安科网

kubernetes v1.18.2 二进制 双栈 etcd 部署

cloudinyachao

cloudinyachao

2020-05-08

关注 关注
说明:
# K8S 组件之间连接使用IPV6进行通信包括etcd
# 设置feature-gates IPv6DualStack=true 所有组件
# 证书包括IPV6 IPV4 IP 集群可以IPV6 也可以IPv4 进行通信

配置环境变量文件

# 创建任意目录
mkdir -p ipv6
cd ipv6
# 创建环境变量文件
cat << EOF | tee environment.sh
#!/bin/bash
# 设置证书环境变量
# 设置证书使用时间87600h 10年
export EXPIRY_TIME="87600h"
# 签发证书IP
export ETCD_MEMBER_1_IP="192.168.2.175"
export ETCD_MEMBER_2_IP="192.168.2.176"
export ETCD_MEMBER_3_IP="192.168.2.177"
# 机器名
export ETCD_MEMBER_1_HOSTNAMES="k8s-master-1"
export ETCD_MEMBER_2_HOSTNAMES="k8s-master-2"
export ETCD_MEMBER_3_HOSTNAMES="k8s-master-3"
#etcd IPV6 地址
ETCD_MEMBER_1_IP6="fc00:bd4:efa8:1001:5054:ff:fe49:9888"
ETCD_MEMBER_2_IP6="fc00:bd4:efa8:1001:5054:ff:fe47:357b"
ETCD_MEMBER_3_IP6="fc00:bd4:efa8:1001:5054:ff:fec6:74fb"
# etcd 集群通讯证书
export ETCD_SERVER_HOSTNAMES="\"\${ETCD_MEMBER_1_HOSTNAMES}\",\"\${ETCD_MEMBER_2_HOSTNAMES}\",\"\${ETCD_MEMBER_3_HOSTNAMES}\""
export ETCD_SERVER_IPS="\"\${ETCD_MEMBER_1_IP}\",\"\${ETCD_MEMBER_2_IP}\",\"\${ETCD_MEMBER_3_IP}\",\"\${ETCD_MEMBER_1_IP6}\",\"\${ETCD_MEMBER_2_IP6}\",\"\${ETCD_MEMBER_3_IP6}\""
#证书所需要的配置参数
export CERT_ST="GuangDong"
export CERT_L="GuangZhou"
export CERT_O="k8s"
export CERT_OU="Qist"
export CERT_PROFILE="kubernetes"
# 设置工作目录
export HOST_PATH=\`pwd\`
# kube-apiserver 服务器IP 如果外部访问K8s 集群使用VIP ip 请在下面添加vip ip
export K8S_APISERVER_VIPA="\"192.168.2.175\",\"192.168.2.176\",\"192.168.2.177\""
export K8S_APISERVER_VIP="\"fc00:bd4:efa8:1001:5054:ff:fe49:9888\",\"fc00:bd4:efa8:1001:5054:ff:fe47:357b\",\"fc00:bd4:efa8:1001:5054:ff:fec6:74fb\",\${K8S_APISERVER_VIPA}"
# kubernetes 服务 IP (一般是 SERVICE_CIDR 中第一个IP)
export CLUSTER_KUBERNETES_SVC_IP="\"8888:8000::1\",\"10.66.0.1\""
# 设置集群参数
export CLUSTER_NAME=kubernetes
# kubectl 访问url地址
export KUBE_API=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:5443
# K8S 外部IP 这里高可用使用本地环回IP
export K8S_VIP_DOMAIN=::1
export K8S_SSL="\"${K8S_VIP_DOMAIN}\",\"127.0.0.1\""
# 生成 EncryptionConfig 所需的加密 key
export ENCRYPTION_KEY=\$(head -c 32 /dev/urandom | base64)
# 设置连接KUBE_APISERVER ip
export KUBE_APISERVER=https://[::1]:5443
# kubelet kube-proxy 连接集群所用url
export KUBE_API_KUBELET=https://[::1]:6443
# 创建bootstrap配置
export TOKEN_ID=\$(head -c 16 /dev/urandom | od -An -t x | tr -dc a-f3-9|cut -c 1-6)
export TOKEN_SECRET=\$(head -c 16 /dev/urandom | md5sum | head -c 16)
export BOOTSTRAP_TOKEN=\${TOKEN_ID}.${TOKEN_SECRET}
#集群域名
export CLUSTER_DNS_DOMAIN="cluster.local"
#集群DNS
export CLUSTER_DNS_SVC_IP="8888:8000::2"
EOF
# 生效环境变量
source  ./environment.sh

