email protected] ssl]# SCP Etcd*.pem 192.168.43.22:/opt/kubernetes/ssl[email protected] ssl]# SCP Etcd*.pem 192.168.43.23:/opt/kubernetes/ssl5. Setting ETCD configuration file[email protected] ssl]# vim/opt/kubernetes/cfg/etcd.conf#[member]etcd_name= "Etcd-node1"etcd_data_dir= "/var/lib/etcd/default.etcd"#ETCD_SNAPSHOT_COUNTER = "10000"#ETCD_HEARTBEAT_INTERVAL = "+"#ETCD_ELECTION_TIMEOUT = "+"etcd_listen_peer_urls= "https://192.168.43.21:2380"etcd_listen_client_urls= "https://192.168.43.21:2379,https://127.0.0.1:2379"#ETCD_MAX_SNAPSHOTS = "5"#ETCD_MAX_WALS = "5"#ETCD_CORS = ""#[cluster]etcd_initial_advertise_peer_urls= "https://192.168.43.21:2380"# If you use different etcd_name (e.g. test),# Set Etcd_initial_cluster value for this name, i.e. "test=http://..."etcd_initial_cluster= "etcd-node1=https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380, etcd-node3=https://192.168.43.23:2380 "etcd_initial_cluster_state= "New"etcd_initial_cluster_token= "K8s-etcd-cluster"etcd_advertise_client_urls= "https://192.168.43.21:2379"#[security]client_cert_auth= "true"etcd_ca_file= "/opt/kubernetes/ssl/ca.pem"etcd_cert_file= "/opt/kubernetes/ssl/etcd.pem"etcd_key_file= "/opt/kubernetes/ssl/etcd-key.pem"peer_client_cert_auth= "true"etcd_peer_ca_file= "/opt/kubernetes/ssl/ca.pem"etcd_peer_cert_file= "/opt/kubernetes/ssl/etcd.pem"etcd_peer_key_file= "/opt/kubernetes/ssl/etcd-key.pem" 6. Create ETCD system service[Email protected] ~]# VIM/ETC/SYSTEMD/SYSTEM/ETCD.SERVICE[UNIT]DESCRIPTION=ETCD serverafter=network.target[ service]type=simpleworkingdirectory=/var/lib/etcdenvironmentfile=-/opt/kubernetes/cfg/etcd.conf# Set GOMAXPROCS To number of processorsexecstart=/bin/bash-c "gomaxprocs=$ (nproc)/opt/kubernetes/bin/etcd" Type=notify[install] Wantedby=multi-user.target7, Reload the system service, and modify the Node1, Node2 node of the etcd.conf configuration file for their native host name, IP[[email protected] ~]# systemctl daemon-reload[[email protected] ~]# Systemctl enable Etcd[[email protected] ssl]# scp/op t/kubernetes/cfg/etcd.conf 192.168.43.22:/opt/kubernetes/cfg/[[email protected] ssl]# scp/etc/systemd/system/ Etcd.service 192.168.43.22:/etc/systemd/system/[[email protected] ssl]# scp/opt/kubernetes/cfg/etcd.conf 192.168.43.23:/opt/kubernetes/cfg/[[email protected] ssl]# scp/etc/systemd/system/etcd.service 192.168.43.23:/etc/ systemd/system/[email protected] ~]# vim/opt/kubernetes/cfg/etcd.conf#[member]etcd_name= "Etcd-node2" etcd_data_dir= "/var/lib/etcd/default.etcd" #ETCD_SNAPSHOT_COUNTER = "10000" #ETCD_ heartbeat_interval= "#ETCD_ELECTION_TIMEOUT =" etcd_listen_peer_urls= "https://192.168.43.22:2380" Etcd_ listen_client_urls= "https://192.168.43.22:2379,https://127.0.0.1:2379" #ETCD_MAX_SNAPSHOTS = "5" #ETCD_MAX_WALS = "5 "#ETCD_CORS =" "#[cluster]etcd_initial_advertise_peer_urls=" https://192.168.43.22:2380 "# If you use different etcd_ Name (e.g. test), # Set Etcd_initial_cluster value for this name, i.e. "test=http://..." etcd_initial_cluster= "etcd-node1= https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380,etcd-node3=https://192.168.43.23:2380 "Etcd_ Initial_cluster_state= "new" etcd_initial_cluster_token= "K8s-etcd-cluster" etcd_advertise_client_urls= "https:// 192.168.43.22:2379 "#[security]client_cert_auth=" true "etcd_ca_file="/opt/kubernetes/ssl/ca.pem "ETCD_CERT_FILE=" /opt/kubernetes/ssl/etcd.pem "[[email protected] ~]# vim/opt/kubernetes/cfg/etcd.conf #[member]etcd_name= "Etcd-node3" etcd_data_dir= "/var/lib/etcd/default.etcd" #ETCD_SNAPSHOT_COUNTER = "10000" #ETCD_ heartbeat_interval= "#ETCD_ELECTION_TIMEOUT =" etcd_listen_peer_urls= "https://192.168.43.23:2380" Etcd_ listen_client_urls= "https://192.168.43.23:2379,https://127.0.0.1:2379" #ETCD_MAX_SNAPSHOTS = "5" #ETCD_MAX_WALS = "5 "#ETCD_CORS =" "#[cluster]etcd_initial_advertise_peer_urls=" https://192.168.43.23:2380 "# If you use different etcd_ Name (e.g. test), # Set Etcd_initial_cluster value for this name, i.e. "test=http://..." etcd_initial_cluster= "etcd-node1= https://192.168.43.21:2380,etcd-node2=https://192.168.43.22:2380,etcd-node3=https://192.168.43.23:2380 "Etcd_ Initial_cluster_state= "new" etcd_initial_cluster_token= "K8s-etcd-cluster" etcd_advertise_client_urls= "https:// 192.168.43.23:2379 "#[security]client_cert_auth=" true "etcd_ca_file="/opt/kubernetes/ssl/ca.pem "ETCD_CERT_FILE=" /opt/kubernetes/ssl/etcd.pem "Create ETCD storage directory on all nodes and startEtcd, it is not created by default. [email protected] ~]# MKDIR/VAR/LIB/ETCD[email protected] ~]# MKDIR/VAR/LIB/ETCD[email protected] ~]# MKDIR/VAR/LIB/ETCD[email protected] ~]# Systemctl daemon-reload[email protected] ~]# Systemctl enable ETCD[email protected] ~]# Systemctl daemon-reload[email protected] ~]# Systemctl enable ETCD[email protected] ~]# Systemctl daemon-reload[email protected] ~]# Systemctl enable ETCD[email protected] ~]# systemctl start Etcd[email protected] ~]# systemctl start Etcd[email protected] ~]# systemctl start Etcd8. Verifying the cluster[email protected] ~]# Etcdctl--endpoints=https://192.168.43.21:2379 \>--ca-file=/opt/kubernetes/ssl/ca.pem \>--cert-file=/opt/kubernetes/ssl/etcd.pem \>--key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-healthmember 6617b5aaafae24e4 is healthy:got healthy result from https://192.168.43.23:2379member bb1998338f4e535e is healthy:got healthy result from https://192.168.43.21:2379member dcf594c5976bb617 is healthy:got healthy result from https://192.168.43.22:2379cluster is healthy
CENTOS7 Deploying KUBERNETES-ETCD Clusters (iii)