kubernetesetcd组件部署-创新互联

这篇文章为大家带来有关kubernetes中etcd组件的部署方法。文章涵盖etcd组件的简介和etcd组件的部署方法,希望大家通过这篇文章能有所收获。

为武乡等地区用户提供了全套网页设计制作服务,及武乡网站建设行业解决方案。主营业务为成都网站制作、网站建设、外贸网站建设、武乡网站设计,以传统方式定制建设网站,并提供域名空间备案等一条龙服务,秉承以专业、用心的态度为用户提供真诚的服务。我们深信只要达到每一位用户的要求,就会得到认可,从而选择与我们长期合作。这样,我们也可以走得更远!

etcd组件部署

etcd简介
  • etcd是CoreOS团队于2013年6月发起的开源项目,它的目标是构建一个高可用的分布式键值(key-value)数据库。etcd内部采用raft协议作为一致性算法,etcd基于Go语言实现。
  • etcd作为服务发现系统,有以下的特点:
    • 简单:安装配置简单,而且提供了HTTP API进行交互,使用也很简单
    • 安全:支持SSL证书验证
    • 快速:根据官方提供的benchmark数据,单实例支持每秒2k+读操作
    • 可靠:采用raft算法,实现分布式系统数据的可用性和一致性
master01服务器操作
  • 自签etcd组件证书
    [root@master01 ~]# systemctl stop firewalld.service  //关闭防火墙
    [root@master01 ~]# setenforce 0            //关闭selinux
    [root@master01 ~]# mkdir k8s     //创建k8s目录
    [root@master01 ~]# ls
    anaconda-ks.cfg  k8s
    [root@master01 ~]# mount.cifs //192.168.80.2/shares/K8S/k8s01 /mnt/   //挂载宿主机中准备好的软件包
    Password for root@//192.168.80.2/shares/K8S/k8s01:
    [root@master01 ~]# cd /mnt/
    [root@master01 mnt]# ls
    etcd-cert   etcd-v3.3.10-linux-amd64.tar.gz   k8s-cert.sh              master.zip
    etcd-cert.sh  flannel.sh              kubeconfig.sh             node.zip
    etcd.sh    flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
    [root@master01 mnt]# cd /root/k8s/       //回到k8s目录
    [root@master01 k8s]# vim cfssl.sh        //编辑脚本下载cfssl官方包  做ca认证的软件包
    curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
    curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
    curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
    chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
    :wq
    [root@master01 k8s]# bash cfssl.sh       //执行脚本,下载cfssl官方包
    % Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
                   Dload  Upload  Total  Spent   Left  Speed
    100  9.8M  100  9.8M   0   0  457k    0  0:00:22  0:00:22 --:--:--  581k
    % Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
                   Dload  Upload  Total  Spent   Left  Speed
    100 2224k  100 2224k   0   0  300k    0  0:00:07  0:00:07 --:--:--  517k
    % Total   % Received % Xferd  Average Speed  Time   Time   Time  Current
                   Dload  Upload  Total  Spent   Left  Speed
    100 6440k  100 6440k   0   0  276k    0  0:00:23  0:00:23 --:--:--  221k
    [root@master01 k8s]# ls /usr/local/bin/        //查看证书是否成功下载
    cfssl  cfssl-certinfo  cfssljson
    [root@master01 k8s]# mkdir etcd-cert      //创建证书存放目录
    [root@master01 k8s]# ls
    etcd-cert
    [root@master01 k8s]# cd etcd-cert/       //进入证书存放目录
    [root@master01 etcd-cert]# cat > ca-config.json < {
    >  "signing": {
    >   "default": {
    >    "expiry": "87600h"      //证书失效
    >   },
    >   "profiles": {
    >    "www": {
    >      "expiry": "87600h",
    >      "usages": [
    >       "signing",
    >       "key encipherment",
    >       "server auth",     //服务端验证
    >       "client auth"     //客户端验证
    >     ]
    >    }
    >   }
    >  }
    > }
    > EOF
    [root@master01 etcd-cert]# cat > ca-csr.json < {
    >   "CN": "etcd CA",
    >   "key": {
    >     "algo": "rsa",     //使用非对称密钥
    >     "size": 2048      //密钥长度
    >   },
    >   "names": [
    >     {
    >       "C": "CN",       //标识信息,可自行定义
    >       "L": "Beijing",
    >       "ST": "Beijing"
    >     }
    >   ]
    > }
    > EOF
    [root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -   //使用命令生成ca证书
    2020/02/09 16:53:08 [INFO] generating a new CA key and certificate from CSR
    2020/02/09 16:53:08 [INFO] generate received request
    2020/02/09 16:53:08 [INFO] received CSR
    2020/02/09 16:53:08 [INFO] generating key: rsa-2048
    2020/02/09 16:53:08 [INFO] encoded CSR
    2020/02/09 16:53:08 [INFO] signed certificate with serial number 400787333165311350366024741004548366561538833100
    [root@master01 etcd-cert]# ls
    ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem   //ca证书生成成功
    [root@master01 etcd-cert]# cat > server-csr.json < {
    >   "CN": "etcd",
    >   "hosts": [
    >   "192.168.80.12",     //群集IP地址设定,master地址
    >   "192.168.80.13",     //node01IP地址
    >   "192.168.80.14"      //node02IP地址
    >   ],
    >   "key": {
    >     "algo": "rsa",
    >     "size": 2048
    >   },
    >   "names": [
    >     {
    >       "C": "CN",
    >       "L": "BeiJing",
    >       "ST": "BeiJing"
    >     }
    >   ]
    > }
    > EOF
    [root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server   //生成ETCD证书 server-key.pem  server.pem
    2020/02/09 16:59:12 [INFO] generate received request
    2020/02/09 16:59:12 [INFO] received CSR
    2020/02/09 16:59:12 [INFO] generating key: rsa-2048
    2020/02/09 16:59:12 [INFO] encoded CSR
    2020/02/09 16:59:12 [INFO] signed certificate with serial number 155295832576786241095177900248601469934260652049
    2020/02/09 16:59:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
    websites. For more information see the Baseline Requirements for the Issuance and Management
    of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
    specifically, section 10.2.3 ("Information Requirements").
    [root@master01 etcd-cert]# ls
    ca-config.json  ca-csr.json  ca.pem    server-csr.json  server.pem
    ca.csr      ca-key.pem  server.csr  server-key.pem          //生成成功
  • 部署etcd服务
    [root@master01 etcd-cert]# cd /mnt/      //进入宿主机挂载过来的目录
    [root@master01 mnt]# ls
    etcd-cert   etcd-v3.3.10-linux-amd64.tar.gz   k8s-cert.sh              master.zip
    etcd-cert.sh  flannel.sh              kubeconfig.sh             node.zip
    etcd.sh    flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
    [root@master01 mnt]# cp etcd-v3.3.10-linux-amd64.tar.gz flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz etcd.sh /root/k8s/   //将软件包与etcd执行脚本复制到k8s工作目录中
    [root@master01 mnt]# cd /root/k8s/          //回到k8s工作目录
    [root@master01 k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz    //解压etcd软件包
    etcd-v3.3.10-linux-amd64/
    etcd-v3.3.10-linux-amd64/Documentation/
    etcd-v3.3.10-linux-amd64/Documentation/platforms/
    etcd-v3.3.10-linux-amd64/Documentation/platforms/container-linux-systemd.md
    etcd-v3.3.10-linux-amd64/Documentation/platforms/aws.md
    etcd-v3.3.10-linux-amd64/Documentation/platforms/freebsd.md
    etcd-v3.3.10-linux-amd64/Documentation/rfc/
    ...
    [root@master01 k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p   //递归创建etcd工作目录
    [root@master01 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/  //将etcd命令文件复制到工作目录中bin目录下
    [root@master01 k8s]# ls /opt/etcd/bin/    //查看
    etcd  etcdctl
    [root@master01 k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/   //拷贝证书文件到etcd工作目录ssl目录下
    [root@master01 k8s]# ls /opt/etcd/ssl/     //查看
    ca-key.pem  ca.pem  server-key.pem  server.pem
    [root@master01 k8s]# bash etcd.sh etcd01 192.168.80.12 etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380   //执行启动脚本 etcd01为master01服务器地址 etcd02、etcd03为node01、node02IP地址,稍后我们将分别在node01、node02中部署etcd,组成etcd群集,脚本执行同时生成etcd配置文件
    Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
    //执行启动脚本后会进入卡住状态,等待其他节点加入,它也有一定的超时时间,超过超时时间会出现报错,不用理会
  • 重新开启新的会话框

