etcd
Install etcd
wget https://github.com/etcd-io/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz tar -xvf etcd-v3.3.9-linux-amd64.tar.gz mv etcd-v3.3.9-linux-amd64/etcd* /usr/local/bin/
Create etcd startup file
cat > /usr/lib/systemd/system/etcd.service << EOF [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/local/bin/etcd \\ --name k8s-master \\ --cert-file=/etc/kubernetes/ssl/kubernetes.pem \\ --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\ --peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \\ --peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \\ --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\ --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \\ --initial-advertise-peer-urls https://172.16.20.206:2380 \\ --listen-peer-urls https://172.16.20.206:2380 \\ --listen-client-urls https://172.16.20.206:2379,http://127.0.0.1:2379 \\ --advertise-client-urls https://172.16.20.206:2379 \\ --initial-cluster-token etcd-cluster \\ --initial-cluster k8s-master=https://172.16.20.206:2380,k8s-node1=https://172.16.20.207:2380,k8s-node2=https://172.16.20.208:2380 \\ --initial-cluster-state new \\ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF
The explanation of the "
The data directory of etcd is / var/lib/etcd, which needs to be created before starting the service. Otherwise, the error "failed at step chdir spawing / usr / bin / etcd: no such file or directory" will be reported when starting the service.
--The name after the name option should be the same as the current host name
--Initial advertise peer URLs, -- listen peer URLs, -- listen client URLs, -- listen client URLs, -- advertise client URLs, must be local IP
--Initial cluster pay attention to the corresponding relationship between cluster IP and host name
The explanation of the "
Specify the working directory of etcd as / var/lib/etcd, and the data directory as / var/lib/etcd. You need to create these two directories before starting the service.
In order to ensure the security of communication, we need to specify the public-private key (cert file and key file) of etcd, the public-private key and CA certificate (peer cert file, peer key file, peer trusted CA file) of peer communication, and the CA certificate (trusted CA file) of client.
The hosts field of the kubernetes-csr.json file used to create the kubernetes.pem certificate contains the IP addresses of all etcd nodes, otherwise the certificate verification will fail.
--When the initial cluster state value is new, the parameter value of - name must be in the -- initial cluster list;
Distribute to nodes
Distribute etcd.service, etcd.conf, / usr/local/bin/etcd * to the corresponding directory of each node; modify the corresponding matching of etcd.conf to the current node information.
scp -r /usr/local/bin/etcd* k8s-node1:/usr/local/bin/ scp -r /usr/local/bin/etcd* k8s-node2:/usr/local/bin/ scp -r /etc/etcd k8s-node1:/etc/ scp -r /etc/etcd k8s-node2:/etc/ scp /usr/lib/systemd/system/etcd.service k8s-node1:/usr/lib/systemd/system/ scp /usr/lib/systemd/system/etcd.service k8s-node2:/usr/lib/systemd/system/
Start etcd
All nodes execute
systemctl daemon-reload systemctl start etcd systemctl status etcd systemctl enable etcd
Verification
etcdctl \ --ca-file=/etc/kubernetes/ssl/ca.pem \ --cert-file=/etc/kubernetes/ssl/kubernetes.pem \ --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \ cluster-health member 4cc910cd64041b9f is healthy: got healthy result from https://172.16.20.206:2379 member 71e662482c67f8f0 is healthy: got healthy result from https://172.16.20.207:2379 member d3813a08e230ddef is healthy: got healthy result from https://172.16.20.208:2379 cluster is healthy
######Clear all data
etcdctl del / --prefix