helm repo add bitnami https://charts.bitnami.com/bitnami

带快照安装

helm install new-release bitnami/etcd \
  --set statefulset.replicaCount=3 \
  --set persistence.enabled=true \
  --set persistence.size=8Gi \
  --set startFromSnapshot.enabled=true \
  --set startFromSnapshot.existingClaim=my-claim \
  --set startFromSnapshot.snapshotFilename=my-snapshot.db

简单安装

helm install etcd bitnami/etcd \
  --set replicaCount=3 \
  --set persistence.enabled=true \
  --set global.storageClass=rook-ceph-block \
  --set persistence.size=2Gi \
  --set service.type=NodePort

或者自定义安装

helm pull  bitnami/etcd --untar
vim values.yaml 添加更多参数
运行
[root@node60 es]# helm install etcd etcd/
NAME: etcd
LAST DEPLOYED: Mon Dec  6 00:07:50 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: etcd
CHART VERSION: 6.10.4
APP VERSION: 3.5.1

** Please be patient while the chart is being deployed **

etcd can be accessed via port 2379 on the following DNS name from within your cluster:

    etcd.default.svc.cluster.local

To create a pod that you can use as a etcd client run the following command:

    kubectl run etcd-client --restart='Never' --image marketplace.azurecr.io/bitnami/etcd:3.5.1-debian-10-r31 --env ROOT_PASSWORD=$(kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 --decode) --env ETCDCTL_ENDPOINTS="etcd.default.svc.cluster.local:2379" --namespace default --command -- sleep infinity

Then, you can set/get a key using the commands below:

    kubectl exec --namespace default -it etcd-client -- bash
    etcdctl --user root:$ROOT_PASSWORD put /message Hello
    etcdctl --user root:$ROOT_PASSWORD get /message

To connect to your etcd server from outside the cluster execute the following commands:

    kubectl port-forward --namespace default svc/etcd 2379:2379 &
    echo "etcd URL: http://127.0.0.1:2379"

 * As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password:

    export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 --decode)

测试
I have no name!@etcd-client:/opt/bitnami/etcd$ etcdctl --user root:$ROOT_PASSWORD get /message
/message
Hello

I have no name!@etcd-client:/opt/bitnami/etcd$  etcdctl --user root:$ROOT_PASSWORD put /message jb 
#####################
I have no name!@etcd-client:/opt/bitnami/etcd$ etcdctl --user root:$ROOT_PASSWORD get /message jb
/message
jb
cli客户端测试
### 获取密码
kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 -d
[root@node60 etcd-v3.5.1-linux-amd64]# kubectl get svc | grep etcd
etcd            NodePort    10.111.45.140   <none>        2379:40488/TCP,2380:60630/TCP   7h14m
etcd-headless   ClusterIP   None            <none>        2379/TCP,2380/TCP               7h14m

[root@node60 etcd-v3.5.1-linux-amd64]# ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" member list -w table
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
|        ID        | STATUS  |  NAME  |                         PEER ADDRS                         |                                             CLIENT ADDRS                                              | IS LEARNER |
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
| 45a18acb10aa275e | started | etcd-2 | http://etcd-2.etcd-headless.default.svc.cluster.local:2380 | http://etcd-2.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 |      false |
| 936ce633ac273d75 | started | etcd-1 | http://etcd-1.etcd-headless.default.svc.cluster.local:2380 | http://etcd-1.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 |      false |
| df3b2df95cd5fd29 | started | etcd-0 | http://etcd-0.etcd-headless.default.svc.cluster.local:2380 | http://etcd-0.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 |      false |
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
[root@node60 etcd-v3.5.1-linux-amd64]#  ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" member list
45a18acb10aa275e, started, etcd-2, http://etcd-2.etcd-headless.default.svc.cluster.local:2380, http://etcd-2.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false
936ce633ac273d75, started, etcd-1, http://etcd-1.etcd-headless.default.svc.cluster.local:2380, http://etcd-1.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false
df3b2df95cd5fd29, started, etcd-0, http://etcd-0.etcd-headless.default.svc.cluster.local:2380, http://etcd-0.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false

[root@node60 etcd-v3.5.1-linux-amd64]# ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" get / --prefix=true --keys-only
/message

再推荐一个etcd客户端

官网
https://etcdmanager.io/
//下载链接
https://github.com/gtamas/etcdmanager/releases/download/1.2.0/etcd-manager-1.2.0-osx.dmg

https://github.com/gtamas/etcdmanager/releases/download/1.2.0/etcd-manager-1.2.0-win64.exe

在这里插入图片描述

在这里插入图片描述

ETCD 3.5.3版启用ssl
https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-security/
https://artifacthub.io/packages/helm/bitnami/etcd
helm install my-etcd \
 --set persistence.storageClass=openebs-hostpath \
 --set replicaCount=3 \
 --set persistence.size=1Gi \
 --set auth.rbac.enabled=true \
 --set auth.rbac.rootPassword="123qweasd" \
 --set auth.client.secureTransport=true \
 --set auth.client.useAutoTLS=true \
 --set auth.client.caFilename="ca.pem" \
 --set auth.client.existingSecret="etcd-client-certs" \
 --set auth.peer.secureTransport=true \
 --set auth.peer.useAutoTLS=true \
 --set auth.peer.caFilename="ca.pem" \
 --set resources.limits.cpu=2 \
 --set resources.requests.cpu=300m \
 --set resources.limits.memory=1000Mi \
 --set resources.requests.memory=156Mi \
  bitnami/etcd --version 8.0.1
  
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