master: 192.168.1.193
node1: 192.168.1.194
node2: 192.168.1.195
tls认证
需要为 etcd 集群创建加密通信的 TLS 证书,这里复用以前创建的 kubernetes 证书
cp ca.pem kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl
====install etcd=====
yum install etcd -y
mkdir /var/lib/etcd/
创建etcd.service 文件
master
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node1 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.193:2380 \
--listen-peer-urls https://192.168.1.193:2380 \
--listen-client-urls https://192.168.1.193:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.193:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node1
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node2 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.194:2380 \
--listen-peer-urls https://192.168.1.194:2380 \
--listen-client-urls https://192.168.1.194:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.194:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
node2
vi /usr/lib/systemd/system/etcd.service
<code>
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
[Service]
Type=notify
User=root
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd \
--name node3 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://192.168.1.195:2380 \
--listen-peer-urls https://192.168.1.195:2380 \
--listen-client-urls https://192.168.1.195:2379,http://localhost:2379 \
--advertise-client-urls https://192.168.1.195:2379 \
--initial-cluster-token cluster1 \
--initial-cluster node1=https://192.168.1.193:2380,node2=https://192.168.1.194:2380,node3=https://192.168.1.195:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
</code>
###start etc cluster###
systemctl start etcd
###etcd test###
etcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/kubernetes.pem --key-file=/etc/kubernetes/ssl/kubernetes-key.pem cluster-health
如果重建集群,需要删除rm -rf /var/lib/etcd/*
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。