服务器相关设置

ssh 192.168.2.175 hostnamectl set-hostname k8s-master-1  
ssh 192.168.2.176 hostnamectl set-hostname k8s-master-2  
ssh 192.168.2.177 hostnamectl set-hostname k8s-master-3  
ssh 192.168.2.185 hostnamectl set-hostname k8s-node-1    
ssh 192.168.2.187 hostnamectl set-hostname k8s-node-2

设置关闭防火墙及SELINUX

# centosx
sed -i ‘s/SELINUX=.*/SELINUX=disabled/g‘ /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
# Ubuntu
systemctl stop ufw.service
systemctl disable ufw.service

安装及配置CFSSL 签发证书使用

#go 环境部署
yum install go
vi ~/.bash_profile
GOBIN=/root/go/bin/
PATH=$PATH:$GOBIN:$HOME/bin
export PATH
go get  github.com/cloudflare/cfssl/cmd/cfssl
go get  github.com/cloudflare/cfssl/cmd/cfssljson

生成etcd 相关证书

# 创建etcd K8S 证书json 存放目录
mkdir -p ${HOST_PATH}/cfssl/{k8s,etcd}
# 创建签发证书存放目录
mkdir -p ${HOST_PATH}/cfssl/pki/{k8s,etcd}
# CA 配置文件用于配置根证书的使用场景 (profile) 和具体参数 (usage,过期时间、服务端认证、客户端认证、加密等),后续在签名其它证书时需要指定特定场景。
cat << EOF | tee ${HOST_PATH}/cfssl/ca-config.json
{
  "signing": {
    "default": {
      "expiry": "${EXPIRY_TIME}"
    },
    "profiles": {
      "${CERT_PROFILE}": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "${EXPIRY_TIME}"
      }
    }
  }
}
EOF
# 创建 ETCD CA 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-ca-csr.json
{
    "CN": "etcd",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ],
    "ca": {
        "expiry": "${EXPIRY_TIME}"
    }
}
EOF
# etcd ca 证书签发
cfssl gencert -initca ${HOST_PATH}/cfssl/etcd/etcd-ca-csr.json |       cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-ca
# 创建 ETCD Server 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-server.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "::1",
    ${ETCD_SERVER_IPS},
    ${ETCD_SERVER_HOSTNAMES}
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Server 证书和私钥
cfssl gencert     -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem     -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem     -config=${HOST_PATH}/cfssl/ca-config.json     -profile=${CERT_PROFILE}     ${HOST_PATH}/cfssl/etcd/etcd-server.json |     cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-server
# 创建 ETCD Member 1 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_1_IP}",
    "${ETCD_MEMBER_1_IP6}",
    "${ETCD_MEMBER_1_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 1 证书和私钥
cfssl gencert     -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem     -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem     -config=${HOST_PATH}/cfssl/ca-config.json     -profile=${CERT_PROFILE}     ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_1_HOSTNAMES}.json |     cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_1_HOSTNAMES}
# 创建 ETCD Member 2 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_2_IP}",
    "${ETCD_MEMBER_2_IP6}",
    "${ETCD_MEMBER_2_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 2 证书和私钥
cfssl gencert     -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem     -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem     -config=${HOST_PATH}/cfssl/ca-config.json     -profile=${CERT_PROFILE}     ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_2_HOSTNAMES}.json |     cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_2_HOSTNAMES}
# 创建 ETCD Member 3 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
     "::1",
    "${ETCD_MEMBER_3_IP}",
    "${ETCD_MEMBER_3_IP6}",
    "${ETCD_MEMBER_3_HOSTNAMES}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Member 3 证书和私钥
cfssl gencert     -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem     -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem     -config=${HOST_PATH}/cfssl/ca-config.json     -profile=${CERT_PROFILE}     ${HOST_PATH}/cfssl/etcd/${ETCD_MEMBER_3_HOSTNAMES}.json |     cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-member-${ETCD_MEMBER_3_HOSTNAMES}
# 创建 ETCD Client 配置文件
cat << EOF | tee ${HOST_PATH}/cfssl/etcd/etcd-client.json
{
  "CN": "client",
  "hosts": [""], 
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
            "C": "CN",
            "ST": "$CERT_ST",
            "L": "$CERT_L",
            "O": "$CERT_O",
            "OU": "$CERT_OU"
    }
  ]
}
EOF
# 生成 ETCD Client 证书和私钥
cfssl gencert     -ca=${HOST_PATH}/cfssl/pki/etcd/etcd-ca.pem     -ca-key=${HOST_PATH}/cfssl/pki/etcd/etcd-ca-key.pem     -config=${HOST_PATH}/cfssl/ca-config.json     -profile=${CERT_PROFILE}     ${HOST_PATH}/cfssl/etcd/etcd-client.json |     cfssljson -bare ${HOST_PATH}/cfssl/pki/etcd/etcd-client
# 分发生成的证书到所有需要部署etcd 节点
ssh 192.168.2.175 mkdir -p /apps/etcd/ssl
ssh 192.168.2.176 mkdir -p /apps/etcd/ssl
ssh 192.168.2.177 mkdir -p /apps/etcd/ssl
# 分发文件
scp -r ./cfssl/pki/etcd/* 192.168.2.175:/apps/etcd/ssl/
scp -r ./cfssl/pki/etcd/* 192.168.2.176:/apps/etcd/ssl/
scp -r ./cfssl/pki/etcd/* 192.168.2.177:/apps/etcd/ssl/

