1、部署etcd文件

cd /data/app/k8s-ssl/
cp  ca.pem kubernetes-key.pem kubernetes.pem /data/app/etcd/ssl/

2、 创建etcd服务配置文件
vim etcd.sh

ETCD_NAME=`hostname`
INTERNAL_IP=`hostname -i`
INITIAL_CLUSTER=zy-nph-skg-fat-channel-redis-yace01=https://172.31.170.15:2380,zy-nph-skg-fat-channel-redis-yace02=https://172.31.170.16:2380,zy-nph-skg-fat-channel-redis-yace03=https://172.31.170.17:2380
SSL_PATH=/data/app/etcd/ssl
cat << EOF | sudo tee /etc/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos

[Service]
ExecStart=/usr/local/bin/etcd \\
  --name ${ETCD_NAME} \\
  --cert-file=${SSL_PATH}/kubernetes.pem \\
  --key-file=${SSL_PATH}/kubernetes-key.pem \\
  --peer-cert-file=${SSL_PATH}/kubernetes.pem \\
  --peer-key-file=${SSL_PATH}/kubernetes-key.pem \\
  --trusted-ca-file=${SSL_PATH}/ca.pem \\
  --peer-trusted-ca-file=${SSL_PATH}/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\
  --listen-peer-urls https://${INTERNAL_IP}:2380 \\
  --listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\
  --advertise-client-urls https://${INTERNAL_IP}:2379 \\
  --initial-cluster-token etcd-cluster-0 \\
  --initial-cluster ${INITIAL_CLUSTER} \\
  --initial-cluster-state new \\
  --data-dir=/data/app/etcd/data
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

3、 启动etcd集群服务

systemctl daemon-reload

systemctl enable etcd

systemctl start etcd

4、 验证etcd集群服务

export ETCDCTL_API=3
etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem   --cert=/data/app/etcd/ssl/kubernetes.pem   --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint status --write-out=table
etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem   --cert=/data/app/etcd/ssl/kubernetes.pem   --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint health --write-out=table