    [root@master01 ~]# ps -ef | grep etcd   //查看进程是否开启
    root    16146    1  0 17:14 ?     00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.80.12:2380 --listen-client-urls=https://192.168.80.12:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.80.12:2379 --initial-advertise-peer-urls=https://192.168.80.12:2380 --initial-cluster=etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
    root    16191  16160  0 17:15 pts/1   00:00:00 grep --color=auto etcd   //成功开启
    [root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.13:/opt/      //拷贝etcd工作目录到node01节点
    The authenticity of host '192.168.80.13 (192.168.80.13)' can't be established.
    ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
    ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.80.13' (ECDSA) to the list of known hosts.
    root@192.168.80.13's password:
    etcd                                    100%  509  495.7KB/s  00:00
    etcd                                    100%  18MB  98.7MB/s  00:00
    etcdctl                                   100%  15MB  95.0MB/s  00:00
    ca-key.pem                                 100% 1675   1.6MB/s  00:00
    ca.pem                                   100% 1265  416.6KB/s  00:00
    server-key.pem                               100% 1675   2.3MB/s  00:00
    server.pem                                 100% 1338   2.0MB/s  00:00
    [root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.14:/opt/     //拷贝etcd工作目录到node02节点
    The authenticity of host '192.168.80.14 (192.168.80.14)' can't be established.
    ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
    ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.80.14' (ECDSA) to the list of known hosts.
    root@192.168.80.14's password:
    etcd                                    100%  509  523.8KB/s  00:00
    etcd                                    100%  18MB  79.6MB/s  00:00
    etcdctl                                   100%  15MB 140.4MB/s  00:00
    ca-key.pem                                 100% 1675   1.9MB/s  00:00
    ca.pem                                   100% 1265  296.4KB/s  00:00
    server-key.pem                               100% 1675   2.4MB/s  00:00
    server.pem                                 100% 1338  423.3KB/s  00:00
    [root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.13:/usr/lib/systemd/system/        //启动脚本拷贝到node01节点
    root@192.168.80.13's password:
    etcd.service                                100%  923  628.8KB/s  00:00
    [root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.14:/usr/lib/systemd/system/        //启动脚本拷贝到node02节点
    root@192.168.80.14's password:
    etcd.service                                100%  923  684.8KB/s  00:00
    node01服务器操作
  • 更改复制过来的etcd配置文件

