官方二进制包下载地址：https://github.com/etcd-io/etcd/releases

1. 创建 etcd 配置文件

cat > $WORK_DIR/cfg/etcd <<EOF
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.31.63:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.31.63:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.31.63:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.31.63:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.31.63:2380,etcd02=https://192.168.31.65:2380,etcd03=https://192.168.31.66:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

ETCD_NAME -- 节点名称
ETCD_DATA_DIR -- 数据目录
ETCD_LISTEN_PEER_URLS -- 集群通信监听地址
ETCD_LISTEN_CLIENT_URLS -- 客户端访问监听地址
ETCD_INITIAL_ADVERTISE_PEER_URLS -- 集群通告地址
ETCD_ADVERTISE_CLIENT_URLS -- 客户端通告地址
ETCD_INITIAL_CLUSTER -- 集群节点地址
ETCD_INITIAL_CLUSTER_TOKEN -- 集群Token
ETCD_INITIAL_CLUSTER_STATE -- 加入集群的当前状态，new是新集群，existing表示加入已有集群

2. systemd 管理 etcd

cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd
ExecStart=/opt/etcd/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=/opt/etcd/ssl/server.pem \
--key-file=/opt/etcd/ssl/server-key.pem \
--peer-cert-file=/opt/etcd/ssl/server.pem \
--peer-key-file=/opt/etcd/ssl/server-key.pem \
--trusted-ca-file=/opt/etcd/ssl/ca.pem \
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

3. 把生成的证书拷贝到配置文件中的位置

cp ca.pem  server-key.pem  server.pem /opt/etcd/ssl/
cfssl-certinfo --cert /k8s/etcd-cert/server.pem

4. 启动并设置开机启动

systemctl start etcd
systemctl enable etcd

5. 检查etcd集群状态

/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://172.16.1.83:2379,https://172.16.1.85:2379,https://172.16.1.86:2379" cluster-health

6. 如果有问题第一步先看日志

/var/log/message 或 journalctl -u etcd