亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

kubernetes etcd組件部署

發布時間:2020-06-01 10:46:42 來源:億速云 閱讀:296 作者:Leah 欄目:云計算

這篇文章為大家帶來有關kubernetes中etcd組件的部署方法。文章涵蓋etcd組件的簡介etcd組件的部署方法,希望大家通過這篇文章能有所收獲。

etcd組件部署

etcd簡介
  • etcd是CoreOS團隊于2013年6月發起的開源項目,它的目標是構建一個高可用的分布式鍵值(key-value)數據庫。etcd內部采用raft協議作為一致性算法,etcd基于Go語言實現。
  • etcd作為服務發現系統,有以下的特點:
    • 簡單:安裝配置簡單,而且提供了HTTP API進行交互,使用也很簡單
    • 安全:支持SSL證書驗證
    • 快速:根據官方提供的benchmark數據,單實例支持每秒2k+讀操作
    • 可靠:采用raft算法,實現分布式系統數據的可用性和一致性
master01服務器操作
  • 自簽etcd組件證書
    [root@master01 ~]# systemctl stop firewalld.service   //關閉防火墻
    [root@master01 ~]# setenforce 0                       //關閉selinux
    [root@master01 ~]# mkdir k8s         //創建k8s目錄
    [root@master01 ~]# ls
    anaconda-ks.cfg  k8s
    [root@master01 ~]# mount.cifs //192.168.80.2/shares/K8S/k8s01 /mnt/    //掛載宿主機中準備好的軟件包
    Password for root@//192.168.80.2/shares/K8S/k8s01:
    [root@master01 ~]# cd /mnt/
    [root@master01 mnt]# ls
    etcd-cert     etcd-v3.3.10-linux-amd64.tar.gz     k8s-cert.sh                           master.zip
    etcd-cert.sh  flannel.sh                          kubeconfig.sh                         node.zip
    etcd.sh       flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
    [root@master01 mnt]# cd /root/k8s/             //回到k8s目錄
    [root@master01 k8s]# vim cfssl.sh              //編輯腳本下載cfssl官方包  做ca認證的軟件包
    curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
    curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
    curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
    chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
    :wq
    [root@master01 k8s]# bash cfssl.sh             //執行腳本,下載cfssl官方包
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
    100  9.8M  100  9.8M    0     0   457k      0  0:00:22  0:00:22 --:--:--  581k
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
    100 2224k  100 2224k    0     0   300k      0  0:00:07  0:00:07 --:--:--  517k
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
    100 6440k  100 6440k    0     0   276k      0  0:00:23  0:00:23 --:--:--  221k
    [root@master01 k8s]# ls /usr/local/bin/              //查看證書是否成功下載
    cfssl  cfssl-certinfo  cfssljson
    [root@master01 k8s]# mkdir etcd-cert           //創建證書存放目錄
    [root@master01 k8s]# ls
    etcd-cert
    [root@master01 k8s]# cd etcd-cert/            //進入證書存放目錄
    [root@master01 etcd-cert]# cat > ca-config.json <<EOF      //定義ca證書
    > {
    >   "signing": {
    >     "default": {
    >       "expiry": "87600h"          //證書失效
    >     },
    >     "profiles": {
    >       "www": {
    >          "expiry": "87600h",
    >          "usages": [
    >             "signing",
    >             "key encipherment",
    >             "server auth",        //服務端驗證
    >             "client auth"         //客戶端驗證
    >         ]
    >       }
    >     }
    >   }
    > }
    > EOF
    [root@master01 etcd-cert]# cat > ca-csr.json <<EOF    //實現證書簽名
    > {
    >     "CN": "etcd CA",
    >     "key": {
    >         "algo": "rsa",         //使用非對稱密鑰
    >         "size": 2048           //密鑰長度
    >     },
    >     "names": [
    >         {
    >             "C": "CN",             //標識信息,可自行定義
    >             "L": "Beijing",
    >             "ST": "Beijing"
    >         }
    >     ]
    > }
    > EOF
    [root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -     //使用命令生成ca證書
    2020/02/09 16:53:08 [INFO] generating a new CA key and certificate from CSR
    2020/02/09 16:53:08 [INFO] generate received request
    2020/02/09 16:53:08 [INFO] received CSR
    2020/02/09 16:53:08 [INFO] generating key: rsa-2048
    2020/02/09 16:53:08 [INFO] encoded CSR
    2020/02/09 16:53:08 [INFO] signed certificate with serial number 400787333165311350366024741004548366561538833100
    [root@master01 etcd-cert]# ls
    ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem    //ca證書生成成功
    [root@master01 etcd-cert]# cat > server-csr.json <<EOF      //指定etcd三個節點之間的通信驗證
    > {
    >     "CN": "etcd",
    >     "hosts": [
    >     "192.168.80.12",         //群集IP地址設定,master地址
    >     "192.168.80.13",         //node01IP地址
    >     "192.168.80.14"          //node02IP地址
    >     ],
    >     "key": {
    >         "algo": "rsa",
    >         "size": 2048
    >     },
    >     "names": [
    >         {
    >             "C": "CN",
    >             "L": "BeiJing",
    >             "ST": "BeiJing"
    >         }
    >     ]
    > }
    > EOF
    [root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server     //生成ETCD證書 server-key.pem   server.pem
    2020/02/09 16:59:12 [INFO] generate received request
    2020/02/09 16:59:12 [INFO] received CSR
    2020/02/09 16:59:12 [INFO] generating key: rsa-2048
    2020/02/09 16:59:12 [INFO] encoded CSR
    2020/02/09 16:59:12 [INFO] signed certificate with serial number 155295832576786241095177900248601469934260652049
    2020/02/09 16:59:12 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
    websites. For more information see the Baseline Requirements for the Issuance and Management
    of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
    specifically, section 10.2.3 ("Information Requirements").
    [root@master01 etcd-cert]# ls
    ca-config.json  ca-csr.json  ca.pem      server-csr.json  server.pem
    ca.csr          ca-key.pem   server.csr  server-key.pem                   //生成成功
  • 部署etcd服務
    [root@master01 etcd-cert]# cd /mnt/           //進入宿主機掛載過來的目錄
    [root@master01 mnt]# ls
    etcd-cert     etcd-v3.3.10-linux-amd64.tar.gz     k8s-cert.sh                           master.zip
    etcd-cert.sh  flannel.sh                          kubeconfig.sh                         node.zip
    etcd.sh       flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
    [root@master01 mnt]# cp etcd-v3.3.10-linux-amd64.tar.gz flannel-v0.10.0-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz etcd.sh /root/k8s/     //將軟件包與etcd執行腳本復制到k8s工作目錄中
    [root@master01 mnt]# cd /root/k8s/                   //回到k8s工作目錄
    [root@master01 k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz       //解壓etcd軟件包
    etcd-v3.3.10-linux-amd64/
    etcd-v3.3.10-linux-amd64/Documentation/
    etcd-v3.3.10-linux-amd64/Documentation/platforms/
    etcd-v3.3.10-linux-amd64/Documentation/platforms/container-linux-systemd.md
    etcd-v3.3.10-linux-amd64/Documentation/platforms/aws.md
    etcd-v3.3.10-linux-amd64/Documentation/platforms/freebsd.md
    etcd-v3.3.10-linux-amd64/Documentation/rfc/
    ...
    [root@master01 k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p    //遞歸創建etcd工作目錄
    [root@master01 k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/   //將etcd命令文件復制到工作目錄中bin目錄下
    [root@master01 k8s]# ls /opt/etcd/bin/      //查看
    etcd  etcdctl
    [root@master01 k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/    //拷貝證書文件到etcd工作目錄ssl目錄下
    [root@master01 k8s]# ls /opt/etcd/ssl/         //查看
    ca-key.pem  ca.pem  server-key.pem  server.pem
    [root@master01 k8s]# bash etcd.sh etcd01 192.168.80.12 etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380    //執行啟動腳本 etcd01為master01服務器地址 etcd02、etcd03為node01、node02IP地址,稍后我們將分別在node01、node02中部署etcd,組成etcd群集,腳本執行同時生成etcd配置文件
    Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
    //執行啟動腳本后會進入卡住狀態,等待其他節點加入,它也有一定的超時時間,超過超時時間會出現報錯,不用理會
  • 重新開啟新的會話框

