溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

k8s部署---k8s介紹與etcd群集創(chuàng)建(一)

發(fā)布時(shí)間:2020-08-02 07:33:58 來源:網(wǎng)絡(luò) 閱讀:246 作者:SiceLc 欄目:云計(jì)算

Kubernetes介紹

  • Kubernetes是Google在2014年開源的一個(gè)容器集群管理系統(tǒng),Kubernetes簡(jiǎn)稱K8S。2015年7月,Kubernetes v1.0正式發(fā)布,截止到目前最新穩(wěn)定版本是v1.9
  • K8S用于容器化應(yīng)用程序的部署,擴(kuò)展和管理。
  • K8S提供了容器編排,資源調(diào)度,彈性伸縮,部署管理,服務(wù)發(fā)現(xiàn)等一 系列功能。
  • 通過使用「labels」 和「pods 」.的概念,將應(yīng)用按邏輯單元進(jìn)行分組
  • Kubernetes目標(biāo)是讓部署容器化應(yīng)用簡(jiǎn)單高效。
  • 官方網(wǎng)站: http://www.kubernetes.io

Kubernetes的作用

  • 自動(dòng)化部署、擴(kuò)展和管理容器應(yīng)用
  • 資源調(diào)度
  • 部署管理
  • 服務(wù)發(fā)現(xiàn)
  • 擴(kuò)容縮容
  • 監(jiān)控

Kubernetes特性

  • 自我修復(fù)
    • 在節(jié)點(diǎn)故障時(shí)重新啟動(dòng)失敗的容器,替換和重新部署,保證預(yù)期的副本數(shù)量;殺死健康檢查失敗的容器,并且在未準(zhǔn)備好之前不會(huì)處理客戶端請(qǐng)求,確保線上服務(wù)不中斷。
  • 彈性伸縮
    • 使用命令、UI或者基于CPU使用情況自動(dòng)快速擴(kuò)容和縮容應(yīng)用程序?qū)嵗WC應(yīng)用業(yè)務(wù)高峰并發(fā)時(shí)的高可用性;業(yè)務(wù)低峰時(shí)回收資源,以最小成本運(yùn)行服務(wù)。
  • 自動(dòng)部署和回滾
    • K8S采用滾動(dòng)更新策略更新應(yīng)用,一次更新- - 個(gè)Pod,而不是同時(shí)刪除所有Pod,如果更新過程中出現(xiàn)問題,將回滾更改,確保升級(jí)不受影響業(yè)務(wù)。
  • 服務(wù)發(fā)現(xiàn)和負(fù)載均衡
    *K8S為多個(gè)容器提供一個(gè)統(tǒng)一訪問入口 (內(nèi)部IP地址和一個(gè)DNS名稱),并且負(fù)載均衡關(guān)聯(lián)的所有容器,使得用戶無需考慮容器IP問題。
  • 機(jī)密和配置管理
    • 管理機(jī)密數(shù)據(jù)和應(yīng)用程序配置,而不需要把敏感數(shù)據(jù)暴露在鏡像里,提高敏感數(shù)據(jù)安全性。并可以將一些常 用的配置存儲(chǔ)在K8S中,方便應(yīng)用程序使用。
  • 存儲(chǔ)編排
    • 掛載外部存儲(chǔ)系統(tǒng),無論是來自本地存儲(chǔ),公有云(如AWS),還是網(wǎng)絡(luò)存儲(chǔ)(如NFS、GlusterFS、 Ceph) 都作為集群資源的一部分使用, 極大提高存儲(chǔ)使用靈活性。
  • 批處理
    • 提供一一次性任務(wù),定時(shí)任務(wù);滿足批量數(shù)據(jù)處理和分析的場(chǎng)景。

Kubernetes集群架構(gòu)與組件

k8s部署---k8s介紹與etcd群集創(chuàng)建(一)

