K8S部署ETCD集群
helm repo add bitnami https://charts.bitnami.com/bitnamihelm install new-release bitnami/etcd \--set statefulset.replicaCount=3 \--set persistence.enabled=true \--set persistence.size=8Gi \--set start
·
helm repo add bitnami https://charts.bitnami.com/bitnami
带快照安装
helm install new-release bitnami/etcd \
--set statefulset.replicaCount=3 \
--set persistence.enabled=true \
--set persistence.size=8Gi \
--set startFromSnapshot.enabled=true \
--set startFromSnapshot.existingClaim=my-claim \
--set startFromSnapshot.snapshotFilename=my-snapshot.db
简单安装
helm install etcd bitnami/etcd \
--set replicaCount=3 \
--set persistence.enabled=true \
--set global.storageClass=rook-ceph-block \
--set persistence.size=2Gi \
--set service.type=NodePort
或者自定义安装
helm pull bitnami/etcd --untar
vim values.yaml 添加更多参数
运行
[root@node60 es]# helm install etcd etcd/
NAME: etcd
LAST DEPLOYED: Mon Dec 6 00:07:50 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: etcd
CHART VERSION: 6.10.4
APP VERSION: 3.5.1
** Please be patient while the chart is being deployed **
etcd can be accessed via port 2379 on the following DNS name from within your cluster:
etcd.default.svc.cluster.local
To create a pod that you can use as a etcd client run the following command:
kubectl run etcd-client --restart='Never' --image marketplace.azurecr.io/bitnami/etcd:3.5.1-debian-10-r31 --env ROOT_PASSWORD=$(kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 --decode) --env ETCDCTL_ENDPOINTS="etcd.default.svc.cluster.local:2379" --namespace default --command -- sleep infinity
Then, you can set/get a key using the commands below:
kubectl exec --namespace default -it etcd-client -- bash
etcdctl --user root:$ROOT_PASSWORD put /message Hello
etcdctl --user root:$ROOT_PASSWORD get /message
To connect to your etcd server from outside the cluster execute the following commands:
kubectl port-forward --namespace default svc/etcd 2379:2379 &
echo "etcd URL: http://127.0.0.1:2379"
* As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password:
export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 --decode)
测试
I have no name!@etcd-client:/opt/bitnami/etcd$ etcdctl --user root:$ROOT_PASSWORD get /message
/message
Hello
I have no name!@etcd-client:/opt/bitnami/etcd$ etcdctl --user root:$ROOT_PASSWORD put /message jb
#####################
I have no name!@etcd-client:/opt/bitnami/etcd$ etcdctl --user root:$ROOT_PASSWORD get /message jb
/message
jb
cli客户端测试
### 获取密码
kubectl get secret --namespace default etcd -o jsonpath="{.data.etcd-root-password}" | base64 -d
[root@node60 etcd-v3.5.1-linux-amd64]# kubectl get svc | grep etcd
etcd NodePort 10.111.45.140 <none> 2379:40488/TCP,2380:60630/TCP 7h14m
etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 7h14m
[root@node60 etcd-v3.5.1-linux-amd64]# ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" member list -w table
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
| 45a18acb10aa275e | started | etcd-2 | http://etcd-2.etcd-headless.default.svc.cluster.local:2380 | http://etcd-2.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 | false |
| 936ce633ac273d75 | started | etcd-1 | http://etcd-1.etcd-headless.default.svc.cluster.local:2380 | http://etcd-1.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 | false |
| df3b2df95cd5fd29 | started | etcd-0 | http://etcd-0.etcd-headless.default.svc.cluster.local:2380 | http://etcd-0.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379 | false |
+------------------+---------+--------+------------------------------------------------------------+-------------------------------------------------------------------------------------------------------+------------+
[root@node60 etcd-v3.5.1-linux-amd64]# ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" member list
45a18acb10aa275e, started, etcd-2, http://etcd-2.etcd-headless.default.svc.cluster.local:2380, http://etcd-2.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false
936ce633ac273d75, started, etcd-1, http://etcd-1.etcd-headless.default.svc.cluster.local:2380, http://etcd-1.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false
df3b2df95cd5fd29, started, etcd-0, http://etcd-0.etcd-headless.default.svc.cluster.local:2380, http://etcd-0.etcd-headless.default.svc.cluster.local:2379,http://etcd.default.svc.cluster.local:2379, false
[root@node60 etcd-v3.5.1-linux-amd64]# ./etcdctl --user root:siXyhmEXLl --endpoints="http://192.168.8.62:40488" get / --prefix=true --keys-only
/message
再推荐一个etcd客户端
官网
https://etcdmanager.io/
//下载链接
https://github.com/gtamas/etcdmanager/releases/download/1.2.0/etcd-manager-1.2.0-osx.dmg
https://github.com/gtamas/etcdmanager/releases/download/1.2.0/etcd-manager-1.2.0-win64.exe
ETCD 3.5.3版启用ssl
https://docs.bitnami.com/kubernetes/infrastructure/etcd/administration/enable-security/
https://artifacthub.io/packages/helm/bitnami/etcd
helm install my-etcd \
--set persistence.storageClass=openebs-hostpath \
--set replicaCount=3 \
--set persistence.size=1Gi \
--set auth.rbac.enabled=true \
--set auth.rbac.rootPassword="123qweasd" \
--set auth.client.secureTransport=true \
--set auth.client.useAutoTLS=true \
--set auth.client.caFilename="ca.pem" \
--set auth.client.existingSecret="etcd-client-certs" \
--set auth.peer.secureTransport=true \
--set auth.peer.useAutoTLS=true \
--set auth.peer.caFilename="ca.pem" \
--set resources.limits.cpu=2 \
--set resources.requests.cpu=300m \
--set resources.limits.memory=1000Mi \
--set resources.requests.memory=156Mi \
bitnami/etcd --version 8.0.1
更多推荐
已为社区贡献82条内容
所有评论(0)