CKA [Installation] – Ubuntu 从0架设，安装ETCD

1. 在Terminal 内设置Public Ip

SERVER_IP=52.221.196.204 (change this to your IP)

echo $SERVER_IP

2. 设置Certificate

cd /root/certificates/

openssl genrsa -out etcd.key 2048

cat > etcd.cnf <<EOF
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = ${SERVER_IP}
IP.2 = 127.0.0.1
EOF

openssl req -new -key etcd.key -subj "/CN=etcd" -out etcd.csr -config etcd.cnf

openssl x509 -req -in etcd.csr -CA ca.crt -CAkey ca.key -CAcreateserial  -out etcd.crt -extensions v3_req -extfile etcd.cnf -days 1000

3. Copy 证书和key 到 /etc/etcd

mkdir /etc/etcd

cp etcd.crt etcd.key ca.crt /etc/etcd

4. Copy ETCD 和 ETCDCTL Binaries 到 bin path

如何你还没下载etcd的话，就需要参考这个文章：https://www.pangzai.win/cka-installation-ubuntu-%e4%bb%8e0%e6%9e%b6%e8%ae%be%ef%bc%8c%e4%b8%8b%e8%bd%bdkubernetes-binary-files/

cd /root/binaries/etcd-v3.6.5-linux-amd64

cp etcd etcdctl /usr/local/bin/

5. 配置systemd文件，以便无需terminal开着才能启动程序，而且也能一开机就自动运行

cat <<EOF | sudo tee /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos

[Service]
ExecStart=/usr/local/bin/etcd \\
  --name master-1 \\
  --cert-file=/etc/etcd/etcd.crt \\
  --key-file=/etc/etcd/etcd.key \\
  --peer-cert-file=/etc/etcd/etcd.crt \\
  --peer-key-file=/etc/etcd/etcd.key \\
  --trusted-ca-file=/etc/etcd/ca.crt \\
  --peer-trusted-ca-file=/etc/etcd/ca.crt \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --initial-advertise-peer-urls https://${SERVER_IP}:2380 \\
  --listen-peer-urls https://${SERVER_IP}:2380 \\
  --listen-client-urls https://${SERVER_IP}:2379,https://127.0.0.1:2379 \\
  --advertise-client-urls https://${SERVER_IP}:2379 \\
  --initial-cluster-token etcd-cluster-0 \\
  --initial-cluster master-1=https://${SERVER_IP}:2380 \\
  --initial-cluster-state new \\
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

6. 启动etcd的服务

systemctl start etcd

systemctl enable etcd

systemctl status etcd

7. 测试

ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/etcd/ca.crt --cert=/etc/etcd/etcd.crt --key=/etc/etcd/etcd.key put course "kplabs cka course is awesome"

ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --cacert=/etc/etcd/ca.crt --cert=/etc/etcd/etcd.crt --key=/etc/etcd/etcd.key get course