    [root@master01 ~]# ps -ef | grep etcd    //查看進程是否開啟
    root      16146      1  0 17:14 ?        00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.80.12:2380 --listen-client-urls=https://192.168.80.12:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.80.12:2379 --initial-advertise-peer-urls=https://192.168.80.12:2380 --initial-cluster=etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
    root      16191  16160  0 17:15 pts/1    00:00:00 grep --color=auto etcd    //成功開啟
    [root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.13:/opt/           //拷貝etcd工作目錄到node01節點
    The authenticity of host '192.168.80.13 (192.168.80.13)' can't be established.
    ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
    ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.80.13' (ECDSA) to the list of known hosts.
    root@192.168.80.13's password:
    etcd                                                                       100%  509   495.7KB/s   00:00
    etcd                                                                       100%   18MB  98.7MB/s   00:00
    etcdctl                                                                    100%   15MB  95.0MB/s   00:00
    ca-key.pem                                                                 100% 1675     1.6MB/s   00:00
    ca.pem                                                                     100% 1265   416.6KB/s   00:00
    server-key.pem                                                             100% 1675     2.3MB/s   00:00
    server.pem                                                                 100% 1338     2.0MB/s   00:00
    [root@master01 ~]# scp -r /opt/etcd/ root@192.168.80.14:/opt/         //拷貝etcd工作目錄到node02節點
    The authenticity of host '192.168.80.14 (192.168.80.14)' can't be established.
    ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
    ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.80.14' (ECDSA) to the list of known hosts.
    root@192.168.80.14's password:
    etcd                                                                       100%  509   523.8KB/s   00:00
    etcd                                                                       100%   18MB  79.6MB/s   00:00
    etcdctl                                                                    100%   15MB 140.4MB/s   00:00
    ca-key.pem                                                                 100% 1675     1.9MB/s   00:00
    ca.pem                                                                     100% 1265   296.4KB/s   00:00
    server-key.pem                                                             100% 1675     2.4MB/s   00:00
    server.pem                                                                 100% 1338   423.3KB/s   00:00
    [root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.13:/usr/lib/systemd/system/               //啟動腳本拷貝到node01節點
    root@192.168.80.13's password:
    etcd.service                                                               100%  923   628.8KB/s   00:00
    [root@master01 ~]# scp /usr/lib/systemd/system/etcd.service root@192.168.80.14:/usr/lib/systemd/system/               //啟動腳本拷貝到node02節點
    root@192.168.80.14's password:
    etcd.service                                                               100%  923   684.8KB/s   00:00
    node01服務器操作
  • 更改復制過來的etcd配置文件

