centos8集群部署etcd
要在测试环境中以非 TLS 模式(纯 IP + 端口)部署一个 3 节点的 etcd 集群用于 Kubernetes,可以参考以下步骤。你当前有三台机器:
| 节点 | IP | 角色 |
|---|---|---|
| zk1 | 192.168.3.72 | master |
| zk2 | 192.168.3.60 | node |
| zk3 | 192.168.3.75 | node |
我们用 etcd 二进制方式部署,构建 3 节点 etcd 集群,端口固定使用默认的 2379(client)和 2380(peer)。
🧱 1. 环境准备(所有节点执行)
# 下载 etcd(以 v3.5.12 为例)
wget https://github.com/etcd-io/etcd/releases/download/v3.5.12/etcd-v3.5.12-linux-amd64.tar.gz
tar -xzf etcd-v3.5.12-linux-amd64.tar.gz
sudo mv etcd-v3.5.12-linux-amd64/etcd* /usr/local/bin/# 创建 etcd 数据目录
sudo mkdir -p /var/lib/etcd
sudo chown -R root:root /var/lib/etcd
sudo chmod 700 /var/lib/etcd⚙️ 2. 设置各节点名称和集群定义
以下是每个节点配置建议(可以用 systemd 管理):
📍 节点 zk1(192.168.3.72):/etc/systemd/system/etcd.service
[Unit]
Description=etcd zk1
Documentation=https://github.com/etcd-io/etcd
After=network.target[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \--name zk1 \--data-dir=/var/lib/etcd \--listen-client-urls=https://192.168.3.72:2379,https://127.0.0.1:2379 \--advertise-client-urls=https://192.168.3.72:2379 \--listen-peer-urls=https://192.168.3.72:2380 \--initial-advertise-peer-urls=https://192.168.3.72:2380 \--initial-cluster=zk1=https://192.168.3.72:2380,zk2=https://192.168.3.60:2380,zk3=https://192.168.3.75:2380 \--initial-cluster-token=etcd-cluster-1 \--initial-cluster-state=new \--cert-file=/etc/kubernetes/pki/etcd/server.crt \--key-file=/etc/kubernetes/pki/etcd/server.key \--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \--client-cert-auth=true \--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt \--peer-key-file=/etc/kubernetes/pki/etcd/peer.key \--peer-client-cert-auth=true \--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crtRestart=on-failure
LimitNOFILE=65536[Install]
WantedBy=multi-user.target
📍 节点 zk2(192.168.3.60):/etc/systemd/system/etcd.service
[Unit]
Description=etcd zk2
Documentation=https://github.com/etcd-io/etcd
After=network.target[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \--name zk2 \--data-dir=/var/lib/etcd \--listen-client-urls=https://192.168.3.60:2379,https://127.0.0.1:2379 \--advertise-client-urls=https://192.168.3.60:2379 \--listen-peer-urls=https://192.168.3.60:2380 \--initial-advertise-peer-urls=https://192.168.3.60:2380 \--initial-cluster=zk1=https://192.168.3.72:2380,zk2=https://192.168.3.60:2380,zk3=https://192.168.3.75:2380 \--initial-cluster-token=etcd-cluster-1 \--initial-cluster-state=new \--cert-file=/etc/kubernetes/pki/etcd/server.crt \--key-file=/etc/kubernetes/pki/etcd/server.key \--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \--client-cert-auth=true \--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt \--peer-key-file=/etc/kubernetes/pki/etcd/peer.key \--peer-client-cert-auth=true \--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crtRestart=on-failure
LimitNOFILE=65536[Install]
WantedBy=multi-user.target
📍 节点 zk3(192.168.3.75):/etc/systemd/system/etcd.service
[Unit]
Description=etcd zk3
Documentation=https://github.com/etcd-io/etcd
After=network.target[Service]
Type=notify
ExecStart=/usr/local/bin/etcd \--name zk3 \--data-dir=/var/lib/etcd \--listen-client-urls=https://192.168.3.75:2379,https://127.0.0.1:2379 \--advertise-client-urls=https://192.168.3.75:2379 \--listen-peer-urls=https://192.168.3.75:2380 \--initial-advertise-peer-urls=https://192.168.3.75:2380 \--initial-cluster=zk1=https://192.168.3.72:2380,zk2=https://192.168.3.60:2380,zk3=https://192.168.3.75:2380 \--initial-cluster-token=etcd-cluster-1 \--initial-cluster-state=new \--cert-file=/etc/kubernetes/pki/etcd/server.crt \--key-file=/etc/kubernetes/pki/etcd/server.key \--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt \--client-cert-auth=true \--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt \--peer-key-file=/etc/kubernetes/pki/etcd/peer.key \--peer-client-cert-auth=true \--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crtRestart=on-failure
LimitNOFILE=65536[Install]
WantedBy=multi-user.target
📌 注意事项:
--initial-cluster所有节点必须完全一致所有节点第一次启动必须为
--initial-cluster-state new如果 etcd 数据目录不为空则无法用
new启动,重启时需改为existing
🚀 启动和验证
每台机器上执行以下命令启用并启动服务:
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl enable etcd
sudo systemctl start etcd
sudo systemctl status etcd
✅ 4. 验证集群状态(任一节点执行)
etcdctl --endpoints="http://192.168.3.72:2379,http://192.168.3.60:2379,http://192.168.3.75:2379" endpoint health
查看成员:
etcdctl --endpoints=http://192.168.3.72:2379 member list