【K8S etcd篇】部署etcd 3.4.14 集群
路漫漫其修远兮,坑何其多?今天不讲etcd集群的搭建步骤,只记述期间填过的坑。etcd集群,通过etcdctl member list和etcdctl cluster-health、etcdctl endpoint health进行检查,正常效果如下:# etcdctl --peers https://192.168.35.7:2379 --ca-file=/opt/etcd/tls-certs/
目录
路漫漫其修远兮,坑何其多?今天不讲etcd集群的搭建步骤,只记述期间填过的坑。
etcd集群,通过etcdctl member list和etcdctl cluster-health、etcdctl endpoint health进行检查,正常效果如下:
# etcdctl --peers https://192.168.35.7:2379 --ca-file=/opt/etcd/tls-certs/ca.pem --cert-file=/opt/etcd/tls-certs/etcd.pem --key-file=/opt/etcd/tls-certs/etcd-key.pem cluster-health
member c89f8d837b9c7450 is healthy: got healthy result from https://192.168.35.9:2379
member dabd12ada3a87b39 is healthy: got healthy result from https://192.168.35.7:2379
member f828487d27d0f36b is healthy: got healthy result from https://192.168.35.8:2379
cluster is healthy
# etcdctl --peers https://192.168.35.7:2379 --ca-file=/opt/etcd/tls-certs/ca.pem --cert-file=/opt/etcd/tls-certs/etcd.pem --key-file=/opt/etcd/tls-certs/etcd-key.pem member list
c89f8d837b9c7450: name=etcd-9 peerURLs=https://192.168.35.9:2380 clientURLs=https://192.168.35.9:2379 isLeader=false
dabd12ada3a87b39: name=etcd-7 peerURLs=https://192.168.35.7:2380 clientURLs=https://192.168.35.7:2379 isLeader=false
f828487d27d0f36b: name=etcd-8 peerURLs=https://192.168.35.8:2380 clientURLs=https://192.168.35.8:2379 isLeader=true
问题一
报错:
etcd[684865]: the server is already initialized as member before, starting as etcd member...
etcd[684865]: cannot listen on TLS for 192.168.35.7:2380: KeyFile and CertFile are not presented
解决:清空data-dir目录后,重新启动
问题二
报错:
"failed to start etcd","error":"cannot listen on TLS for 192.168.35.7:2380: KeyFile and CertFile are not presented"
"discovery failed","error":"cannot listen on TLS for 192.168.35.7:2380: KeyFile and CertFile are not presented"
解决:只是用--config-file参数配置etcd时,etcd.config.yaml配置错误导致的,如下是etcd 证书认证相关的配置(参考:etcd/etcd.conf.yml.sample at main · etcd-io/etcd · GitHub):
--client-cert-auth \
--trusted-ca-file /etc/ssl/certs/etcd/ca.pem \
--cert-file /etc/ssl/certs/etcd/server.pem \
--key-file /etc/ssl/certs/etcd/server-key.pem \
--peer-client-cert-auth \
--peer-trusted-ca-file: /etc/ssl/certs/etcd/ca.pem \
--peer-cert-file: /etc/ssl/certs/etcd/server.pem \
--peer-key-file: /etc/ssl/certs/etcd/server-key.pem \对应etcd.config.yaml配置文件:
client-transport-security:
cert-file: /etc/ssl/certs/etcd/server.pem
key-file: /etc/ssl/certs/etcd/server-key.pem
trusted-ca-file: /etc/ssl/certs/etcd/ca.pem
client-cert-auth: true
peer-transport-security:
cert-file: /opt/etcd/tls-certs/etcd.pem
key-file: /opt/etcd/tls-certs/etcd-key.pem
trusted-ca-file: /opt/etcd/tls-certs/ca.pem
client-cert-auth: true问题三
问题:etcdctl member list查看成员列表,没有显示leader
cluster may be unhealthy: failed to list members
Error: unexpected status code 404
解决1:etcdctl通过ETCDCTL_API=3查询的member list就是没有leader信息的,需要通过API2.0进行查询。ETCD3.4版本ETCDCTL_API=3 etcdctl 和 etcd --enable-v2=false 成为了默认配置,进行API2.0进行查询需要如下设置:
客户端:export ETCDCTL_API=2
服务端:etcd.config.yaml中增加enable-v2: true,并重启etcd服务。解决2:API=3,使用如下命令:ETCDCTL_API=3 etcdctl endpoint status --cluster -w table
注意:etcd集群所有节点都要启动enable-v2: true,否则会出现在API2.0下执行etcdctl命令,时而成功、时而报“unexpected status code 404”
ETCDCTL API 2和3之间的子命令已经命令参数均有所不同,下面是API 3.0执行member list:
# etcdctl --endpoints https://192.168.35.8:2379 --cacert=/opt/etcd/tls-certs/ca.pem --cert=/opt/etcd/tls-certs/etcd.pem --key=/opt/etcd/tls-certs/etcd-key.pem member list
c89f8d837b9c7450, started, etcd-9, https://192.168.35.9:2380, https://192.168.35.9:2379, false
dabd12ada3a87b39, started, etcd-7, https://192.168.35.7:2380, https://192.168.35.7:2379, false
f828487d27d0f36b, started, etcd-8, https://192.168.35.8:2380, https://192.168.35.8:2379, false
附件
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献6条内容
所有评论(0)