    [root@node01 ~]# systemctl stop firewalld.service       //關閉防火墻
    [root@node01 ~]# setenforce 0                           //關閉selinux
    [root@node01 ~]# vim /opt/etcd/cfg/etcd
    #[Member] 
    ETCD_NAME="etcd02"                 //更改名稱為etcd02
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    ETCD_LISTEN_PEER_URLS="https://192.168.80.13:2380"    //更改IP地址為192.168.80.13
    ETCD_LISTEN_CLIENT_URLS="https://192.168.80.13:2379"  //更改IP地址為192.168.80.13
    
    #[Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.13:2380"   //更改IP地址為192.168.80.13
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.13:2379"         //更改IP地址為192.168.80.13
    ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"                           //注意:此處不用改動
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
    ETCD_INITIAL_CLUSTER_STATE="new"
    :wq 
    [root@node01 ~]# systemctl start etcd             //編輯完成后直接啟動etcd服務
    [root@node01 ~]# systemctl status etcd            //查看服務狀態
    ● etcd.service - Etcd Server
    Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
    Active: active (running) since 日 2020-02-09 17:25:38 CST; 50s ago    //正常運行
    Main PID: 15905 (etcd)
    ...
    node02服務器操作
  • 更改復制過來的etcd配置文件

    [root@node02 ~]# systemctl stop firewalld.service        //關閉防火墻
    [root@node02 ~]# setenforce 0                           //關閉selinux
    [root@node02 ~]# vim /opt/etcd/cfg/etcd
    #[Member]
    ETCD_NAME="etcd03"                                     //更改名稱為etcd03
    ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
    ETCD_LISTEN_PEER_URLS="https://192.168.80.14:2380"     //更改IP地址為192.168.80.14
    ETCD_LISTEN_CLIENT_URLS="https://192.168.80.14:2379"   //更改IP地址為192.168.80.14
    
    #[Clustering]
    ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.80.14:2380"      //更改IP地址為192.168.80.14
    ETCD_ADVERTISE_CLIENT_URLS="https://192.168.80.14:2379"            //更改IP地址為192.168.80.14
    ETCD_INITIAL_CLUSTER="etcd01=https://192.168.80.12:2380,etcd02=https://192.168.80.13:2380,etcd03=https://192.168.80.14:2380"             //注意:此處不用改動
    ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
    ETCD_INITIAL_CLUSTER_STATE="new"
    :wq
    [root@node02 ~]# systemctl start etcd        //啟動服務
    [root@node02 ~]# systemctl status etcd       //查看狀態
    ● etcd.service - Etcd Server
    Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
    Active: active (running) since 日 2020-02-09 17:32:29 CST; 4s ago   //成功運行
    Main PID: 15926 (etcd)
    ...
    回到master01服務器操作
檢查群集狀態
[root@master01 k8s]# cd etcd-cert/      //進入證書目錄 因為要使用ca證書驗證查看,所有要進入證書存放目錄中查看
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.80.12:2379,https://192.168.80.13:2379,https://192.168.80.14:2379" cluster-health        //使用目錄查看群集狀態
member accc4008f61328 is healthy: got healthy result from https://192.168.80.13:2379
member 88ef2b8e883800a0 is healthy: got healthy result from https://192.168.80.12:2379
member fafd8a15257570ee is healthy: got healthy result from https://192.168.80.14:2379
cluster is healthy        //群集創建成功

看完這篇文章,你們學會kubernetes中etcd組件的部署方法了嗎?如果還想學到更多技能或想了解更多相關內容,歡迎關注億速云行業資訊頻道,感謝各位的閱讀!

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

喀喇沁旗| 平江县| 改则县| 内乡县| 平和县| 长春市| 苗栗县| 鄂州市| 新泰市| 扎囊县| 容城县| 南康市| 云龙县| 天峻县| 东丽区| 建昌县| 慈溪市| 虹口区| 阳江市| 乃东县| 安龙县| 普安县| 鹿邑县| 万安县| 乌拉特前旗| 兖州市| 孟州市| 连云港市| 红桥区| 盐池县| 利川市| 龙口市| 长宁区| 麟游县| 长乐市| 旬阳县| 扶余县| 炎陵县| 区。| 库伦旗| 临朐县|