本篇內(nèi)容介紹了“Kubernetes的etcd狀態(tài)數(shù)據(jù)及其備份是怎樣的”的有關(guān)知識(shí),在實(shí)際案例的操作過程中�,不少人都會(huì)遇到這樣的困境��,接下來就讓小編帶領(lǐng)大家學(xué)習(xí)一下如何處理這些情況吧�!希望大家仔細(xì)閱讀��,能夠?qū)W有所成��!
為興山等地區(qū)用戶提供了全套網(wǎng)頁設(shè)計(jì)制作服務(wù)����,及興山網(wǎng)站建設(shè)行業(yè)解決方案。主營業(yè)務(wù)為網(wǎng)站制作�、成都做網(wǎng)站、興山網(wǎng)站設(shè)計(jì)��,以傳統(tǒng)方式定制建設(shè)網(wǎng)站�,并提供域名空間備案等一條龍服務(wù),秉承以專業(yè)���、用心的態(tài)度為用戶提供真誠的服務(wù)�����。我們深信只要達(dá)到每一位用戶的要求����,就會(huì)得到認(rèn)可,從而選擇與我們長期合作���。這樣�,我們也可以走得更遠(yuǎn)�!
Kubernetes使用etcd來存儲(chǔ)集群的實(shí)時(shí)運(yùn)行數(shù)據(jù)(如節(jié)點(diǎn)狀態(tài)信息),而其它pod都是無狀態(tài)的����、可以根據(jù)負(fù)載調(diào)度,在多個(gè)節(jié)點(diǎn)(node)間進(jìn)行漂移���。etcd本身是可以部署為無中心的多節(jié)點(diǎn)互備集群,從而消除整個(gè)集群的單一故障點(diǎn)�。在kubeadm的缺省部署下,只在master上運(yùn)行一個(gè)etcd實(shí)例(etcd-xxx)��,可以使用kubectl get pod -n kube-system查看運(yùn)行狀態(tài)�����。
1��、查看etcd服務(wù)容器信息
下面我們來探索一下kubernetes的etcd實(shí)例到底是如何實(shí)現(xiàn)和管理的���。在kubernetes的master節(jié)點(diǎn)上輸入:
kubectl describe pod/etcd-podc01 -n kube-system > etcd.txt
輸出如下:
Name: etcd-podc01
Namespace: kube-system
Priority: 2000000000
PriorityClassName: system-cluster-critical
Node: podc01/10.1.1.181
Start Time: Mon, 03 Dec 2018 10:42:05 +0800
Labels: component=etcd
tier=control-plane
Annotations: kubernetes.io/config.hash: bcc0eea4c53f3b70d13b771ad88e31b7
kubernetes.io/config.mirror: bcc0eea4c53f3b70d13b771ad88e31b7
kubernetes.io/config.seen: 2018-12-05T11:05:31.8690622+08:00
kubernetes.io/config.source: file
scheduler.alpha.kubernetes.io/critical-pod:
Status: Running
IP: 10.1.1.181
Containers:
etcd:
Container ID: docker://8f301c91902a9399f144943013166a09dd0766a9b96c26fe2d8e335418a55cab
Image: k8s.gcr.io/etcd:3.2.24
Image ID: docker-pullable://registry.cn-hangzhou.aliyuncs.com/openthings/k8s-gcr-io-etcd@sha256:7b073bdab8c52dc23dfb3e2101597d30304437869ad8c0b425301e96a066c408
Port:
Host Port:
Command:
etcd
--advertise-client-urls=https://127.0.0.1:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--client-cert-auth=true
--data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://127.0.0.1:2380
--initial-cluster=podc01=https://127.0.0.1:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379
--listen-peer-urls=https://127.0.0.1:2380
--name=podc01
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
State: Running
Started: Wed, 05 Dec 2018 11:05:35 +0800
Ready: True
Restart Count: 0
Liveness: exec [/bin/sh -ec ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key get foo] delay=15s timeout=15s period=10s #success=1 #failure=8
Environment:
Mounts:
/etc/kubernetes/pki/etcd from etcd-certs (rw)
/var/lib/etcd from etcd-data (rw)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
etcd-data:
Type: HostPath (bare host directory volume)
Path: /var/lib/etcd
HostPathType: DirectoryOrCreate
etcd-certs:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/pki/etcd
HostPathType: DirectoryOrCreate
QoS Class: BestEffort
Node-Selectors:
Tolerations: :NoExecute
Events:
可以看到�����,etcd是使用的host-network網(wǎng)絡(luò)���,然后把系統(tǒng)參數(shù)和數(shù)據(jù)等都映射到了宿主機(jī)的目錄(配置參數(shù)位于宿主機(jī)的/var/lib/etcd����,證書文件位于/etc/kubernetes/pki/etcd)�。
2、查看etcd配置參數(shù)文件
在宿主機(jī)下輸入 sudo ls -l /var/lib/etcd/member/snap 可以看到etcd服務(wù)所產(chǎn)生的快照文件����,如下所示:
supermap@podc01:~/openthings/kubernetes-tools/jupyter$ sudo ls -l /var/lib/etcd/member/snap
總用量 8924
-rw-r--r-- 1 root root 8160 12月 5 09:19 0000000000000005-00000000001fbdd0.snap
-rw-r--r-- 1 root root 8160 12月 5 10:37 0000000000000005-00000000001fe4e1.snap
