前言:
etcd基本背景介绍:
etcd是kubernetes集群内的一个基础组件,同时也是比较多的其它集群的官方推荐组件,主要特点如下:
由coreos团队开发并开源的分布式键值存储系统,具备以下特点:
- 简单:提供定义明确且面向用户的API
- 安全:支持SSL证书验证
- 性能:基准压测支持1w+/sec写入
- 可靠:采用Raft协议保证分布式系统数据的可用性和一致性
这里要着重强调一哈 :开源@!!!!!!!!!!!!可靠!!!!
同类型的键值对存储系统还有zookeeper,console(go语言编写的,其实也适合kubernetes的,但没有进入官方推荐,重要提示:Consul 所在的 HashiCorp 公司宣布,不允许中国境内使用该公司旗下的产品和软件。 不过也幸好没进入过kubernetes官方推荐)等等。
一,etcd数据库的环境变量配置:
为了简化etcd的增删改查操作,需要配置一哈环境变量,本例以配置了ssl的etcd集群为例。
etcd集群的配置文件:
可以看到,该etcd集群是三个节点的集群,这个是其中一个节点的配置文件,因此,其它节点name是etcd-2,etcd-3
[root@master ~]# cat /opt/etcd/cfg/etcd.conf #[Member] ETCD_NAME="etcd-1" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.217.16:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.217.16:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.217.16:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.217.16:2379" ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.217.16:2380,etcd-2=https://192.168.217.17:2380,etcd-3=https://192.168.217.18:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
启动脚本:
主要是稍后会使用到证书存放路径
[root@master ~]# cat /usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=/opt/etcd/cfg/etcd.conf ExecStart=/opt/etcd/bin/etcd \ --name=${ETCD_NAME} \ --data-dir=${ETCD_DATA_DIR} \ --listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \ --initial-cluster-state=new \ --cert-file=/opt/etcd/ssl/server.pem \ --key-file=/opt/etcd/ssl/server-key.pem \ --peer-cert-file=/opt/etcd/ssl/server.pem \ --peer-key-file=/opt/etcd/ssl/server-key.pem \ --trusted-ca-file=/opt/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
根据以上配置文件,写入如下变量到 /etc/profile 文件内
vim /etc/profile
做了一个别名命令,名字为etcd_search,将相关证书和etcd的客户端做了相关绑定
export ETCDCTL_API=3 alias etcd_search=/opt/etcd/bin/etcdctl --endpoints=192.168.217.16 \ --cert=/opt/etcd/ssl/server.pem \ --key=/opt/etcd/ssl/server-key.pem \ --cacert=/opt/etcd/ssl/ca.pem
激活变量:
source /etc/profile
二,etcd状态查询
[root@master ~]# etcd_search member list -w table +------------------+---------+--------+-----------------------------+-----------------------------+ | ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | +------------------+---------+--------+-----------------------------+-----------------------------+ | 1a58a86408898c44 | started | etcd-1 | https://192.168.217.16:2380 | https://192.168.217.16:2379 | | 67146ac2958941d0 | started | etcd-2 | https://192.168.217.17:2380 | https://192.168.217.17:2379 | | e078026890aff6e3 | started | etcd-3 | https://192.168.217.18:2380 | https://192.168.217.18:2379 | +------------------+---------+--------+-----------------------------+-----------------------------+
etcd健康查询(其实有上面那一个就可以了,都是started状态了嘛):
[root@master ~]# etcd_search endpoint health -w table 127.0.0.1:2379 is healthy: successfully committed proposal: took = 2.981431ms
kubernetes集群有哪几个节点查询(简略信息):
[root@master ~]# etcd_search get /registry/minions/ --prefix --keys-only /registry/minions/k8s-master /registry/minions/k8s-node1 /registry/minions/k8s-node2
kubernetes集群状态查询(详细信息):
看到这些不要慌,都是使用base64加密过的信息,解一哈密就可以了,例如:
[root@master ~]# echo "L3JlZ2lzdHJ5L21pbmlvbnMvazhzLW1hc3Rlcg==" |base64 -d /registry/minions/k8s-master
查询规则:
查询某个key的值,–keys-only=false表示要给出value,该参数默认值即为false,,如果要查询不包括values, –keys-only=true即可,所以该参数可以不出现,-w=json表示输出json格式。 python -m json.tool 表示使用python的内置模块json.tool 处理一哈数据
[root@master ~]# etcd_search get /registry/minions/ --prefix --keys-only -w json | python -m json.tool { "count": 3, "header": { "cluster_id": 16483616014024957692, "member_id": 1898452390530092100, "raft_term": 12, "revision": 719002 }, "kvs": [ { "create_revision": 13103, "key": "L3JlZ2lzdHJ5L21pbmlvbnMvazhzLW1hc3Rlcg==", "mod_revision": 718962, "version": 4016 }, { "create_revision": 48118, "key": "L3JlZ2lzdHJ5L21pbmlvbnMvazhzLW5vZGUx", "mod_revision": 718963, "version": 1077 }, { "create_revision": 48351, "key": "L3JlZ2lzdHJ5L21pbmlvbnMvazhzLW5vZGUy", "mod_revision": 718961, "version": 1083 } ] }
查询kubernetes的default 命名空间:
查询一哈default这个命名空间内的详情
[root@master ~]# etcd_search get /registry/namespaces/default --prefix --keys-only=false -w=json | python -m json.tool { "count": 1, "header": { "cluster_id": 16483616014024957692, "member_id": 1898452390530092100, "raft_term": 12, "revision": 718975 }, "kvs": [ { "create_revision": 148, "key": "L3JlZ2lzdHJ5L25hbWVzcGFjZXMvZGVmYXVsdA==", "mod_revision": 148, "value": "azhzAAoPCgJ2MRIJTmFtZXNwYWNlErIBCpcBCgdkZWZhdWx0EgAaACIAKiQ1ODlhYWQ1My00YTM4LTQ4OWMtODE0NS04ODA1ODc4MDhjZDIyADgAQggI7+OlmAYQAHoAigFPCg5rdWJlLWFwaXNlcnZlchIGVXBkYXRlGgJ2MSIICO/jpZgGEAAyCEZpZWxkc1YxOh0KG3siZjpzdGF0dXMiOnsiZjpwaGFzZSI6e319fRIMCgprdWJlcm5ldGVzGggKBkFjdGl2ZRoAIgA=", "version": 1 } ] }