    [root@node01 ~]# systemctl stop firewalld.service    //关闭防火墙
    [root@node01 ~]# setenforce 0              //关闭selinux
    [root@node01 ~]# vim /opt/etcd/cfg/etcd
    #[Member] 
    ETCD_NAME="etcd02"         //更改名称为etcd02
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    ETCD_LISTEN_PEER_URLS="https://192.168.80.13:2380"   //更改IP地址为192.168.80.13
    ETCD_LISTEN_CLIENT_URLS="https://192.168.80.13:2379"  //更改IP地址为192.168.80.13
    
    #[Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.13:2380"  //更改IP地址为192.168.80.13
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.13:2379"     //更改IP地址为192.168.80.13
    ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"              //注意:此处不用改动
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
    ETCD_INITIAL_CLUSTER_STATE="new"
    :wq 
    [root@node01 ~]# systemctl start etcd       //编辑完成后直接启动etcd服务
    [root@node01 ~]# systemctl status etcd       //查看服务状态
    ● etcd.service - Etcd Server
    Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
    Active: active (running) since 日 2020-02-09 17:25:38 CST; 50s ago   //正常运行
    Main PID: 15905 (etcd)
    ...
    node02服务器操作
  • 更改复制过来的etcd配置文件

    [root@node02 ~]# systemctl stop firewalld.service     //关闭防火墙
    [root@node02 ~]# setenforce 0              //关闭selinux
    [root@node02 ~]# vim /opt/etcd/cfg/etcd
    #[Member]
    ETCD_NAME="etcd03"                   //更改名称为etcd03
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    ETCD_LISTEN_PEER_URLS="https://192.168.80.14:2380"   //更改IP地址为192.168.80.14
    ETCD_LISTEN_CLIENT_URLS="https://192.168.80.14:2379"  //更改IP地址为192.168.80.14
    
    #[Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.14:2380"    //更改IP地址为192.168.80.14
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.14:2379"       //更改IP地址为192.168.80.14
    ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"       //注意:此处不用改动
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
    ETCD_INITIAL_CLUSTER_STATE="new"
    :wq
    [root@node02 ~]# systemctl start etcd     //启动服务
    [root@node02 ~]# systemctl status etcd    //查看状态
    ● etcd.service - Etcd Server
    Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
    Active: active (running) since 日 2020-02-09 17:32:29 CST; 4s ago  //成功运行
    Main PID: 15926 (etcd)
    ...
    回到master01服务器操作
检查群集状态
[root@master01 k8s]# cd etcd-cert/    //进入证书目录 因为要使用ca证书验证查看,所有要进入证书存放目录中查看
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" cluster-health     //使用目录查看群集状态
member accc4008f61328 is healthy: got healthy result from https://192.168.80.13:2379
member 88ef2b8e883800a0 is healthy: got healthy result from https://192.168.80.12:2379
member fafd8a15257570ee is healthy: got healthy result from https://192.168.80.14:2379
cluster is healthy     //群集创建成功

看完这篇文章,你们学会kubernetes中etcd组件的部署方法了吗?如果还想学到更多技能或想了解更多相关内容,欢迎关注创新互联行业资讯频道,感谢各位的阅读!

另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


本文标题:kubernetesetcd组件部署-创新互联
当前URL:http://hbruida.cn/article/pjpig.html