docker创建etcd集群,用于k8s集群使用;
1.创建YAML# 使用你主机的IP地址或可解析的域名设置HOST0、HOST1和HOST2export HOST0=192.168.50.121export HOST1=192.168.50.122export HOST2=192.168.50.123# 创建临时目录来存储最终将在其他主机上运行的文件mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HO
·
1.创建YAML
# 使用你主机的IP地址或可解析的域名设置HOST0、HOST1和HOST2
export HOST0=192.168.50.121
export HOST1=192.168.50.122
export HOST2=192.168.50.123
# 创建临时目录来存储最终将在其他主机上运行的文件
mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
NAMES=("etcd-1" "etcd-2" "etcd-3")
for i in "${!ETCDHOSTS[@]}"; do
HOST=${ETCDHOSTS[$i]}
NAME=${NAMES[$i]}
cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
apiVersion: "kubeadm.k8s.io/v1beta2"
kind: ClusterConfiguration
etcd:
local:
serverCertSANs:
- "${HOST}"
peerCertSANs:
- "${HOST}"
extraArgs:
initial-cluster: ${NAMES[0]}=https://${ETCDHOSTS[0]}:2380,${NAMES[1]}=https://${ETCDHOSTS[1]}:2380,${NAMES[2]}=https://${ETCDHOSTS[2]}:2380
initial-cluster-state: new
name: ${NAME}
listen-peer-urls: https://${HOST}:2380
listen-client-urls: https://${HOST}:2379
advertise-client-urls: https://${HOST}:2379
initial-advertise-peer-urls: https://${HOST}:2380
imageRepository: registry.aliyuncs.com/google_containers
EOF
done
2.证书生成并ssh到其它服务器
kubeadm init phase certs etcd-ca
HOST1=192.168.50.121
HOST2=192.168.50.122
HOST3=192.168.50.123
kubeadm init phase certs etcd-server --config=/tmp/${HOST3}/kubeadmcfg.yaml
kubeadm init phase certs etcd-peer --config=/tmp/${HOST3}/kubeadmcfg.yaml
kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST3}/kubeadmcfg.yaml
kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST3}/kubeadmcfg.yaml
cp -R /etc/kubernetes/pki /tmp/${HOST3}/
find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
kubeadm init phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
kubeadm init phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
cp -R /etc/kubernetes/pki /tmp/${HOST2}/
# cleanup non-reusable certificates
find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
kubeadm init phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
kubeadm init phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
kubeadm init phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
kubeadm init phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
# No need to move the certs because they are for HOST0
# clean up certs that should not be copied off this host
find /tmp/${HOST2} -name ca.key -type f -delete
find /tmp/${HOST3} -name ca.key -type f -delete
rsync -a /tmp/${HOST3}/pki ${HOST3}:/etc/kubernetes/
rsync -a /tmp/${HOST2}/pki ${HOST2}:/etc/kubernetes/
rsync -a /tmp/${HOST3}/kubeadmcfg.yaml ${HOST3}:~/.
rsync -a /tmp/${HOST2}/kubeadmcfg.yaml ${HOST2}:~/.
3.自行docker脚本,每台机器ip和名称不一样,总共4个地方需要修改
NAME=etcd-3
HOST1=192.168.50.121
HOST2=192.168.50.122
HOST3=192.168.50.123
LOCALHOST=192.168.50.121
ETCD_VERSION=3.4.13-0
#---------------------------------------
docker run -d \
--name ${NAME} \
--hostname ${NAME} \
--restart always \
-p 2379:2379 \
-p 2380:2380 \
-v /etc/kubernetes:/etc/kubernetes \
-v /var/lib/etcd:/var/lib/etcd \
registry.aliyuncs.com/google_containers/etcd:${3.4.13-0} \
etcd \
--advertise-client-urls=https://${LOCALHOST}:2379 \
--cert-file=/etc/kubernetes/pki/etcd/server.crt \
--client-cert-auth=true \
--data-dir=/var/lib/etcd \
--initial-advertise-peer-urls=https://${LOCALHOST}:2380 \
--initial-cluster=etcd-1=https://${HOST1}:2380,etcd-2=https://${HOST2}:2380,etcd-3=https://${HOST3}:2380 \
--initial-cluster-state=new \
--key-file=/etc/kubernetes/pki/etcd/server.key \
--listen-client-urls=https://0.0.0.0:2379 \
--listen-metrics-urls=http://127.0.0.1:2381 \
--listen-peer-urls=https://0.0.0.0:2380 \
--name=${NAME} \
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt \
--peer-client-cert-auth=true \
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key \
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \
--snapshot-count=10000 \
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
4.查看etcd集群状态 2个方法
#方法2,注意etcd版本
docker run --rm -it \
-v /etc/kubernetes:/etc/kubernetes registry.aliyuncs.com/google_containers/etcd:3.4.13-0 etcdctl \
--cert /etc/kubernetes/pki/etcd/peer.crt \
--key /etc/kubernetes/pki/etcd/peer.key \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--endpoints https://192.168.50.121:2379 endpoint health --cluster
# 方法2,注意修改etcd-1名称
docker exec [etcd-1] etcdctl \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/etcd/peer.crt \
--key /etc/kubernetes/pki/etcd/peer.key \
--endpoints=https://192.168.50.121:2379 endpoint health --cluster
更多推荐
已为社区贡献1条内容
所有评论(0)