-rw-r--r-- 1 root root 8508 12月 5 11:42 0000000000000006-0000000000200bf2.snap
-rw-r--r-- 1 root root 8509 12月 5 12:49 0000000000000006-0000000000203303.snap
-rw-r--r-- 1 root root 8509 12月 5 13:56 0000000000000006-0000000000205a14.snap
-rw------- 1 root root 24977408 12月 5 14:13 db
查看etcd的證書文件:
supermap@podc01:~/openthings/kubernetes-tools/jupyter$ ls -l /etc/kubernetes/pki/etcd
總用量 32
-rw-r--r-- 1 root root 1017 11月 23 10:08 ca.crt
-rw------- 1 root root 1679 11月 23 10:08 ca.key
-rw-r--r-- 1 root root 1094 11月 23 10:08 healthcheck-client.crt
-rw------- 1 root root 1679 11月 23 10:08 healthcheck-client.key
-rw-r--r-- 1 root root 1127 11月 23 10:08 peer.crt
-rw------- 1 root root 1679 11月 23 10:08 peer.key
-rw-r--r-- 1 root root 1119 11月 23 10:08 server.crt
-rw------- 1 root root 1675 11月 23 10:08 server.key
這些文件和從Kubernetes的pod命令行進(jìn)去看到的是完全一樣的(本來就是同一個(gè)目錄)。
3��、直接訪問etcd的服務(wù)
下一步�,我們來連接到這個(gè)實(shí)例,查看具體的運(yùn)行信息��。
首先�,安裝etcd-client,這是etcd的獨(dú)立客戶端��。
sudo apt install etcd-client
然后,連接到etcd實(shí)例(endpoints為上面所顯示的地址參數(shù):advertise-client-urls):
sudo etcdctl --endpoints https://127.0.0.1:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --key-file=/etc/kubernetes/pki/etcd/server.key --ca-file=/etc/kubernetes/pki/etcd/ca.crt member list
我這里的輸出為:
a874c87fd42044f: name=podc01 peerURLs=https://127.0.0.1:2380 clientURLs=https://127.0.0.1:2379 isLeader=true
可以照此輸入其他命令�,來訪問由kubernetes所啟動(dòng)的實(shí)例(實(shí)際運(yùn)行時(shí)由kubelet服務(wù)控制)。
4����、備份與恢復(fù)
知道了上面的秘密,備份etcd 就不難了�����。有三個(gè)辦法:
sudo ETCDCTL_API=3 etcdctl snapshot save "/home/supermap/k8s-backup/data/etcd-snapshot/$(date +%Y%m%d_%H%M%S)_snapshot.db" --endpoints=127.0.0.1:2379 --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" --cacert="/etc/kubernetes/pki/etcd/ca.crt"
使用kubernetes的cronjob實(shí)現(xiàn)定期自動(dòng)化備份需要對(duì)images和啟動(dòng)參數(shù)有一些調(diào)整�,我修改后的yaml文件如下:
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: etcd-disaster-recovery
namespace: cronjob
spec:
schedule: "0 22 * * *"
jobTemplate:
spec:
template:
metadata:
labels:
app: etcd-disaster-recovery
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- podc01
containers:
- name: etcd
image: k8s.gcr.io/etcd:3.2.24
imagePullPolicy: "IfNotPresent"
command:
- sh
- -c
- "export ETCDCTL_API=3; \
etcdctl --endpoints=$ENDPOINT \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
snapshot save /snapshot/$(date +%Y%m%d_%H%M%S)_snapshot.db; \
echo etcd backup success"
env:
- name: ENDPOINT
value: "https://127.0.0.1:2379"
volumeMounts:
- mountPath: "/etc/kubernetes/pki/etcd"
name: etcd-certs
- mountPath: "/var/lib/etcd"
name: etcd-data
- mountPath: "/snapshot"
name: snapshot
subPath: data/etcd-snapshot
- mountPath: /etc/localtime
name: lt-config
- mountPath: /etc/timezone
name: tz-config
restartPolicy: OnFailure
volumes:
- name: etcd-certs
hostPath:
path: /etc/kubernetes/pki/etcd
- name: etcd-data
hostPath:
path: /var/lib/etcd
- name: snapshot
hostPath:
path: /home/supermap/k8s-backup
- name: lt-config
hostPath:
path: /etc/localtime
- name: tz-config
hostPath:
path: /etc/timezone
hostNetwork: true
除此之外,這樣Kubernetes的etcd主數(shù)據(jù)庫就備份完成了���。
不過����,完整地備份和恢復(fù)kubernetes集群還需要一些其它的操作�����,對(duì)于每一個(gè)運(yùn)行的應(yīng)用都還需要執(zhí)行單獨(dú)的備份操作���。
“Kubernetes的etcd狀態(tài)數(shù)據(jù)及其備份是怎樣的”的內(nèi)容就介紹到這里了,感謝大家的閱讀。如果想了解更多行業(yè)相關(guān)的知識(shí)可以關(guān)注創(chuàng)新互聯(lián)網(wǎng)站�,小編將為大家輸出更多高質(zhì)量的實(shí)用文章!
文章名稱:Kubernetes的etcd狀態(tài)數(shù)據(jù)及其備份是怎樣的
文章鏈接:
http://weahome.cn/article/gjhcgs.html
重慶分公司
重慶分公司
