当前位置：首页 > news >正文

分布式键值存储系统 etcd 集群部署指南

news 2025/9/18 9:12:37

文章目录

一、环境描述
二、基础配置
三、在所有节点安装docker
四、配置etcd集群
五、在所有节点配置flannel网络
六、生成k8s组件间通信需要的证书

一、环境描述

192.168.183.10 server1.linux.com
192.168.183.11 server2.linux.com
192.168.183.12 serve3.linux.com

二、基础配置

1、关闭SELinux, 防火墙、配置时间同步
2、添加所有主机名解析
3、配置所有节点免密SSH

三、在所有节点安装docker

[root@server1 ~]# cat /etc/docker/daemon.json 
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"]}[root@server1 ~]# docker version 
Client: Docker Engine - CommunityVersion:           20.10.6API version:       1.41Go version:        go1.13.15Git commit:        370c289Built:             Fri Apr  9 22:45:33 2021OS/Arch:           linux/amd64Context:           defaultExperimental:      trueServer: Docker Engine - CommunityEngine:Version:          20.10.6API version:      1.41 (minimum version 1.12)Go version:       go1.13.15Git commit:       8728dd2Built:            Fri Apr  9 22:43:57 2021OS/Arch:          linux/amd64Experimental:     falsecontainerd:Version:          1.4.4GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8erunc:Version:          1.0.0-rc93GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdecdocker-init:Version:          0.19.0GitCommit:        de40ad0

四、配置etcd集群

安装etcd数据库

[root@server1 src]# tar xf etcd-v3.4.15-linux-amd64.tar.gz 
[root@server1 src]# cd etcd-v3.4.15-linux-amd64/
[root@server1 etcd-v3.4.15-linux-amd64]# cp etcd etcdctl /usr/local/bin/

编辑etcd配置文件

[root@server1 ~]# mkdir /etc/etcd
[root@server1 ~]# mkdir /var/lib/etcd
[root@server1 ~]# vim /etc/etcd/etcd.conf
ETCD_NAME=etcd1
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_CLIENT_URLS="http://192.168.183.10:2379,http://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="http://192.168.183.10:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.183.10:2380"
ETCD_INITIAL_CLUSTER="etcd1=http://192.168.183.10:2380,etcd2=http://192.168.183.11:2380,etcd3=http://192.168.183.12:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.183.10:2379"

编写etcd启动脚本

[root@server2 ~]# cat /etc/systemd/system/etcd.service 
[Unit]
Description=Etcd Server
After=network.target[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/bin/etcd --enable-v2"
Type=notify
[Install]
WantedBy=multi-user.target

GOMAXPROCS=设置etcd的进程数
–enable-v2
作用: 兼容v2版本的API
此etcd数据库为3.4版本，其API版本为V3，而后续flannel写入网络信息时，需要连接V2版本的API写入

启动etcd服务

[root@server1 ~]# systemctl daemon-reload
[root@server1 ~]# systemctl enable etcd.service
[root@server1 ~]# systemctl start etcd.service

此时，第一个节点启动etcd服务时会卡住，无法正常启动；因为我们是以集群的方式部署etcd，它启动时会尝试连接配置文件中的其他节点，当连接不到时，会无法正常启动。可以按ctrl + c终止启动，通过查看进程可以看到etcd进程存在；等待其他节点配置完成，再次启动即可！

[root@server1 ~]# netstat -antp | grep etcd
tcp        0      0 192.168.183.10:2379     0.0.0.0:*               LISTEN      2191/etcd           [root@server1 ~]# ps -elf | grep etcd
4 S root       2191      1  3  80   0 - 2653208 futex_ 20:30 ?      00:00:36 /usr/local/bin/etcd

另外两个节点按照相同的配置即可，仅需要注意修改etcd.conf配置文件中的监听地址、节点名称即可

查看etcd集群运行状态

查看集群状态

[root@server1 ~]# etcdctl member list
594853835b20098, started, etcd3, http://192.168.183.12:2380, http://192.168.183.12:2379, false
bce1def4364b82f9, started, etcd1, http://192.168.183.10:2380, http://192.168.183.10:2379, false
e1d1c6fc7809991b, started, etcd2, http://192.168.183.11:2380, http://192.168.183.11:2379, false[root@server1 ~]# etcdctl --endpoints=http://192.168.183.10:2379,http://192.168.183.11:2379,192.168.183.12:2379 endpoint status --write-out=table
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|          ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| http://192.168.183.10:2379 | bce1def4364b82f9 |  3.4.15 |   25 kB |      true |      false |        65 |          9 |                  9 |        |
| http://192.168.183.11:2379 | e1d1c6fc7809991b |  3.4.15 |   20 kB |     false |      false |        65 |          9 |                  9 |        |
|        192.168.183.12:2379 |  594853835b20098 |  3.4.15 |   25 kB |     false |      false |        65 |          9 |                  9 |        |
+----------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+[root@server1 ~]# etcdctl --endpoints=http://192.168.183.10:2379,http://192.168.183.11:2379,192.168.183.12:2379 endpoint health
http://192.168.183.10:2379 is healthy: successfully committed proposal: took = 5.499123ms
192.168.183.12:2379 is healthy: successfully committed proposal: took = 5.767108ms
http://192.168.183.11:2379 is healthy: successfully committed proposal: took = 5.437299ms

