我是靠谱客的博主 明理麦片,最近开发中收集的这篇文章主要介绍部署 etcd 3 节点集群1. 准备csr文件2. 准备签名配置文件3.生成etcd证书和私钥(已事先准备好ca证书和私钥)4. 把证书分发到各个节点的/etc/etcd,创建/var/lib/etcd目录5. 在3个节点启动etcd6. 查看成员状态7. 查看endpoint状态8. 备份etcd, 只能备份一个结点9. 查看备份,觉得挺不错的,现在分享给大家,希望可以做个参考。
概述
1. 准备csr文件
etcd-csr.json
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.220.121",
"192.168.220.122",
"192.168.220.123"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"CN": "CN",
"ST": "BeiJing",
"O": "k8s",
"OU": "yngwie",
"L": "BeiJing"
}
]
}
2. 准备签名配置文件
ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"k8s": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "876000h"
}
}
}
}
3.生成etcd证书和私钥(已事先准备好ca证书和私钥)
$ cfssl gencert -ca=ca.crt
-ca-key=ca.key
-config=ca-config.json
-profile=k8s etcd-csr.json | cfssljson -bare etcd
4. 把证书分发到各个节点的/etc/etcd,创建/var/lib/etcd目录
5. 在3个节点启动etcd
./etcd --advertise-client-urls=https://192.168.220.121:2479 --cert-file=etcd.pem --client-cert-auth=true --data-dir=/var/lib/etcd1 --initial-advertise-peer-urls=https://192.168.220.121:2480 --initial-cluster=e1=https://192.168.220.121:2480,e2=https://192.168.220.122:2480,e3=https://192.168.220.123:2480 --key-file=etcd-key.pem --listen-client-urls=https://127.0.0.1:2479,https://192.168.220.121:2479 --listen-metrics-urls=http://127.0.0.1:2481 --listen-peer-urls=https://192.168.220.121:2480 --peer-cert-file=etcd.pem --peer-client-cert-auth=true --peer-key-file=etcd-key.pem --peer-trusted-ca-file=ca.crt --snapshot-count=10000 --trusted-ca-file=ca.crt --name=e1
./etcd --advertise-client-urls=https://192.168.220.122:2479 --cert-file=etcd.pem --client-cert-auth=true --data-dir=/var/lib/etcd --initial-advertise-peer-urls=https://192.168.220.122:2480 --initial-cluster=e1=https://192.168.220.121:2480,e2=https://192.168.220.122:2480,e3=https://192.168.220.123:2480 --key-file=etcd-key.pem --listen-client-urls=https://127.0.0.1:2479,https://192.168.220.122:2479 --listen-metrics-urls=http://127.0.0.1:2481 --listen-peer-urls=https://192.168.220.122:2480 --peer-cert-file=etcd.pem --peer-client-cert-auth=true --peer-key-file=etcd-key.pem --peer-trusted-ca-file=ca.crt --snapshot-count=10000 --trusted-ca-file=ca.crt --name=e2
./etcd --advertise-client-urls=https://192.168.220.123:2479 --cert-file=etcd.pem --client-cert-auth=true --data-dir=/var/lib/etcd --initial-advertise-peer-urls=https://192.168.220.123:2480 --initial-cluster=e1=https://192.168.220.121:2480,e2=https://192.168.220.122:2480,e3=https://192.168.220.123:2480 --key-file=etcd-key.pem --listen-client-urls=https://127.0.0.1:2479,https://192.168.220.123:2479 --listen-metrics-urls=http://127.0.0.1:2481 --listen-peer-urls=https://192.168.220.123:2480 --peer-cert-file=etcd.pem --peer-client-cert-auth=true --peer-key-file=etcd-key.pem --peer-trusted-ca-file=ca.crt --snapshot-count=10000 --trusted-ca-file=ca.crt --name=e3
6. 查看成员状态
$ ./etcdctl --cacert=ca.crt --cert=etcd.pem --key=etcd-key.pem --endpoints=https://192.168.220.121:2479,https://192.168.220.122:2479,https://192.168.220.123:2479 member list
233107b54f466600, started, e2, https://192.168.220.122:2480, https://192.168.220.122:2479, false
68510ebb26e5951d, started, e3, https://192.168.220.123:2480, https://192.168.220.123:2479, false
a8ed76fdaaccdbca, started, e1, https://192.168.220.121:2480, https://192.168.220.121:2479, false
7. 查看endpoint状态
$ ./etcdctl --cacert=ca.crt --cert=etcd.pem --key=etcd-key.pem --endpoints=https://192.168.220.121:2479,https://192.168.220.122:2479,https://192.168.220.123:2479 endpoint status --write-out=table
+------------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+------------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| https://192.168.220.121:2479 | a8ed76fdaaccdbca | 3.4.0 | 20 kB | false | false | 47 | 19 | 19 | |
| https://192.168.220.122:2479 | 233107b54f466600 | 3.4.0 | 20 kB | true | false | 47 | 19 | 19 | |
| https://192.168.220.123:2479 | 68510ebb26e5951d | 3.4.0 | 29 kB | false | false | 47 | 19 | 19 | |
+------------------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
8. 备份etcd, 只能备份一个结点
$ ./etcdctl --cacert=ca.crt --cert=etcd.pem --key=etcd-key.pem --endpoints=https://192.168.220.122:2479 snapshot save snapshot-etcd
{"level":"info","ts":1591772525.710396,"caller":"snapshot/v3_snapshot.go:109","msg":"created temporary db file","path":"snapshot-etcd.part"}
{"level":"warn","ts":"2020-06-10T15:02:05.716+0800","caller":"clientv3/retry_interceptor.go:116","msg":"retry stream intercept"}
{"level":"info","ts":1591772525.7161868,"caller":"snapshot/v3_snapshot.go:120","msg":"fetching snapshot","endpoint":"https://192.168.220.122:2479"}
{"level":"info","ts":1591772525.7202048,"caller":"snapshot/v3_snapshot.go:133","msg":"fetched snapshot","endpoint":"https://192.168.220.122:2479","took":0.009444471}
{"level":"info","ts":1591772525.7204468,"caller":"snapshot/v3_snapshot.go:142","msg":"saved","path":"snapshot-etcd"}
Snapshot saved at snapshot-etcd
9. 查看备份
$ ./etcdctl --cacert=ca.crt --cert=etcd.pem --key=etcd-key.pem --endpoints=https://192.168.220.123:2479 snapshot status snapshot-etcd --write-out=table
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| b3c3a9a5 | 2 | 7 | 20 kB |
+----------+----------+------------+------------+
最后
以上就是明理麦片为你收集整理的部署 etcd 3 节点集群1. 准备csr文件2. 准备签名配置文件3.生成etcd证书和私钥(已事先准备好ca证书和私钥)4. 把证书分发到各个节点的/etc/etcd,创建/var/lib/etcd目录5. 在3个节点启动etcd6. 查看成员状态7. 查看endpoint状态8. 备份etcd, 只能备份一个结点9. 查看备份的全部内容,希望文章能够帮你解决部署 etcd 3 节点集群1. 准备csr文件2. 准备签名配置文件3.生成etcd证书和私钥(已事先准备好ca证书和私钥)4. 把证书分发到各个节点的/etc/etcd,创建/var/lib/etcd目录5. 在3个节点启动etcd6. 查看成员状态7. 查看endpoint状态8. 备份etcd, 只能备份一个结点9. 查看备份所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复