kubernetes etcd组件部署
发表于:2025-01-24 作者:千家信息网编辑
千家信息网最后更新 2025年01月24日,这篇文章为大家带来有关kubernetes中etcd组件的部署方法。文章涵盖etcd组件的简介和etcd组件的部署方法,希望大家通过这篇文章能有所收获。etcd组件部署etcd简介etcd是CoreO
千家信息网最后更新 2025年01月24日kubernetes etcd组件部署
这篇文章为大家带来有关kubernetes中etcd组件的部署方法。文章涵盖etcd组件的简介和etcd组件的部署方法,希望大家通过这篇文章能有所收获。
etcd组件部署
etcd简介
- etcd是CoreOS团队于2013年6月发起的开源项目,它的目标是构建一个高可用的分布式键值(key-value)数据库。etcd内部采用raft协议作为一致性算法,etcd基于Go语言实现。
- etcd作为服务发现系统,有以下的特点:
- 简单:安装配置简单,而且提供了HTTP API进行交互,使用也很简单
- 安全:支持SSL证书验证
- 快速:根据官方提供的benchmark数据,单实例支持每秒2k+读操作
- 可靠:采用raft算法,实现分布式系统数据的可用性和一致性
master01服务器操作
- 自签etcd组件证书
[root@master01 ~]# systemctl stop firewalld.service //关闭防火墙[root@master01 ~]# setenforce 0 //关闭selinux[root@master01 ~]# mkdir k8s //创建k8s目录[root@master01 ~]# lsanaconda-ks.cfg k8s[root@master01 ~]# mount.cifs //192.168.80.2/shares/K8S/k8s01 /mnt/ //挂载宿主机中准备好的软件包Password for root@//192.168.80.2/shares/K8S/k8s01:[root@master01 ~]# cd /mnt/[root@master01 mnt]# lsetcd-cert etcd-v3.3.10-linux-amd64.tar.gz k8s-cert.sh master.zipetcd-cert.sh flannel.sh kubeconfig.sh node.zipetcd.sh flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz[root@master01 mnt]# cd /root/k8s/ //回到k8s目录[root@master01 k8s]# vim cfssl.sh //编辑脚本下载cfssl官方包 做ca认证的软件包curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfsslcurl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljsoncurl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfochmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo:wq[root@master01 k8s]# bash cfssl.sh //执行脚本,下载cfssl官方包% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 9.8M 100 9.8M 0 0 457k 0 0:00:22 0:00:22 --:--:-- 581k% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 2224k 100 2224k 0 0 300k 0 0:00:07 0:00:07 --:--:-- 517k% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 6440k 100 6440k 0 0 276k 0 0:00:23 0:00:23 --:--:-- 221k[root@master01 k8s]# ls /usr/local/bin/ //查看证书是否成功下载cfssl cfssl-certinfo cfssljson[root@master01 k8s]# mkdir etcd-cert //创建证书存放目录[root@master01 k8s]# lsetcd-cert[root@master01 k8s]# cd etcd-cert/ //进入证书存放目录[root@master01 etcd-cert]# cat > ca-config.json <{> "signing": {> "default": {> "expiry": "87600h" //证书失效> },> "profiles": {> "www": {> "expiry": "87600h",> "usages": [> "signing",> "key encipherment",> "server auth", //服务端验证> "client auth" //客户端验证> ]> }> }> }> }> EOF[root@master01 etcd-cert]# cat > ca-csr.json < {> "CN": "etcd CA",> "key": {> "algo": "rsa", //使用非对称密钥> "size": 2048 //密钥长度> },> "names": [> {> "C": "CN", //标识信息,可自行定义> "L": "Beijing",> "ST": "Beijing"> }> ]> }> EOF[root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca - //使用命令生成ca证书2020/02/09 16:53:08 [INFO] generating a new CA key and certificate from CSR2020/02/09 16:53:08 [INFO] generate received request2020/02/09 16:53:08 [INFO] received CSR2020/02/09 16:53:08 [INFO] generating key: rsa-20482020/02/09 16:53:08 [INFO] encoded CSR2020/02/09 16:53:08 [INFO] signed certificate with serial number 400787333165311350366024741004548366561538833100[root@master01 etcd-cert]# lsca-config.json ca.csr ca-csr.json ca-key.pem ca.pem //ca证书生成成功[root@master01 etcd-cert]# cat > server-csr.json < {> "CN": "etcd",> "hosts": [> "192.168.80.12", //群集IP地址设定,master地址> "192.168.80.13", //node01IP地址> "192.168.80.14" //node02IP地址> ],> "key": {> "algo": "rsa",> "size": 2048> },> "names": [> {> "C": "CN",> "L": "BeiJing",> "ST": "BeiJing"> }> ]> }> EOF[root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server //生成ETCD证书 server-key.pem server.pem2020/02/09 16:59:12 [INFO] generate received request2020/02/09 16:59:12 [INFO] received CSR2020/02/09 16:59:12 [INFO] generating key: rsa-20482020/02/09 16:59:12 [INFO] encoded CSR2020/02/09 16:59:12 [INFO] signed certificate with serial number 1552958325767862410951779002486014699342606520492020/02/09 16:59:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable forwebsites. For more information see the Baseline Requirements for the Issuance and Managementof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);specifically, section 10.2.3 ("Information Requirements").