mirrors/kubernetes-the-hard-way
1
0
Fork 0
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way.git synced 2025-12-15 17:28:58 +03:00
Code Issues Projects Releases Wiki Activity

update to Kubernetes 1.4

Browse Source
This commit is contained in:
Kelsey Hightower
2016-09-27 05:23:35 -07:00
parent 7fe980da3e
commit be84590c87
9 changed files with 121 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
docs/03-etcd.md
View File

@@ -2,9 +2,9 @@
In this lab you will bootstrap a 3 node etcd cluster. The following virtual machines will be used:
* etcd0
* etcd1
* etcd2
* controller0
* controller1
* controller2
## Why
@@ -18,37 +18,47 @@ following reasons:
## Provision the etcd Cluster
Run the following commands on `etcd0`, `etcd1`, `etcd2`:
Run the following commands on `controller0`, `controller1`, `controller2`:
Move the TLS certificates in place:
### TLS Certificates
The TLS certificates created in the [Setting up a CA and TLS Cert Generation](02-certificate-authority.md) lab will be used to secure communication between the Kubernetes API server and the etcd cluster. The TLS certificates will also be used to limit access to the etcd cluster using TLS client authentication. Only clients with a TLS certificate signed by a trusted CA will be able to access the etcd cluster.
Copy the TLS certificates to the etcd configuration directory:
```
sudo mkdir -p /etc/etcd/
```
```
sudo mv ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/
sudo cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/
```
Download and install the etcd binaries:
### Download and Install the etcd binaries
Download the official etcd release binaries from `coreos/etcd` GitHub project:
```
wget https://github.com/coreos/etcd/releases/download/v3.0.8/etcd-v3.0.8-linux-amd64.tar.gz
wget https://github.com/coreos/etcd/releases/download/v3.0.10/etcd-v3.0.10-linux-amd64.tar.gz
```
Extract and install the `etcd` server binary and the `etcdctl` command line client:
```
tar -xvf etcd-v3.0.10-linux-amd64.tar.gz
```
```
tar -xvf etcd-v3.0.8-linux-amd64.tar.gz
sudo mv etcd-v3.0.10-linux-amd64/etcd* /usr/bin/
```
```
sudo cp etcd-v3.0.8-linux-amd64/etcd* /usr/bin/
```
All etcd data is stored under the etcd data directory. In a production cluster the data directory should be backed by a persistent disk. Create the etcd data directory:
```
sudo mkdir -p /var/lib/etcd
```
Create the etcd systemd unit file:
The etcd server will be started and managed by systemd. Create the etcd systemd unit file:
```
cat > etcd.service <<"EOF"
@@ -57,6 +67,7 @@ Description=etcd
Documentation=https://github.com/coreos
[Service]
Type=notify
ExecStart=/usr/bin/etcd --name ETCD_NAME \
--cert-file=/etc/etcd/kubernetes.pem \
--key-file=/etc/etcd/kubernetes-key.pem \
@@ -69,7 +80,7 @@ ExecStart=/usr/bin/etcd --name ETCD_NAME \
--listen-client-urls https://INTERNAL_IP:2379,http://127.0.0.1:2379 \
--advertise-client-urls https://INTERNAL_IP:2379 \
--initial-cluster-token etcd-cluster-0 \
--initial-cluster etcd0=https://10.240.0.10:2380,etcd1=https://10.240.0.11:2380,etcd2=https://10.240.0.12:2380 \
--initial-cluster controller0=https://10.240.0.10:2380,controller1=https://10.240.0.11:2380,controller2=https://10.240.0.12:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
Restart=on-failure
@@ -82,6 +93,8 @@ EOF
### Set The Internal IP Address
The internal IP address will be used by etcd to serve client requests and communicate with other etcd peers.
#### GCE
```
@@ -97,12 +110,14 @@ INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
---
Set the etcd name:
Each etcd member must have a unique name within an etcd cluster. Set the etcd name:
```
ETCD_NAME=etcd$(echo $INTERNAL_IP | cut -c 11)
ETCD_NAME=controller$(echo $INTERNAL_IP | cut -c 11)
```
Substitute the etcd name and internal IP address:
```
sed -i s/INTERNAL_IP/${INTERNAL_IP}/g etcd.service
```
@@ -111,15 +126,21 @@ sed -i s/INTERNAL_IP/${INTERNAL_IP}/g etcd.service
sed -i s/ETCD_NAME/${ETCD_NAME}/g etcd.service
```
Once the etcd systemd unit file is ready, move it to the systemd system directory:
```
sudo mv etcd.service /etc/systemd/system/
```
Start etcd:
Start the etcd server:
```
sudo systemctl daemon-reload
```
```
sudo systemctl enable etcd
```
```
sudo systemctl start etcd
```
@@ -130,13 +151,13 @@ sudo systemctl start etcd
sudo systemctl status etcd --no-pager
```
> Remember to run these steps on `etcd0`, `etcd1`, and `etcd2`
> Remember to run these steps on `controller0`, `controller1`, and `controller2`
## Verification
Once all 3 etcd nodes have been bootstrapped verify the etcd cluster is healthy:
* SSH to etcd0 and run the following commands:
* On one of the controller nodes run the following command:
```
etcdctl --ca-file=/etc/etcd/ca.pem cluster-health