2. 程式人生 > 其它 >|NO.Z.00053|——————————|^^ 部署 ^^|——|KuberNetes&二進位制部署.V06|3臺Server|---------------------------------------|etcd配置|

|NO.Z.00053|——————————|^^ 部署 ^^|——|KuberNetes&二進位制部署.V06|3臺Server|---------------------------------------|etcd配置|

阿新 發佈:2022-03-29

[CloudNative:KuberNetes&二進位制部署.V06]                                                            [Applications.KuberNetes] [|DevOps|k8s|**3節點**|二進位制1.20|kubernetes系統元件配置|——|etcd配置|]







一、kubernetes系統元件配置:ETCD配置

 
### --- k8s-master01節點etcd.yaml配置

~~~     etcd配置大致相同,注意修改每個Master節點的etcd配置的主機名和IP地址
 

### --- k8s-master01.etcd.yaml配置檔案

[root@k8s-master01 ~]# vim /etc/etcd/etcd.config.yml
name: 'k8s-master01'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.1.11:2380'
listen-client-urls: 'https://192.168.1.11:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.1.11:2380'
advertise-client-urls: 'https://192.168.1.11:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'k8s-master01=https://192.168.1.11:2380,k8s-node01=https://192.168.1.14:2380,k8s-node02=https://192.168.1.15:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-outputs: [default]
force-new-cluster: false
 

### --- k8s-node01節點etcd.yaml配置
~~~     # k8s-node01.etcd.yaml配置檔案

[root@k8s-node01 ~]# vim /etc/etcd/etcd.config.yml
name: 'k8s-node01'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.1.14:2380'
listen-client-urls: 'https://192.168.1.14:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.1.14:2380'
advertise-client-urls: 'https://192.168.1.14:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'k8s-master01=https://192.168.1.11:2380,k8s-node01=https://192.168.1.14:2380,k8s-node02=https://192.168.1.15:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-outputs: [default]
force-new-cluster: false
 

### --- k8s-node02節點etcd.yaml配置
~~~     # k8s-node02.etcd.yaml配置檔案

[root@k8s-node02 ~]# vim /etc/etcd/etcd.config.yml
name: 'k8s-node02'
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
snapshot-count: 5000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: 'https://192.168.1.15:2380'
listen-client-urls: 'https://192.168.1.15:2379,http://127.0.0.1:2379'
max-snapshots: 3
max-wals: 5
cors:
initial-advertise-peer-urls: 'https://192.168.1.15:2380'
advertise-client-urls: 'https://192.168.1.15:2379'
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster: 'k8s-master01=https://192.168.1.11:2380,k8s-node01=https://192.168.1.14:2380,k8s-node02=https://192.168.1.15:2380'
initial-cluster-token: 'etcd-k8s-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-v2: true
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
peer-transport-security:
  cert-file: '/etc/kubernetes/pki/etcd/etcd.pem'
  key-file: '/etc/kubernetes/pki/etcd/etcd-key.pem'
  peer-client-cert-auth: true
  trusted-ca-file: '/etc/kubernetes/pki/etcd/etcd-ca.pem'
  auto-tls: true
debug: false
log-package-levels:
log-outputs: [default]
force-new-cluster: false

二、為etcd建立service並啟動

 
### --- 建立etcd.service
~~~     # 所有etcd節點建立etcd.service.yaml並啟動

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Service
Documentation=https://coreos.com/etcd/docs/latest/
After=network.target

[Service]
Type=notify
ExecStart=/usr/local/bin/etcd --config-file=/etc/etcd/etcd.config.yml
Restart=on-failure
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
Alias=etcd3.service

 
### --- 所有Master節點建立etcd的證書目錄

~~~     # 建立etcd啟動目錄
[root@k8s-master01 ~]# mkdir /etc/kubernetes/pki/etcd
 
~~~     # 建立軟連線
[root@k8s-master01 ~]# ln -s /etc/etcd/ssl/* /etc/kubernetes/pki/etcd/
~~~     # 啟動etcd

[root@k8s-master01 ~]# systemctl daemon-reload
[root@k8s-master01 ~]# systemctl enable --now etcd
~~~     注:輸出結果:
Created symlink from /etc/systemd/system/etcd3.service to /usr/lib/systemd/system/etcd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.

三、檢視etcd狀態

 
### --- 進入etcdctl.3版本

[root@k8s-master01 ~]# export ETCDCTL_API=3

 
### --- 檢視etcd狀態
 
[root@k8s-master01 ~]# etcdctl --endpoints="192.168.1.15:2379,192.168.1.14:2379,192.168.1.11:2379" --cacert=/etc/kubernetes/pki/etcd/etcd-ca.pem --cert=/etc/kubernetes/pki/etcd/etcd.pem --key=/etc/kubernetes/pki/etcd/etcd-key.pem  endpoint status --write-out=table
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|     ENDPOINT      |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 192.168.1.15:2379 | 943218a5ac9480e6 |  3.4.13 |   20 kB |     false |      false |         4 |         10 |                 10 |        |
| 192.168.1.14:2379 | ef1e393cbeded112 |  3.4.13 |   25 kB |      true |      false |         4 |         10 |                 10 |        |
| 192.168.1.11:2379 | ace8d5b0766b3d92 |  3.4.13 |   20 kB |     false |      false |         4 |         10 |                 10 |        |
+-------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+








 ===============================END===============================

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart                                                                                                                                                    ——W.S.Landor



來自為知筆記(Wiz)

相關推薦

no