etcd 二进制文件准备

wget https://github.com/etcd-io/etcd/releases/download/v3.4.7/etcd-v3.4.7-linux-amd64.tar.gz
# 解压下载好文件
tar -xvf etcd-v3.4.7-linux-amd64.tar.gz
# 创建二进制远程存放目录
ssh 192.168.2.175 mkdir -p /apps/etcd/bin
ssh 192.168.2.176 mkdir -p /apps/etcd/bin
ssh 192.168.2.177 mkdir -p /apps/etcd/bin
# 分发解压好二进制文件
cd etcd-v3.4.7-linux-amd64/
scp -r etcd* 192.168.2.175:/apps/etcd/bin
scp -r etcd* 192.168.2.176:/apps/etcd/bin
scp -r etcd* 192.168.2.177:/apps/etcd/bin

etcd 配置文件准备

# 创建配置文件存放目录
ssh 192.168.2.175 mkdir -p /apps/etcd/conf
ssh 192.168.2.176 mkdir -p /apps/etcd/conf
ssh 192.168.2.177 mkdir -p /apps/etcd/conf
# 192.168.2.175   配置
ssh 192.168.2.175 
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-1 \           --data-dir=/apps/etcd/data/default.etcd \           --wal-dir=/apps/etcd/data/default.etcd/wal \           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380 \           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379,https://[::1]:2379 \           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379 \           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380 \           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-state=new \           --heartbeat-interval=6000 \           --election-timeout=30000 \           --snapshot-count=5000 \           --auto-compaction-retention=1 \           --max-request-bytes=33554432 \           --quota-backend-bytes=17179869184 \           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \           --cert-file=/apps/etcd/ssl/etcd-server.pem \           --key-file=/apps/etcd/ssl/etcd-server-key.pem \           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-1.pem \           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-1-key.pem \           --peer-client-cert-auth \           --enable-v2=true \           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF
# 192.168.2.176 配置
ssh 192.168.2.176
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-2 \           --data-dir=/apps/etcd/data/default.etcd \           --wal-dir=/apps/etcd/data/default.etcd/wal \           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380 \           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379,https://[::1]:2379 \           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379 \           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380 \           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-state=new \           --heartbeat-interval=6000 \           --election-timeout=30000 \           --snapshot-count=5000 \           --auto-compaction-retention=1 \           --max-request-bytes=33554432 \           --quota-backend-bytes=17179869184 \           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \           --cert-file=/apps/etcd/ssl/etcd-server.pem \           --key-file=/apps/etcd/ssl/etcd-server-key.pem \           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-2.pem \           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-2-key.pem \           --peer-client-cert-auth \           --enable-v2=true \           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF
# 192.168.2.177 配置
ssh 192.168.2.177
cat << EOF | tee /apps/etcd/conf/etcd
ETCD_OPTS="--name=k8s-master-3 \           --data-dir=/apps/etcd/data/default.etcd \           --wal-dir=/apps/etcd/data/default.etcd/wal \           --listen-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --listen-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379,https://[::1]:2379 \           --advertise-client-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379 \           --initial-advertise-peer-urls=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-token=k8s-master-1=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380,k8s-master-2=https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380,k8s-master-3=https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380 \           --initial-cluster-state=new \           --heartbeat-interval=6000 \           --election-timeout=30000 \           --snapshot-count=5000 \           --auto-compaction-retention=1 \           --max-request-bytes=33554432 \           --quota-backend-bytes=17179869184 \           --trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem \           --cert-file=/apps/etcd/ssl/etcd-server.pem \           --key-file=/apps/etcd/ssl/etcd-server-key.pem \           --peer-cert-file=/apps/etcd/ssl/etcd-member-k8s-master-3.pem \           --peer-key-file=/apps/etcd/ssl/etcd-member-k8s-master-3-key.pem \           --peer-client-cert-auth \           --enable-v2=true \           --peer-trusted-ca-file=/apps/etcd/ssl/etcd-ca.pem"
EOF