Master組件

  • kube-apiserver
    • Kubernetes API,集群的統(tǒng)一入口, 各組件協(xié)調(diào)者,以RESTful API提供接口服務(wù),所有對(duì)象資源的增刪改查和監(jiān)聽操作都交給APIServer處理后再提交給Etcd存儲(chǔ)。
  • kube-controller-manager
    處理集群中常規(guī)后臺(tái)任務(wù),-一個(gè)資源對(duì)應(yīng)一一個(gè)控制 器,而ControllerManager就是負(fù)責(zé)管理這些控制器的。
  • kube-scheduler
    • 根據(jù)調(diào)度算法為新創(chuàng)建的Pod選擇-一個(gè)Node節(jié)點(diǎn),可以任意部署,可以部署在同一個(gè)節(jié)點(diǎn)上,也可以部署在不同的節(jié)點(diǎn)上。
  • etcd
    • 分布式鍵值存儲(chǔ)系統(tǒng)。用于保存集群狀態(tài)數(shù)據(jù),比如Pod、Service等對(duì) 象信息。

Node組件

  • kubelet
    • kubelet是Master在Node節(jié)點(diǎn)上的Agent,管理本機(jī)運(yùn)行容器的生命周期,比如創(chuàng)建容器、Pod掛載數(shù)據(jù)卷、下載secret、獲取容器和節(jié)點(diǎn)狀態(tài)等工作。kubelet將 每個(gè)Pod轉(zhuǎn)換成一組容器。
  • kube-proxy
    • 在Node節(jié)點(diǎn)上實(shí)現(xiàn)Pod網(wǎng)絡(luò)代理,維護(hù)網(wǎng)絡(luò)規(guī)則和四層負(fù)載均衡工作。
  • docker或rocket
    • 容器引擎,運(yùn)行容器。

kubernetes核心概念

  • Pod
    • 最小部署單元
    • 一組容器的集合
    • 一個(gè)Pod中的容器共享網(wǎng)絡(luò)命名空間
    • Pod是短暫的
  • Controllers
    • ReplicaSet :確保預(yù)期的Pod副本數(shù)量
    • Deployment :無狀態(tài)應(yīng)用部署
    • StatefulSet :有狀態(tài)應(yīng)用部署
    • DaemonSet:確保所有Node運(yùn)行同一個(gè)Pod
    • Job: 一次性任務(wù)
    • Cronjob :定時(shí)任務(wù)
    • 更高級(jí)層次對(duì)象,部署和管理Pod
  • Service
    • 防止Pod失聯(lián)
    • 定義一組Pod的訪問策略
  • Label: 標(biāo)簽,附加到某個(gè)資源上,用于關(guān)聯(lián)對(duì)象、查詢和篩選
  • Namespaces :命名空間,將對(duì)象邏輯上隔離
  • Annotations :注釋

kubernertes平臺(tái)環(huán)境規(guī)劃

  • 單節(jié)點(diǎn)部署規(guī)劃圖
    k8s部署---k8s介紹與etcd群集創(chuàng)建(一)
  • 部署步驟
    • 1:自簽ETCD證書
    • 2:ETCD部署
    • 3:Node安裝docker
    • 4:Flannel部署(先寫入子網(wǎng)到etcd)
  • master
    • 5:自簽APIServer證書
    • 6:部署APIServer組件(token,csv)
    • 7:部署controller-manager(指定apiserver證書)和scheduler組件
  • node
    • 8:生成kubeconfig(bootstrap,kubeconfig和kube-proxy.kubeconfig)
    • 9:部署kubelet組件
    • 10:部署kube-proxy組件
  • 加入群集
    • 11:kubectl get csr && kubectl certificate approve 允許辦法證書,加入群集
    • 12:添加一個(gè)node節(jié)點(diǎn)
    • 13:查看kubectl get node 節(jié)點(diǎn)

部署實(shí)驗(yàn)

實(shí)驗(yàn)環(huán)境

  • Master01:192.168.80.12
  • Node01:192.168.80.13
  • Node02:192.168.80.14
  • 單節(jié)點(diǎn)部署軟件包下載 提取碼:9a0r