查看etcd数据库版本

[root@server1 ~]# etcd --version
etcd Version: 3.4.15
Git SHA: aa7126864
Go Version: go1.12.17
Go OS/Arch: linux/amd64

查看etcd API版本

[root@server1 ~]# etcdctl version
etcdctl version: 3.4.15
API version: 3.4

早期的etcd数据库API版本为V2，本文档使用的数据库API版本为V3， V3版本与早期的V2版本操作指令具有很大的不同，可以通过etcdctl --help查看相应指令帮助
早期数据库API V2版本时，可以通过定义环境变量的方式修改API版本为3

# export ETCDCTL_API=3

五、在所有节点配置flannel网络

安装flannel

[root@server1 src]# tar xf flannel-v0.13.0-linux-amd64.tar.gz 
[root@server1 src]# cp flanneld mk-docker-opts.sh /usr/local/bin/

向etcd数据库写入flannel网络信息

[root@server1 src]# export ETCDCTL_API=2
[root@server1 src]# etcdctl set /coreos.com/network/config '{"Network": "172.16.0.0/16"}'

编写flanneld启动脚本

[root@server1 src]# cat /etc/systemd/system/flannel.service 
[Unit]
Description=Flanneld
Documentation=https://github.com/coreos/flannel
After=network.target
Before=docker.service[Service]
User=root
ExecStartPost=/usr/local/bin/mk-docker-opts.sh
ExecStart=/usr/local/bin/flanneld \
--etcd-endpoints=http://192.168.183.10:2379,http://192.168.183.11:2379,http://192.168.183.12:2379 \
--iface=192.168.183.10 \
--ip-masq=true \
--etcd-prefix=/coreos.com/network
Restart=on-failure
Type=notify
LimitNOFILE=65536[Install]
WantedBy=multi-user.target# systemctl daemon-reload
# systemctl enable flannel.service 
# systemctl start flannel.service

修改docker启动脚本，重启docker

[root@server1 src]# vim/usr/lib/systemd/system/docker.service 
EnvironmentFile=-/run/docker_opts.env
ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd:// --containerd=/run/containerd/containerd.sock[root@server1 src]# systemctl daemon-reload
[root@server1 src]# systemctl restart docker

验证docker网络被flannel接管

[root@server1 src]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500inet 172.16.57.1  netmask 255.255.255.0  broadcast 172.16.57.255inet6 fe80::42:c0ff:fe16:8875  prefixlen 64  scopeid 0x20<link>ether 02:42:c0:16:88:75  txqueuelen 0  (Ethernet)RX packets 13  bytes 924 (924.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 18  bytes 1544 (1.5 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0[root@server1 src]# ifconfig flannel0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1472inet 172.16.57.0  netmask 255.255.255.255  destination 172.16.57.0inet6 fe80::768c:9099:95c0:6ad  prefixlen 64  scopeid 0x20<link>unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)RX packets 10  bytes 840 (840.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 13  bytes 984 (984.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

将flanneld相关命令、管理脚本拷贝到另外两个节点

[root@server1 src]# rsync -av /etc/systemd/system/flannel.service root@192.168.183.11:/etc/systemd/system/flannel.service 
[root@server1 src]# rsync -av /etc/systemd/system/flannel.service root@192.168.183.12:/etc/systemd/system/flannel.service[root@server1 src]# rsync -av /usr/local/bin/flanneld root@192.168.183.11:/usr/local/bin/
[root@server1 src]# rsync -av /usr/local/bin/mk-docker-opts.sh root@192.168.183.11:/usr/local/bin/[root@server1 src]# rsync -av /usr/local/bin/flanneld root@192.168.183.12:/usr/local/bin/
[root@server1 src]#  rsync -av /usr/local/bin/mk-docker-opts.sh root@192.168.183.12:/usr/local /bin/

将另外两个节点中flannel脚本–iface=修改为对应的IP地址，启动flanneld；
同样的方法修改docker启动脚本，添加flannel选项，重启docker即可！！！！

验证容器间的通信

在三个节点分别创建容器，测试容器间可相互通信即可，到此，flannel网络部署完毕！

# docker run -tid busybox 
# docker exec -ti b283 /bin/sh/ # ping 172.16.69.2
PING 172.16.69.2 (172.16.69.2): 56 data bytes
64 bytes from 172.16.69.2: seq=0 ttl=60 time=0.860 ms
64 bytes from 172.16.69.2: seq=1 ttl=60 time=1.877 ms
64 bytes from 172.16.69.2: seq=2 ttl=60 time=0.962 ms/ # ping 172.16.87.2
PING 172.16.87.2 (172.16.87.2): 56 data bytes64 bytes from 172.16.87.2: seq=0 ttl=60 time=1.294 ms
64 bytes from 172.16.87.2: seq=1 ttl=60 time=1.066 ms

六、生成k8s组件间通信需要的证书

证书说明

ca.pem、ca-key.pem
CA的证书、密钥
server.pem server-key.pem
kube-apiserver组件的证书，基于https提供服务
admin.pem、admin-key.pem
kubectl客户端工具与kube-apiserver通信时使用的证书
kube-proxy.pem、kube-proxy-key.pem
kube-proxy组件与kube-apiserver通信时使用的证书
kubelet
kubelet启动时，需要向kube-apiserver进行注册，注册时需要token认证
同时kube-apiserver会向kubelet自动颁发证书