etcd 启动文件配置

cat << EOF | tee etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/etcd-io/etcd
[Service]
Type=notify
LimitNOFILE=65535
LimitNPROC=65535
LimitCORE=infinity
LimitMEMLOCK=infinity
User=etcd
Group=etcd
WorkingDirectory=/apps/etcd/data/default.etcd
EnvironmentFile=-/apps/etcd/conf/etcd
ExecStart=/apps/etcd/bin/etcd \$ETCD_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
# 上传启动文件到服务器
scp etcd.service 192.168.2.175:/usr/lib/systemd/system
scp etcd.service 192.168.2.176:/usr/lib/systemd/system
scp etcd.service 192.168.2.176:/usr/lib/systemd/system

etcd 启动准备

# 创建etcd 用户
ssh  192.168.2.175 useradd etcd -s /sbin/nologin -M
ssh  192.168.2.176 useradd etcd -s /sbin/nologin -M
ssh  192.168.2.177 useradd etcd -s /sbin/nologin -M
# 创建etcd 存储文件目录
ssh  192.168.2.175 mkdir -p /apps/etcd/data/default.etcd/wal
ssh  192.168.2.176 mkdir -p /apps/etcd/data/default.etcd/wal
ssh  192.168.2.177 mkdir -p /apps/etcd/data/default.etcd/wal
# 给/apps/etcd etcd 用户权限
ssh  192.168.2.175 chown -R etcd:etcd /apps/etcd/
ssh  192.168.2.176 chown -R etcd:etcd /apps/etcd/
ssh  192.168.2.177 chown -R etcd:etcd /apps/etcd/

etcd 启动

# 刷新service
ssh 192.168.2.175 systemctl daemon-reload
ssh 192.168.2.176 systemctl daemon-reload
ssh 192.168.2.177 systemctl daemon-reload
# 设置开机启动
ssh 192.168.2.175 systemctl enable etcd.service
ssh 192.168.2.176 systemctl enable etcd.service
ssh 192.168.2.177 systemctl enable etcd.service
# 启动etcd
ssh 192.168.2.175 systemctl  start etcd.service
ssh 192.168.2.176 systemctl  start etcd.service
ssh 192.168.2.177 systemctl  start etcd.service
# 查看启动状态
ssh 192.168.2.175 systemctl  status etcd.service
ssh 192.168.2.176 systemctl  status etcd.service
ssh 192.168.2.177 systemctl  status etcd.service
# 验证etcd 集群是否正常 任意节点
vi ~/.bashrc
export ETCDCTL_API=3
export ENDPOINTS=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379
alias ctl=‘/apps/etcd/bin/etcdctl   --endpoints=${ENDPOINTS}   --cacert=/apps/etcd/ssl/etcd-ca.pem --cert=/apps/etcd/ssl/etcd-client.pem --key=/apps/etcd/ssl/etcd-client-key.pem‘
# 保存
source  ~/.bashrc
# 验证集群是否正常
 conf]# ctl  endpoint status
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 6330c4573913af46, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, f5ee2839c4378b0, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, bba57102112461c, 3.4.7, 20 kB, true, false, 3, 12, 12,
[ conf]# ctl  endpoint hashkv
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, 1084519789
[ conf]# ctl  endpoint health
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379 is healthy: successfully committed proposal: took = 22.905876ms
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379 is healthy: successfully committed proposal: took = 22.900899ms
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379 is healthy: successfully committed proposal: took = 24.118726ms
[ conf]# ctl member list
bba57102112461c, started, k8s-master-3, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, false
f5ee2839c4378b0, started, k8s-master-2, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, false
6330c4573913af46, started, k8s-master-1, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, false
# etcd 集群正常

