etcd 单机&集群部署

一、配置

image.png

集群每个节点都需要配置 etcd.conf

#########################################################
########### 请根据各节点服务器实际情况修改配置 ############
#########################################################
#[Member]
#1.节点名称，必须唯一
ETCD_NAME="k8s-etcd2"
 
#2.设置数据保存的目录
ETCD_DATA_DIR="/opt/etcd/data"
 
#3.本节点机器用于监听其他节点的url，url是本机上的2380
ETCD_LISTEN_PEER_URLS="https://192.168.199.52:2380"

#4.本节点机器用于和客户端通信的url，url是本机上的 2379
ETCD_LISTEN_CLIENT_URLS="https://192.168.199.52:2379,http://127.0.0.1:2379"
 
#[Clustering]


#5.建议本节点用于和其他节点之间通信的url，且会通告集群的其余成员节点
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.199.52:2380"

#6.建议本节点和客户端通信使用的url
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.199.52:2379"
 
#7.集群中所有节点的信息
ETCD_INITIAL_CLUSTER="k8s-etcd1=https://192.168.199.51:2380,k8s-etcd2=https://192.168.199.52:2380,k8s-etcd3=https://192.168.199.53:2380"
 
#8.创建集群的token，这个值每个集群均相同
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
 
#9.初始集群状态，新建集群的时候，这个值为new,后续再启动时需要将“new”更改为“existing”
ETCD_INITIAL_CLUSTER_STATE="new"
 
#10.flannel操作etcd使用的是v2的API，而kubernetes操作etcd使用的v3的API
#   为了兼容flannel，将默认开启v2版本，故配置文件中设置 
#ETCD_ENABLE_V2="true"

# [Security]
#ETCD_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
#ETCD_CERT_FILE="/opt/etcd/ssl/server.pem"
#ETCD_KEY_FILE="/opt/etcd/ssl/server-key.pem"
#ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.pem"
#ETCD_PEER_CERT_FILE="/opt/etcd/ssl/server.pem"
#ETCD_PEER_KEY_FILE="/opt/etcd/ssl/server-key.pem"

#ETCD_CLIENT_CERT_AUTH="true"
#ETCD_AUTO_TLS="true"
#ETCD_PEER_CLIENT_CERT_AUTH="true"
#ETCD_PEER_AUTO_TLS="true"

二、集群每个节点都需要配置systemd 管理 etcd

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/conf/etcd.conf
WorkingDirectory=/opt/etcd/data
ExecStart=/opt/etcd/bin/etcd --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem --logger=zap
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

三、启动集群

systemctl daemon-reload && systemctl enable etcd && systemctl start etcd && systemctl status etcd

四、查看集群状态

ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="192.168.199.51:2379,192.168.199.52:2379,192.168.199.53:2379" endpoint health --write-out=table

image.png