1. 首頁 > 生活百科 > >

使用 etcdadm 快速、彈性部署 etcd 集群

生活百科

Etcd 是一個可靠的分布式鍵值存儲, 常用于分布式系統關鍵數據的存儲;而 etcdadm 是一個用于操作 etcd 集群的命令行工具,它可以輕松創建集群、向現有集群添加成員、從現有集群中刪除成員等操作;其使用方式類似 kubeadm, 即主要操作流程為: 先啟動第一個集群節點 , 后續節點直接 join 即可
建議通過 PC 端 , 訪問 運維技術幫 (https://ywjsbang.com) 以獲取更好閱讀體驗,由于精力有限,該文章的后續更新、完善僅限此處,望理解 !!
測試環境節點主機名節點 IP 地址系統版本etcd 版本etcdadm 版本c7192.168.31.37CentOS 7.9.2009 ( 5.4.180-1.el7 )V3.5.5V0.1.5c8192.168.31.38同上同上同上c9192.168.31.39同上同上同上安裝 etcdadm1、預編譯二進制安裝
wget https://github.com/kubernetes-sigs/etcdadm/releases/download/v0.1.5/etcdadm-linux-amd64mv etcdadm-linux-amd64 /usr/local/bin/etcdadmchmod +x /usr/local/bin/etcdadmscp /usr/local/bin/etcdadm 192.168.31.{38,39}:/usr/local/bin/2、各節點系統防火墻放行端口 2379,2380
firewall-cmd --add-port=2379/tcpfirewall-cmd --add-port=2380/tcp初始化 etcd 節點1、初始化第一個 etcd 集群節點
etcdadm init \--version "3.5.5" \--init-system "systemd" \--install-dir "/opt/bin/" \--certs-dir "/etc/etcd/pki" \--data-dir "/var/lib/etcd" \--release-url "https://github.com/etcd-io/etcd/releases/download"# 主要選項解析--version# 指定部署的 etcd 版本--init-system# 設置 etcd 進程管理方式,默認 systemd,取值 kubelet 時 , 則以容器方法運行 etcd 進程--install-dir# etcd 二進制程序安裝目錄2、etcdadm init 初始化過程解析
# 下載解壓、安裝二進制文件 etcd、etcdctl2022-10-20 14:26:12.781166 I | [install] Artifact not found in cache. Trying to fetch from upstream: https://github.com/etcd-io/etcd/releases/downloadINFO[0000] [install] Downloading & installing etcd https://github.com/etcd-io/etcd/releases/download from 3.5.5 to /var/cache/etcdadm/etcd/v3.5.5INFO[0000] [install] downloading etcd from https://github.com/etcd-io/etcd/releases/download/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gz to /var/cache/etcdadm/etcd/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gzINFO[0009] [install] extracting etcd archive /var/cache/etcdadm/etcd/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gz to /tmp/etcd641204404INFO[0009] [install] verifying etcd 3.5.5 is installed in /opt/bin/# 生成一個自簽名的 CA 證書及私鑰INFO[0001] [certificates] creating PKI assetsINFO[0001] creating a self signed etcd CA certificate and key files[certificates] Generated ca certificate and key.> /etc/etcd/pki/ca.crt> /etc/etcd/pki/ca.key# 生成一個 server 證書及私鑰INFO[0001] creating a new server certificate and key files for etcd[certificates] Generated server certificate and key.[certificates] server serving cert is signed for DNS names [c7] and IPs [192.168.31.37 127.0.0.1]# > /etc/etcd/pki/server.crt# > /etc/etcd/pki/server.key# 生成一個 peer 證書及私鑰INFO[0001] creating a new certificate and key files for etcd peering[certificates] Generated peer certificate and key.[certificates] peer serving cert is signed for DNS names [c7] and IPs [192.168.31.37]# > /etc/etcd/pki/peer.crt# > /etc/etcd/pki/peer.key# 生成一個用于 etcdctl 的 client 證書及私鑰INFO[0001] creating a new client certificate for the etcdctl[certificates] Generated etcdctl-etcd-client certificate and key.# > /etc/etcd/pki/etcdctl-etcd-client.crt# > /etc/etcd/pki/etcdctl-etcd-client.key# 生成一個用于 k8s apiserver 調用 etcd 時的 client 證書及私鑰INFO[0002] creating a new client certificate for the apiserver calling etcd[certificates] Generated apiserver-etcd-client certificate and key.[certificates] valid certificates and keys now exist in "/etc/etcd/pki"# > /etc/etcd/pki/apiserver-etcd-client.crt# > /etc/etcd/pki/apiserver-etcd-client.key# 檢查本地 etcd 端點是否健康INFO[0003] [health] Checking local etcd endpoint healthINFO[0003] [health] Local etcd endpoint is healthy# 復制 CA cert/key 到其它 etcd 節點,并在其它 etcd 節點運行 etcdadm join 命令, 將其它 etcd 節點加入集群INFO[0003] To add another member to the cluster, copy the CA cert/key to its certificate dir and run:INFO[0003]etcdadm join https://192.168.31.37:23793、向其它節點分發 CA 根證書及私鑰
ssh root@192.168.31.38 "mkdir /etc/etcd/pki/"scp -r /etc/etcd/pki/{ca.crt,ca.key} 192.168.31.38:/etc/etcd/pki/ssh root@192.168.31.39 "mkdir /etc/etcd/pki/"scp -r /etc/etcd/pki/{ca.crt,ca.key} 192.168.31.39:/etc/etcd/pki/添加 etcd 節點若當前主機無法下載 , 可提前將 etcd 二進制程序包存放在如下路徑: /var/cache/etcdadm/etcd/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gz
1、添加節點 192.168.31.38
etcdadm join https://192.168.31.38:2379 \--version "3.5.5" \--init-system "systemd" \--install-dir "/opt/bin/"\--certs-dir"/etc/etcd/pki" \--data-dir "/var/lib/etcd"\--release-url "https://github.com/etcd-io/etcd/releases/download"

推薦閱讀