首先TLS的目的是为了鉴权为了防止别人任意的连接上你的etcd集群。其实意思就是说如果你要放到公网上的ETCD集群,并开放端口,我建议你一定要用TLS。
如果你的ETCD集群跑在一个内网环境比如(VPC环境),而且你也不会开放ETCD端口,你的ETCD跑在防火墙之后,一个安全的局域网中,那么你用不用TLS,都行。
请依次在你规划好的etcd机器上运行即可
etcd-s1
mkdir -p /var/etcd docker rm etcd1 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd1 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s1 --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://192.168.150.141:2380 \ --advertise-client-urls http://192.168.150.141:2379,http://192.168.150.141:2380 \ -initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" \
-initial-cluster-state new
etcd-s2
mkdir -p /var/etcd docker rm etcd2 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd2 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s2 --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://192.168.150.142:2380 \ --advertise-client-urls http://192.168.150.142:2379,http://192.168.150.142:2380 \ -initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" -initial-cluster-state new
etcd-s3
mkdir -p /var/etcd docker rm etcd3 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd3 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s3 --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://192.168.150.143:2380 \ --advertise-client-urls http://192.168.150.143:2379,http://192.168.150.143:2380 \ -initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" -initial-cluster-state new
验证
? ETCDCTL_API=3 etcdctl member list 410feb26f4fa3c7f: name=etcd-s1 peerURLs=http://192.168.150.141:2380 clientURLs=http://192.168.150.141:2379,http://192.168.150.141:2380 56fa117fc503543c: name=etcd-s3 peerURLs=http://192.168.150.143:2380 clientURLs=http://192.168.150.143:2379,http://192.168.150.143:2380 bc4d900274366497: name=etcd-s2 peerURLs=http://192.168.150.142:2380 clientURLs=http://192.168.150.142:2379,http://192.168.150.142:2380 ? ETCDCTL_API=3 etcdctl cluster-health member 410feb26f4fa3c7f is healthy: got healthy result from http://192.168.150.141:2379 member 56fa117fc503543c is healthy: got healthy result from http://192.168.150.143:2379 member bc4d900274366497 is healthy: got healthy result from http://192.168.150.142:2379 cluster is healthy
到此ETCD集群部署完毕。
原文:https://www.cnblogs.com/skymyyang/p/10576278.html