[root@master01 etcd-cert]# lsca-config.json ca-csr.json ca.pem server-csr.json server.pemca.csr ca-key.pem server.csr server-key.pem //生成成功 - 部署etcd服务
[root@master01 etcd-cert]# cd /mnt/ //进入宿主机挂载过来的目录[root@master01 mnt]# lsetcd-cert etcd-v3.3.10-linux-amd64.tar.gz k8s-cert.sh master.zipetcd-cert.sh flannel.sh kubeconfig.sh node.zipetcd.sh flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz[root@master01 mnt]# cp etcd-v3.3.10-linux-amd64.tar.gz flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz etcd.sh /root/k8s/ //将软件包与etcd执行脚本复制到k8s工作目录中[root@master01 mnt]# cd /root/k8s/ //回到k8s工作目录[root@master01 k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz //解压etcd软件包etcd-v3.3.10-linux-amd64/etcd-v3.3.10-linux-amd64/Documentation/etcd-v3.3.10-linux-amd64/Documentation/platforms/etcd-v3.3.10-linux-amd64/Documentation/platforms/container-linux-systemd.mdetcd-v3.3.10-linux-amd64/Documentation/platforms/aws.mdetcd-v3.3.10-linux-amd64/Documentation/platforms/freebsd.mdetcd-v3.3.10-linux-amd64/Documentation/rfc/...[root@master01 k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p //递归创建etcd工作目录[root@master01 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/ //将etcd命令文件复制到工作目录中bin目录下[root@master01 k8s]# ls /opt/etcd/bin/ //查看etcd etcdctl[root@master01 k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/ //拷贝证书文件到etcd工作目录ssl目录下[root@master01 k8s]# ls /opt/etcd/ssl/ //查看ca-key.pem ca.pem server-key.pem server.pem[root@master01 k8s]# bash etcd.sh etcd01 192.168.80.12 etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 //执行启动脚本 etcd01为master01服务器地址 etcd02、etcd03为node01、node02IP地址,稍后我们将分别在node01、node02中部署etcd,组成etcd群集,脚本执行同时生成etcd配置文件Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.//执行启动脚本后会进入卡住状态,等待其他节点加入,它也有一定的超时时间,超过超时时间会出现报错,不用理会 重新开启新的会话框
[root@master01 ~]# ps -ef | grep etcd //查看进程是否开启root 16146 1 0 17:14 ? 00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.80.12:2380 --listen-client-urls=https://192.168.80.12:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.80.12:2379 --initial-advertise-peer-urls=https://192.168.80.12:2380 --initial-cluster=etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pemroot 16191 16160 0 17:15 pts/1 00:00:00 grep --color=auto etcd //成功开启[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.13:/opt/ //拷贝etcd工作目录到node01节点The authenticity of host '192.168.80.13 (192.168.80.13)' can't be established.ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.80.13' (ECDSA) to the list of known hosts.root@192.168.80.13's password:etcd 100% 509 495.7KB/s 00:00etcd 100% 18MB 98.7MB/s 00:00etcdctl 100% 15MB 95.0MB/s 00:00ca-key.pem 100% 1675 1.6MB/s 00:00ca.pem 100% 1265 416.6KB/s 00:00server-key.pem 100% 1675 2.3MB/s 00:00server.pem 100% 1338 2.0MB/s 00:00[root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.14:/opt/ //拷贝etcd工作目录到node02节点The authenticity of host '192.168.80.14 (192.168.80.14)' can't be established.ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.80.14' (ECDSA) to the list of known hosts.root@192.168.80.14's password:etcd 100% 509 523.8KB/s 00:00etcd 100% 18MB 79.6MB/s 00:00etcdctl 100% 15MB 140.4MB/s 00:00ca-key.pem 100% 1675 1.9MB/s 00:00ca.pem 100% 1265 296.4KB/s 00:00server-key.pem 100% 1675 2.4MB/s 00:00server.pem 100% 1338 423.3KB/s 00:00[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.13:/usr/lib/systemd/system/ //启动脚本拷贝到node01节点root@192.168.80.13's password:etcd.service 100% 923 628.8KB/s 00:00[root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.14:/usr/lib/systemd/system/ //启动脚本拷贝到node02节点root@192.168.80.14's password:etcd.service 100% 923 684.8KB/s 00:00node01服务器操作
更改复制过来的etcd配置文件
[root@node01 ~]# systemctl stop firewalld.service //关闭防火墙[root@node01 ~]# setenforce 0 //关闭selinux[root@node01 ~]# vim /opt/etcd/cfg/etcd#[Member] ETCD_NAME="etcd02" //更改名称为etcd02ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://192.168.80.13:2380" //更改IP地址为192.168.80.13ETCD_LISTEN_CLIENT_URLS="https://192.168.80.13:2379" //更改IP地址为192.168.80.13#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.13:2380" //更改IP地址为192.168.80.13ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.13:2379" //更改IP地址为192.168.80.13ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380" //注意:此处不用改动ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new":wq [root@node01 ~]# systemctl start etcd //编辑完成后直接启动etcd服务[root@node01 ~]# systemctl status etcd //查看服务状态● etcd.service - Etcd ServerLoaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)Active: active (running) since 日 2020-02-09 17:25:38 CST; 50s ago //正常运行Main PID: 15905 (etcd)...node02服务器操作
更改复制过来的etcd配置文件
[root@node02 ~]# systemctl stop firewalld.service //关闭防火墙[root@node02 ~]# setenforce 0 //关闭selinux[root@node02 ~]# vim /opt/etcd/cfg/etcd#[Member]ETCD_NAME="etcd03" //更改名称为etcd03ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://192.168.80.14:2380" //更改IP地址为192.168.80.14ETCD_LISTEN_CLIENT_URLS="https://192.168.80.14:2379" //更改IP地址为192.168.80.14#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.14:2380" //更改IP地址为192.168.80.14ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.14:2379" //更改IP地址为192.168.80.14ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380" //注意:此处不用改动ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new":wq[root@node02 ~]# systemctl start etcd //启动服务[root@node02 ~]# systemctl status etcd //查看状态● etcd.service - Etcd ServerLoaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)Active: active (running) since 日 2020-02-09 17:32:29 CST; 4s ago //成功运行Main PID: 15926 (etcd)...回到master01服务器操作
[root@master01 k8s]# cd etcd-cert/ //进入证书目录 因为要使用ca证书验证查看,所有要进入证书存放目录中查看[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" cluster-health //使用目录查看群集状态member accc4008f61328 is healthy: got healthy result from https://192.168.80.13:2379member 88ef2b8e883800a0 is healthy: got healthy result from https://192.168.80.12:2379member fafd8a15257570ee is healthy: got healthy result from https://192.168.80.14:2379cluster is healthy //群集创建成功看完这篇文章,你们学会kubernetes中etcd组件的部署方法了吗?如果还想学到更多技能或想了解更多相关内容,欢迎关注行业资讯频道,感谢各位的阅读!
目录
地址
证书
服务
脚本
工作
组件
成功
拷贝
文件
服务器
状态
节点
生成
软件
软件包
配置
验证
不用
官方
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
智能教学软件开发
手游渠道服务器
打零工互联网科技有限公司
肇庆通信软件开发市价
移动互联网和软件开发哪个好
吉林市公安局网络安全
加拿大网络技术和水管工
数据库多出一行怎么办
计算机网络技术图书及简介
虚拟机下C语言数据库管理
软件开发人才面试
文档怎么转化为数据库
英雄联盟lol服务器
内蒙古精英网络技术咨询联系人
网络安全微课入围名单
ORACLE数据库同步
3分钟看懂网络安全
三级计算机网络技术新题
山东临沂青少年网络安全教育
青浦区运营软件开发厂家范围
设备网络安全防护等级华为
数据库重复命名
打零工互联网科技有限公司
影院巴士广州互联网科技
气象局网络安全应急演练计划
Web服务器开发技术
网络安全拒绝服务包含木马
博山纺织软件开发
数据库查表中所有数据语句
大同网络安全宣传周
