yum -y install etcd

vim /etc/systemd/system/etcd.service? ? ? ? # etcd.service同級文件

在每個節(jié)點上的該文件做出以下修改：

WorkingDirectory?data-dir保證創(chuàng)建這兩個目錄

把172.20.0.68? 這個IP換成部署本機的?

把initial-cluster? 這個屬性下 寫入集群所有的需要部署的ip贱除，這里需要每臺機子的名字要和name屬性那里對應(yīng)上比如本機的IP是172.20.0.68：

--name=etcd02 \

--initial-cluster=etcd02=http://172.20.0.68:2380,etcd01=http://172.20.0.67:2380

systemctl daemon-reload && systemctl start etcd && systemctl enable etcd && systemctl status etcd

etcdctl endpoints=https://172.20.0.68:2379,https://172.20.0.67:2379,https://172.20.0.69:2379 member list #查看集群成員

etcdctl endpoints=https://172.20.0.68:2379,https://172.20.0.67:2379,https://172.20.0.69:2379 cluster-health#查看集群狀態(tài)

參考文件

------------------------------------

[Unit]

Description=Etcd Server

After=network.target

After=network-online.target

Wants=network-online.target

[Service]

Type=notify

WorkingDirectory=/var/lib/etcd/

User=root

# set GOMAXPROCS to number of processors

ExecStart=/usr/bin/etcd \

? --name=etcd2 \

? --initial-advertise-peer-urls=http://172.20.0.68:2380 \

? --listen-peer-urls=http://172.20.0.68:2380 \

? --listen-client-urls=http://172.20.0.68:2379,http://127.0.0.1:2379 \

? --advertise-client-urls=http://172.20.0.68:2379 \

? --initial-cluster-token=k8s-etcd-cluster \

? --initial-cluster=etcd2=http://172.20.0.68:2380,etcd1=http://172.20.0.67:2380,etcd3=http://172.20.0.69:2380 \

? --initial-cluster-state=existing \

? --data-dir=/opt/etcd/

Restart=on-failure

RestartSec=5

LimitNOFILE=65536

[Install]

WantedBy=multi-user.target

------------------------------------

每次k8s集群重新部署時泣崩，需要清楚etcd串绩，重啟etcd集群

先在各節(jié)點執(zhí)行systemctl

stop etcd莹痢，把服務(wù)停掉宰掉，不然你執(zhí)行完违孝，查看狀態(tài)就會看見etcd狀態(tài)失敗嗤攻，因為有節(jié)點還沒有停止服務(wù)腺怯，兩邊不一致

然后清除數(shù)據(jù)重啟服務(wù)，就干干凈凈了

rm -rf /opt/etcd/*

systemctl daemon-reload && systemctlstart etcd && systemctl enable etcd

?systemctl status etcd

我這里沒有加入身份驗證川无，假如是內(nèi)網(wǎng)就不用呛占。如果要加則需要做以下修改：

https://blog.51cto.com/xiaocainiaox/2169475?source=dra

這一套ca證書和k8s那個ca證書是兩套，互相沒有關(guān)聯(lián)

先安裝cfssl（用來制造證書加密的）

?創(chuàng)建config.json和csr.json文件

cfssl gencert-initca? csr.json | cfssljson -bare ca

創(chuàng)建etcd-csr.json

cfssl gencert-ca=ca.pem? -ca-key=ca-key.pem? -config=config.json?? -profile=kubernetes etcd-csr.json |cfssljson -bare etcd

然后把這些生成的文件放入所有etcdh節(jié)點的目錄下/etc/kubernetes/pki/etcd/

在etcd.service的—name=etcd01下面中加入

--cert-file=/etc/kubernetes/pki/etcd/etcd.pem \

--key-file=/etc/kubernetes/pki/etcd/etcd-key.pem \

--peer-cert-file=/etc/kubernetes/pki/etcd/etcd.pem \

--peer-key-file=/etc/kubernetes/pki/etcd/etcd-key.pem \

--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.pem \

--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.pem \

查看集群信息和健康狀態(tài)的語句需要加上驗證文件

etcdctl --endpoints=https://172.20.0.68:2379,https://172.20.0.67:2379,https://172.20.0.69:2379--cert-file=/etc/kubernetes/pki/etcd/etcd.pem--ca-file=/etc/kubernetes/pki/etcd/ca.pem--key-file=/etc/kubernetes/pki/etcd/etcd-key.pem member list

etcdctl--endpoints=https://172.20.0.68:2379,https://172.20.0.67:2379,https://172.20.0.69:2379--cert-file=/etc/kubernetes/pki/etcd/etcd.pem--ca-file=/etc/kubernetes/pki/etcd/ca.pem--key-file=/etc/kubernetes/pki/etcd/etcd-key.pem cluster-health