etcd組件部署

etcd簡(jiǎn)介
  • etcd是CoreOS團(tuán)隊(duì)于2013年6月發(fā)起的開源項(xiàng)目,它的目標(biāo)是構(gòu)建一個(gè)高可用的分布式鍵值(key-value)數(shù)據(jù)庫。etcd內(nèi)部采用raft協(xié)議作為一致性算法,etcd基于Go語言實(shí)現(xiàn)。
  • etcd作為服務(wù)發(fā)現(xiàn)系統(tǒng),有以下的特點(diǎn):
    • 簡(jiǎn)單:安裝配置簡(jiǎn)單,而且提供了HTTP API進(jìn)行交互,使用也很簡(jiǎn)單
    • 安全:支持SSL證書驗(yàn)證
    • 快速:根據(jù)官方提供的benchmark數(shù)據(jù),單實(shí)例支持每秒2k+讀操作
    • 可靠:采用raft算法,實(shí)現(xiàn)分布式系統(tǒng)數(shù)據(jù)的可用性和一致性
master01服務(wù)器操作
  • 自簽etcd組件證書 
    [root@master01 ~]# systemctl stop firewalld.service   //關(guān)閉防火墻
[root@master01 ~]# setenforce 0                       //關(guān)閉selinux
[root@master01 ~]# mkdir k8s         //創(chuàng)建k8s目錄
[root@master01 ~]# ls
anaconda-ks.cfg  k8s
[root@master01 ~]# mount.cifs //192.168.80.2/shares/K8S/k8s01 /mnt/    //掛載宿主機(jī)中準(zhǔn)備好的軟件包
Password for root@//192.168.80.2/shares/K8S/k8s01:
[root@master01 ~]# cd /mnt/
[root@master01 mnt]# ls
etcd-cert     etcd-v3.3.10-linux-amd64.tar.gz     k8s-cert.sh                           master.zip
etcd-cert.sh  flannel.sh                          kubeconfig.sh                         node.zip
etcd.sh       flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master01 mnt]# cd /root/k8s/             //回到k8s目錄
[root@master01 k8s]# vim cfssl.sh              //編輯腳本下載cfssl官方包  做ca認(rèn)證的軟件包
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
:wq
[root@master01 k8s]# bash cfssl.sh             //執(zhí)行腳本,下載cfssl官方包
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100  9.8M  100  9.8M    0     0   457k      0  0:00:22  0:00:22 --:--:--  581k
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100 2224k  100 2224k    0     0   300k      0  0:00:07  0:00:07 --:--:--  517k
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100 6440k  100 6440k    0     0   276k      0  0:00:23  0:00:23 --:--:--  221k
[root@master01 k8s]# ls /usr/local/bin/              //查看證書是否成功下載
cfssl  cfssl-certinfo  cfssljson
[root@master01 k8s]# mkdir etcd-cert           //創(chuàng)建證書存放目錄
[root@master01 k8s]# ls
etcd-cert
[root@master01 k8s]# cd etcd-cert/            //進(jìn)入證書存放目錄
[root@master01 etcd-cert]# cat > ca-config.json <<EOF      //定義ca證書
> {
>   "signing": {
>     "default": {
>       "expiry": "87600h"          //證書失效
>     },
>     "profiles": {
>       "www": {
>          "expiry": "87600h",
>          "usages": [
>             "signing",
>             "key encipherment",
>             "server auth",        //服務(wù)端驗(yàn)證
>             "client auth"         //客戶端驗(yàn)證
>         ]
>       }
>     }
>   }
> }
> EOF
[root@master01 etcd-cert]# cat > ca-csr.json <<EOF    //實(shí)現(xiàn)證書簽名
> {
>     "CN": "etcd CA",
>     "key": {
>         "algo": "rsa",         //使用非對(duì)稱密鑰
>         "size": 2048           //密鑰長(zhǎng)度
>     },
>     "names": [
>         {
>             "C": "CN",             //標(biāo)識(shí)信息,可自行定義
>             "L": "Beijing",
>             "ST": "Beijing"
>         }
>     ]
> }
> EOF
[root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -     //使用命令生成ca證書
2020/02/09 16:53:08 [INFO] generating a new CA key and certificate from CSR
2020/02/09 16:53:08 [INFO] generate received request
2020/02/09 16:53:08 [INFO] received CSR
2020/02/09 16:53:08 [INFO] generating key: rsa-2048
2020/02/09 16:53:08 [INFO] encoded CSR
