Kubernetes (k8s) Installation deployment Process (iii)--Create a highly available ETCD cluster

Here the ETCD cluster is multiplexed with the 3 nodes that we tested, 3 node to install and start, note to modify the configuration file

1, TLS certification file distribution: ETCD cluster authentication, in addition to the native, distributed to other node nodes

SCP ca.pem KUBERNETES-KEY.PEM Kubernetes.pem [email protected]10.10. 90.106:/etc/kubernetes/SSLSCP ca.pem KUBERNETES-KEY.PEM Kubernetes.pem [email protected] 10.10. 90.107:/etc/kubernetes/ssl

2. Install the ETCD, the Yum installation method used here

#查询版本是否合适, I am here 3.2.9 Version Yum Info ETCD #安装 Yum Install ETCD

If using Yum installation, the default ETCD command will be in the /usr/bin directory, notice that the 的etcd.service Start command address in the following file is modified to/usr/bin/etcd

3. Create ETCD systemd Unit file (CENTOS7 service definition file)

File location:/usr/lib/systemd/system/etcd.service, default this file exists, delete rebuild.

[Unit]description=ETCD Serverafter=Network.targetafter=network-online.targetwants=network-online.targetdocumentation=https://Github.com/coreos[Service]type=notifyworkingdirectory=/var/lib/etcd/Environmentfile=-/etc/etcd/Etcd.confexecstart=/usr/bin/Etcd--name etcd-host0--cert-file=/etc/kubernetes/ssl/Kubernetes.pem--key-file=/etc/kubernetes/ssl/kubernetes-Key.pem--peer-cert-file=/etc/kubernetes/ssl/Kubernetes.pem--peer-key-file=/etc/kubernetes/ssl/kubernetes-Key.pem--trusted-ca-file=/etc/kubernetes/ssl/Ca.pem--peer-trusted-ca-file=/etc/kubernetes/ssl/Ca.pem--initial-advertise-peer-urls https://10.10.90.105:2380 \--listen-peer-urls https://10.10.90.105:2380 \--listen-client-urls https://10.10.90.105:2379,http://127.0.0.1: 2379 \--advertise-client-urls https://10.10.90.105:2379 \--initial-cluster-token etcd-cluster-0   --initial-cluster Etcd-host0=https://10.10.90.105:2380,etcd-host1=https://10.10.90.106: 2380,etcd-host2=https://10.10.90.107: 2380 \--initial-cluster-State New--data-dir=/var/lib/Etcdrestart=on-failurerestartsec=5Limitnofile=65536[Install]wantedby=multi-user.target

Configuration considerations: All nodes must be configured with this file, and note the following 4 considerations.

1, IP address in addition to the Initial-cluster configuration item is configured in the cluster 3 IP address, the other IP is native IP.

2, configuration under the--name must and--initial-cluster configuration items in the corresponding, than the configuration is my master configuration, name is ETCD-HOST0, the following IP corresponding name is also this.

3. Software installed in different ways Execstart program start command path under configuration item Note Modify

4, workingdirectory working directory needs to be created, or start will error.

4. Create ETCD environment variable file

File location:/etc/etcd/etcd.conf,yum The file will exist after installation, and you can delete the rebuild.

# [Member]etcd_name=Infra1etcd_data_dir="/var/lib/etcd"Etcd_listen_peer_urls="https://10.10.90.105:2380"Etcd_listen_client_urls="https://10.10.90.105:2379"#[cluster]etcd_initial_advertise_peer_urls="https://10.10.90.105:2380"Etcd_initial_cluster_token="Etcd-cluster"Etcd_advertise_client_urls="https://10.10.90.105:2379"

Precautions:

1, again remind Etcd_data_dir must exist, the other IP address is replaced by the local, maser and node nodes need to be configured

2, Etcd_name according to ETCD system service inside the configuration one by one corresponds, respectively is INFRA1,INFRA2,INFRA3

5. Set boot and start ETCD

Systemctl daemon-reloadsystemctl enable etcdsystemctl start Etcdsystemctl status Etcd

6, detection of cluster work

At any node, either master or node, execute the following command

Etcdctl    --ca-file=/etc/kubernetes/ssl/ca.pem   --cert-file=/etc/kubernetes/ssl/  Kubernetes.pem   --key-file=/etc/kubernetes/ssl/kubernetes-key.pem   cluster- Health

If the output resembles the following as in the case, it represents success:

As a result, the last behavior cluster is healthy indicates that the Cluster service is healthy

Precautions:

1, it is recommended that all nodes are run once for testing, I maser inspection when the detection of the master itself is linked to a few points, reported unhealthy errors, to see the error after the discovery is using the proxy Internet settings

Originally for the online software set up the Internet agent, need to close the agent, cancel configuration parameters, restart the server to detect success.

Kubernetes (k8s) Installation deployment Process (iii)--Create a highly available ETCD cluster