etcd kubernetes 环境变量

cloudinyachao

cloudinyachao

0 关注 0 粉丝 0 动态

关注 关注

相关推荐

kubernetes(十五) kubernetes 运维

cicd方案:gitlab,build, harbor, jenkins-master-slave,helm发布到k8s集群。$ mkdir ~/binary_pkg && cd binary_pkg #提供所需的软件包。$ cd

CurrentJ 2020-08-18

kubernetes集群删除pod后长时间处于Terminating状态的案例

预生产环境,使用kubeadm部署的HA集群如下。NAME STATUS ROLES AGE VERSIONsbfk1test Ready master 37d v1.15.2sbfk2test Ready master 3

JustHaveTry 2020-07-17

不懂Kubernetes,被老板邀请爬山!

Kubernetes 已经成为容器编排领域的王者,它是基于容器的集群编排引擎,具备扩展集群、滚动升级回滚、弹性伸缩、自动治愈、服务发现等多种特性能力。本文将带着大家快速了解 Kubernetes ,了解我们谈论 Kubernetes 都是在谈论什么。功能

Dannyvon 2020-07-13

k8s 机器搭建之etcd

k8s 集群内部通过https通信的,需要签发两个证书,一个给apiserver另一个给etcd。由于是集群内部使用所以证书自己签发就可以,无需通过正规CA机构购买。证书生成工具有两种openssl 和cfssl ,这里采用的是cfssl ,cfssl 是

Dannyvon 2020-07-04

跟着炎炎盐实践k8s---Kubernetes 1.16.10 二进制高可用集群部署之ETCD部署

###host字段指定授权使用该证书的etcd节点IP或子网列表,需要将etcd集群的3个节点都添加其中。cp etcd-v3.3.13-linux-amd64/etcd* /opt/k8s/bin/

xiunai 2020-07-04

从零开始了解 Kubernetes

Kubernetes 已经成为容器编排领域的王者,它是基于容器的集群编排引擎,具备扩展集群、滚动升级回滚、弹性伸缩、自动治愈、服务发现等多种特性能力。本文将带着大家快速了解 Kubernetes ,了解我们谈论 Kubernetes 都是在谈论什么。从宏

breezegao 2020-07-02

彻底搞懂 etcd 系列文章(四):etcd 安全

etcd 是云原生架构中重要的基础组件,由 CNCF 孵化托管。etcd 在微服务和 Kubernates 集群中不仅可以作为服务注册与发现,还可以作为 key-value 存储的中间件。etcd 支持通过 TLS 协议进行的加密通信。TLS 通道可用于对

微微一笑 2020-06-14

利用etcd实现docker跨主机通信

etcd实现分布是存储,然后让通信等数据共享。

wuxunanjing 2020-06-12

rancher2.4平台导入的k8s集群无法监控etcd解决办法

今天搭建了一个新的k8s集群,然后通过rancher平台纳管。rancher平台是一个比较好用的web页面,里面可以一键安装监控配置告警等用起来还是比较方便的。但是其它数据都可以正常收到promethues里面,唯独就没有etcd集群的数据。使用grafa

微微一笑 2020-06-12

如何配置K8S存储集群?

欢迎回到Portworx系列讲解视频。这里我们概要性的对Kubernetes和Portworx的结构进行介绍,如何在Kubernetes上配置Portworx集群,以及正确安装Portworx需要哪些命令和参数。这里我们有一组已经配置好的高可用的Kuber

CurrentJ 2020-06-06

217, k8s 总章

//黄色的是本机IP,执行脚本的这个机器IP。到这etcd 集群搭建完成!!写入分配的子网段到etcd,供flanneld使用。

wangrui0 2020-06-05

部署一套完整的Kubernetes高可用集群(二进制,最新版v1.18)下

Kubernetes作为容器集群系统,通过健康检查+重启策略实现了Pod故障自我修复能力,通过调度算法实现将Pod分布式部署,并保持预期副本数,根据Node失效状态自动在其他Node拉起Pod,实现了应用层的高可用性。针对Kubernetes集群,高可用性

lenchio 2020-06-04

etcd 性能测试与调优

etcd 是一个分布式一致性键值存储。其主要功能有服务注册与发现、消息发布与订阅、负载均衡、分布式通知与协调、分布式锁、分布式队列、集群监控与 leader 选举等。当 etcd 接收并发客户端请求时,通常平均延迟随着总体吞吐量增加而增加。etcd 使用

微微一笑 2020-06-03

etcd使用

  etcd 是 coreOs 团队于 2013 年 6 发起的开源项目, 他的目标是构建一个高可用的分布式键值数据库. etcd 内部采用 raft 协议作为一致性算法, etcd基于 go 语言实现.  通过心跳与其他节点同步数据.当 Follower

工作中的点点滴滴 2020-06-01

kubeadm部署1.17.3[基于Ubuntu18.04]

使用 kubeadm部署1.17.3[基于Ubuntu18.04]. # 注释 fstab 中Swap 配置。# 设置路由转发以及bridge的数据进行处理。# 所有节点创建相关目录。# 集群各 IP 对应的主机名数组。# etcd 集群服务地址列表。#

Rcvisual 2020-05-28

k8s 证书更新操作

docker ps |grep -E ‘k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd‘ | awk -F ‘ ‘ ‘{print $1}‘ |

Dannyvon 2020-05-28

彻底搞懂 etcd 系列文章(一):初识 etcd

etcd 是云原生架构中重要的基础组件,由 CNCF 孵化托管。etcd 在微服务和 Kubernates 集群中不仅可以作为服务注册与发现,还可以作为 key-value 存储的中间件。《彻底搞懂 etcd 系列文章》将会从 etcd 的基本功能实践、A

微微一笑 2020-05-26

etcd与Zookeeper、Consul等其它kv组件的对比

本文的主角是 etcd。“/etc” 文件夹是用于存储单个系统的配置数据的位置,而 etcd 用于存储大规模分布式的配置信息。因此,分配了 “d” 的 “/etc” 就是 “etcd”。etcd 被设计为大型分布式系统的通用基板。etcd 集群旨在提供具有

wishli 2020-05-19

etcd实现服务发现

etcd环境安装与使用文章中介绍了etcd的安装及v3 API使用,本篇将介绍如何使用etcd实现服务发现功能。比如网关代理服务时能够及时的发现服务中新增节点、丢弃不可用的服务节点。同时绑定租约,并以续租约的方式检测服务是否正常运行,从而实现健康检查。

工作中的点点滴滴 2020-05-14

kubernetes v1.18.2 二进制部署 ipv4 etcd 部署

# CA 配置文件用于配置根证书的使用场景 和具体参数 ,后续在签名其它证书时需要指定特定场景。

Dannyvon 2020-05-07
cloudinyachao

cloudinyachao

W3CSchool教程
HTML 教程
CSS 教程
Bootstrap 教程
Javascript 教程
jQuery 教程
后端教程
C 教程
Java 教程
PHP 教程
Python 教程
Go 教程
移动开发
Android 教程
Swift 教程
Kotlin 教程
jQuery Mobile 教程
ionic 教程
关于我们
新闻动态
联系方式
招聘英才
安科实验室
帮助与反馈

安科网(Ancii),中国第一极客网

Copyright © 2013 - 2019 Ancii.com

京ICP备18063983号 京公网安备11010802014868号