2020/02/09 16:53:08 [INFO] signed certificate with serial number 400787333165311350366024741004548366561538833100
[root@master01 etcd-cert]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem    //ca證書生成成功
[root@master01 etcd-cert]# cat > server-csr.json <<EOF      //指定etcd三個(gè)節(jié)點(diǎn)之間的通信驗(yàn)證
> {
>     "CN": "etcd",
>     "hosts": [
>     "192.168.80.12",         //群集IP地址設(shè)定,master地址
>     "192.168.80.13",         //node01IP地址
>     "192.168.80.14"          //node02IP地址
>     ],
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>         {
>             "C": "CN",
>             "L": "BeiJing",
>             "ST": "BeiJing"
>         }
>     ]
> }
> EOF
[root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server     //生成ETCD證書 server-key.pem   server.pem
2020/02/09 16:59:12 [INFO] generate received request
2020/02/09 16:59:12 [INFO] received CSR
2020/02/09 16:59:12 [INFO] generating key: rsa-2048
2020/02/09 16:59:12 [INFO] encoded CSR
2020/02/09 16:59:12 [INFO] signed certificate with serial number 155295832576786241095177900248601469934260652049
2020/02/09 16:59:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@master01 etcd-cert]# ls
ca-config.json  ca-csr.json  ca.pem      server-csr.json  server.pem
ca.csr          ca-key.pem   server.csr  server-key.pem                   //生成成功
  • 部署etcd服務(wù) 
    [root@master01 etcd-cert]# cd /mnt/           //進(jìn)入宿主機(jī)掛載過來的目錄
[root@master01 mnt]# ls
etcd-cert     etcd-v3.3.10-linux-amd64.tar.gz     k8s-cert.sh                           master.zip
etcd-cert.sh  flannel.sh                          kubeconfig.sh                         node.zip
etcd.sh       flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master01 mnt]# cp etcd-v3.3.10-linux-amd64.tar.gz flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz etcd.sh /root/k8s/     //將軟件包與etcd執(zhí)行腳本復(fù)制到k8s工作目錄中
[root@master01 mnt]# cd /root/k8s/                   //回到k8s工作目錄
[root@master01 k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz       //解壓etcd軟件包
etcd-v3.3.10-linux-amd64/
etcd-v3.3.10-linux-amd64/Documentation/
etcd-v3.3.10-linux-amd64/Documentation/platforms/
etcd-v3.3.10-linux-amd64/Documentation/platforms/container-linux-systemd.md
etcd-v3.3.10-linux-amd64/Documentation/platforms/aws.md
etcd-v3.3.10-linux-amd64/Documentation/platforms/freebsd.md
etcd-v3.3.10-linux-amd64/Documentation/rfc/
...
[root@master01 k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p    //遞歸創(chuàng)建etcd工作目錄
[root@master01 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/   //將etcd命令文件復(fù)制到工作目錄中bin目錄下
[root@master01 k8s]# ls /opt/etcd/bin/      //查看
etcd  etcdctl
[root@master01 k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/    //拷貝證書文件到etcd工作目錄ssl目錄下
[root@master01 k8s]# ls /opt/etcd/ssl/         //查看
ca-key.pem  ca.pem  server-key.pem  server.pem
[root@master01 k8s]# bash etcd.sh etcd01 192.168.80.12 etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380    //執(zhí)行啟動(dòng)腳本 etcd01為master01服務(wù)器地址 etcd02、etcd03為node01、node02IP地址,稍后我們將分別在node01、node02中部署etcd,組成etcd群集,腳本執(zhí)行同時(shí)生成etcd配置文件
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
//執(zhí)行啟動(dòng)腳本后會(huì)進(jìn)入卡住狀態(tài),等待其他節(jié)點(diǎn)加入,它也有一定的超時(shí)時(shí)間,超過超時(shí)時(shí)間會(huì)出現(xiàn)報(bào)錯(cuò),不用理會(huì)

