一、常见环境变量
# Environment file for etcd v3.4.13 ETCD_DATA_DIR=/var/lib/etcd ETCD_ADVERTISE_CLIENT_URLS=https://192.168.1.190:2379 #本机IP和端口 ETCD_INITIAL_ADVERTISE_PEER_URLS=https://192.168.1.190:2380 #本机IP和端口 ETCD_INITIAL_CLUSTER_STATE=existing ETCD_METRICS=basic ETCD_LISTEN_CLIENT_URLS=https://192.168.1.190:2379,https://127.0.0.1:2379 #本机IP和端口加127 ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd ETCD_LISTEN_PEER_URLS=https://192.168.1.190:2380 #本机IP和端口 ETCD_NAME=etcd-master ETCD_PROXY=off ETCD_ENABLE_V2=true ETCD_INITIAL_CLUSTER=etcd-master=https://192.168.1.190:2380 #集群中所有节点的信息,格式为 节点1名称=https://节点1 IP:2380,节点2名称=https://节点2 IP:2380,节点3名称=https://节点3 IP:2380" ..... ETCD_ELECTION_TIMEOUT=5000 ETCD_HEARTBEAT_INTERVAL=250 ETCD_AUTO_COMPACTION_RETENTION=8 ETCD_SNAPSHOT_COUNT=10000 # TLS settings ETCD_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCD_CERT_FILE=/etc/ssl/etcd/ssl/member-master.pem ETCD_KEY_FILE=/etc/ssl/etcd/ssl/member-master-key.pem ETCD_CLIENT_CERT_AUTH=true ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCD_PEER_CERT_FILE=/etc/ssl/etcd/ssl/member-master.pem ETCD_PEER_KEY_FILE=/etc/ssl/etcd/ssl/member-master-key.pem ETCD_PEER_CLIENT_CERT_AUTH=True # CLI settings ETCDCTL_ENDPOINTS=https://127.0.0.1:2379 #etcd服务器的地址和端口,可以写多个,格式为https://节点1 IP:2379,https://节点2 IP:2379,https://节点3 IP:2379" ETCDCTL_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCDCTL_KEY_FILE=/etc/ssl/etcd/ssl/admin-master-key.pem ETCDCTL_CERT_FILE=/etc/ssl/etcd/ssl/admin-master.pem
二、etcd常用操作
1.设置环境变量(避免每次执行命令时都有带上)
#证书的路径可以查看etcd和api-server的进程中相关证书配置 export ETCDCTL_API=3 export ETCDCTL_CACERT=/etc/ssl/etcd/ssl/ca.pem export ETCDCTL_CERT=/etc/ssl/etcd/ssl/admin-master.pem export ETCDCTL_KEY=/etc/ssl/etcd/ssl/admin-master-key.pem export ETCDCTL_ENDPOINTS=https://127.0.0.1:2379 #根据实际情况配置,我这里是单机,如果是集群则写上其他服务器地址
2.查看日志(以systemd方式部署)
#查看服务状态 systemctl status etcd #查看详细日志 journalctl -u etcd
3.增删改查
1.查 #查看所有的key etcdctl get / --prefix --keys-only #查看指定key的值 这个至是default空间下myapp-deploy-675cfc4c45-f6k6c pod etcdctl get /registry/pods/default/myapp-deploy-675cfc4c45-f6k6c 2.删 #删除数据,可以看到删除pod时没有watch没有看到删除pod的阶段,通过etcd删除比kubectl删除更快5 [root@master ~]# etcdctl del /registry/pods/default/myapp-deploy-675cfc4c45-f6k6c 1 #另起一个窗口 [root@master ~]# kubectl get pods -w NAME READY STATUS RESTARTS AGE myapp-deploy-675cfc4c45-f6k6c 1/1 Running 0 25d myapp-deploy-675cfc4c45-fnctb 1/1 Running 0 25d myapp-deploy-675cfc4c45-lpf6q 1/1 Running 0 25d myapp-deploy-675cfc4c45-lv27s 1/1 Running 0 25d myapp-deploy-675cfc4c45-s7nl4 1/1 Running 0 25d myapp-deploy-675cfc4c45-f6k6c 1/1 Running 0 25d myapp-deploy-675cfc4c45-hfht7 0/1 Pending 0 0s myapp-deploy-675cfc4c45-hfht7 0/1 Pending 0 0s myapp-deploy-675cfc4c45-hfht7 0/1 ContainerCreating 0 0s myapp-deploy-675cfc4c45-hfht7 0/1 ContainerCreating 0 2s myapp-deploy-675cfc4c45-hfht7 1/1 Running 0 3s 增(改) #写入数据,对已存在的key写入表示修改 etcdctl put /test helloWorld
4.集群节点状态查看
#查看集群节点健康状态 etcdctl --write-out=table endpoint health #查看集群节点当前状态 etcdctl --write-out=table endpoint status
三、etcd备份与恢复
1.备份
etcdctl snapshot save /data/etcd_backup/etcd-bak-$(date +%F).db
2.恢复
每一台服务器进行操作 # 停止apiserver服务,如果是systemd 则使用systemd,二进制则根据实际情况,这里是kubeadmin部署,为静态pod cd /etc/kubernetes/manifests/ mv kube-apiserver.yaml kube-apiserver.yaml-bak # 停止etcd服务 systemctl stop etcd rm -rf /var/lib/etd #必须,否则需要修改etcd数据目录配置,因为恢复的时候数据目录必须不存在 #恢复数据 --data-dir指向的目录不能提前存在 etcd-master 当前节点etcd名称,每一台都不一样 数据使用同一份,如果是集群的话 ETCDCTL_API=3 etcdctl --initial-cluster etcd-master=https://192.168.1.190:2380 --initial-advertise-peer-urls https://192.168.1.190:2380 snapshot restore back.db --data-dir=/var/lib/etcd/ --name etcd-master # 恢复etcd服务 systemctl start etcd # 恢复apiserver服务 mv kube-apiserver.yaml-bak kube-apiserver.yaml
标签:https,Etcd,myapp,备份,ssl,v3,master,etcd,ETCD From: https://www.cnblogs.com/panwenbin-logs/p/18349303