  • 重新開啟新的會(huì)話框

    [root@master01 ~]# ps -ef | grep etcd    //查看進(jìn)程是否開啟
root      16146      1  0 17:14 ?        00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.80.12:2380 --listen-client-urls=https://192.168.80.12:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.80.12:2379 --initial-advertise-peer-urls=https://192.168.80.12:2380 --initial-cluster=etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root      16191  16160  0 17:15 pts/1    00:00:00 grep --color=auto etcd    //成功開啟
[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.13:/opt/           //拷貝etcd工作目錄到node01節(jié)點(diǎn)
The authenticity of host '192.168.80.13 (192.168.80.13)' can't be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.13' (ECDSA) to the list of known hosts.
root@192.168.80.13's password:
etcd                                                                       100%  509   495.7KB/s   00:00
etcd                                                                       100%   18MB  98.7MB/s   00:00
etcdctl                                                                    100%   15MB  95.0MB/s   00:00
ca-key.pem                                                                 100% 1675     1.6MB/s   00:00
ca.pem                                                                     100% 1265   416.6KB/s   00:00
server-key.pem                                                             100% 1675     2.3MB/s   00:00
server.pem                                                                 100% 1338     2.0MB/s   00:00
[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.14:/opt/         //拷貝etcd工作目錄到node02節(jié)點(diǎn)
The authenticity of host '192.168.80.14 (192.168.80.14)' can't be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.14' (ECDSA) to the list of known hosts.
root@192.168.80.14's password:
etcd                                                                       100%  509   523.8KB/s   00:00
etcd                                                                       100%   18MB  79.6MB/s   00:00
etcdctl                                                                    100%   15MB 140.4MB/s   00:00
ca-key.pem                                                                 100% 1675     1.9MB/s   00:00
ca.pem                                                                     100% 1265   296.4KB/s   00:00
server-key.pem                                                             100% 1675     2.4MB/s   00:00
server.pem                                                                 100% 1338   423.3KB/s   00:00
[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.13:/usr/lib/systemd/system/               //啟動(dòng)腳本拷貝到node01節(jié)點(diǎn)
root@192.168.80.13's password:
etcd.service                                                               100%  923   628.8KB/s   00:00
[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.14:/usr/lib/systemd/system/               //啟動(dòng)腳本拷貝到node02節(jié)點(diǎn)
root@192.168.80.14's password:
etcd.service                                                               100%  923   684.8KB/s   00:00
    node01服務(wù)器操作

  • 更改復(fù)制過來的etcd配置文件

    [root@node01 ~]# systemctl stop firewalld.service       //關(guān)閉防火墻
[root@node01 ~]# setenforce 0                           //關(guān)閉selinux
[root@node01 ~]# vim /opt/etcd/cfg/etcd
#[Member] 
ETCD_NAME="etcd02"                 //更改名稱為etcd02
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.80.13:2380"    //更改IP地址為192.168.80.13
ETCD_LISTEN_CLIENT_URLS="https://192.168.80.13:2379"  //更改IP地址為192.168.80.13

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.13:2380"   //更改IP地址為192.168.80.13
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.13:2379"         //更改IP地址為192.168.80.13
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"                           //注意:此處不用改動(dòng)
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
:wq 
[root@node01 ~]# systemctl start etcd             //編輯完成后直接啟動(dòng)etcd服務(wù)
[root@node01 ~]# systemctl status etcd            //查看服務(wù)狀態(tài)
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-02-09 17:25:38 CST; 50s ago    //正常運(yùn)行
Main PID: 15905 (etcd)
...
    node02服務(wù)器操作

  • 更改復(fù)制過來的etcd配置文件

    [root@node02 ~]# systemctl stop firewalld.service        //關(guān)閉防火墻
[root@node02 ~]# setenforce 0                           //關(guān)閉selinux
[root@node02 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03"                                     //更改名稱為etcd03
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.80.14:2380"     //更改IP地址為192.168.80.14
ETCD_LISTEN_CLIENT_URLS="https://192.168.80.14:2379"   //更改IP地址為192.168.80.14

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.14:2380"      //更改IP地址為192.168.80.14
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.14:2379"            //更改IP地址為192.168.80.14
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"             //注意:此處不用改動(dòng)
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
:wq
[root@node02 ~]# systemctl start etcd        //啟動(dòng)服務(wù)
[root@node02 ~]# systemctl status etcd       //查看狀態(tài)
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2020-02-09 17:32:29 CST; 4s ago   //成功運(yùn)行
Main PID: 15926 (etcd)
...
    回到master01服務(wù)器操作
  • 檢查群集狀態(tài) 
    [root@master01 k8s]# cd etcd-cert/      //進(jìn)入證書目錄 因?yàn)橐褂胏a證書驗(yàn)證查看,所有要進(jìn)入證書存放目錄中查看
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" cluster-health        //使用目錄查看群集狀態(tài)
member accc4008f61328 is healthy: got healthy result from https://192.168.80.13:2379
member 88ef2b8e883800a0 is healthy: got healthy result from https://192.168.80.12:2379
member fafd8a15257570ee is healthy: got healthy result from https://192.168.80.14:2379
cluster is healthy        //群集創(chuàng)建成功

    etcd組件部署成功

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI