Etcd:Kubernetes集群的大脑
Etcd是Kubernetes的关键组件,由于它存储了集群的整个状态:其配置,规格以及运行中的工做负载的状态。在本文中,咱们将会揭开其神秘的面纱,了解etcd如何存储全部这些信息。node
Etcd 简介
Etcd被定义为分布式,可靠的键值存储,用于分布式系统中最关键的数据。
在Kubernetes世界中,etcd用做服务发现的后端,并存储集群的状态及其配置。nginx
Etcd被部署为一个集群,几个节点的通讯由Raft算法处理。在生产环境中,集群包含奇数个节点,而且至少须要三个。在 http://thesecretlivesofdata.com/ 中,您能够找到一个很好的动画,说明该算法的运行方式,它说明了集群生命周期的几个阶段,其中包括:算法
- 选主
- 日志复制
Kubernetes 中的 Etcd
在Kubernetes集群的上下文中,etcd实例能够做为Pod部署在master节点上(这是咱们将在本文中使用的示例)。shell
为了增长安全性和弹性,还能够将其部署为外部集群。json
如下来自Heptio博客的序列图显示了在简单的Pod建立过程当中涉及的组件。它很好地说明了API服务器和etcd的交互做用。bootstrap
Kubernetes 测试集群
在本篇文章中,咱们使用的Kubernetes集群,由kubeadm建立的三个节点组成,其中一个master节点运行了Etcd。所选的网络附加组件是weavenet。这种配置不适合实际的HA集群,但足以浏览etcd中存储的数据。后端
$ kubectl get nodes NAME STATUS ROLES AGE VERSION node-01 Ready master 56m v1.15.2 node-02 Ready <none> 2m17 v1.15.2 node-03 Ready <none> 2m17 v1.15.2
The Etcd Pod
首先,让咱们列出集群中运行的全部Pod:api
$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTART AGE kube-system coredns-5c98db65d4–5kjjv 1/1 Running 0 57m kube-system coredns-5c98db65d4–88hkq 1/1 Running 0 57m kube-system etcd-node-01 1/1 Running 0 56m kube-system kube-apiserver-node-01 1/1 Running 0 56m kube-system kube-controller-manager-node-01 1/1 Running 0 56m kube-system kube-proxy-7642v 1/1 Running 0 3m kube-system kube-proxy-jsp4r 1/1 Running 0 3m kube-system kube-proxy-xj8qm 1/1 Running 0 57m kube-system kube-scheduler-node-01 1/1 Running 0 56m kube-system weave-net-2hvbx 2/2 Running 0 87s kube-system weave-net-5mrjl 2/2 Running 0 87s kube-system weave-net-c76fx 2/2 Running 0 87s
因为集群刚刚被初始化,所以只有kube-system名称空间中的Pod正在运行。这些Pod负责集群的管理任务。咱们感兴趣的Pod是etcd-node-01,它运行etcd的实例来负责存储集群的状态。安全
首先,在etcd Pod中运行一个shell,并检查其中运行的etcd容器的配置:服务器
使用--advertise-client-urls标志的值,咱们可使用etcdctl实用程序获取全部现有的键/值对,并将其保存在etcd-kv.json中。
$ ADVERTISE_URL="https://134.209.178.162:2379" $ kubectl exec etcd-node-01 -n kube-system -- sh -c "ETCDCTL_API=3 etcdctl --endpoints $ADVERTISE_URL --cacert /etc/kubernetes/pki/etcd/ca.crt --key /etc/kubernetes/pki/etcd/server.key --cert /etc/kubernetes/pki/etcd/server.crt get "" --prefix=true -w json" > etcd-kv.json
快速查看此文件将显示健列表及其对应的值,它们均以base64编码(此处仅显示文件的摘录)。
首先让咱们以纯文本格式获取全部键,以查看其内容。我把全部键输出:
$ for k in $(cat etcd-kv.json | jq '.kvs[].key' | cut -d '"' -f2); do echo $k | base64 --decode; echo; done /registry/apiregistration.k8s.io/apiservices/v1. /registry/apiregistration.k8s.io/apiservices/v1.apps /registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.autoscaling /registry/apiregistration.k8s.io/apiservices/v1.batch /registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.rbac.authorization.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.scheduling.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.admissionregistration.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.apiextensions.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.apps /registry/apiregistration.k8s.io/apiservices/v1beta1.authentication.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.authorization.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.batch /registry/apiregistration.k8s.io/apiservices/v1beta1.certificates.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.coordination.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.events.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.extensions /registry/apiregistration.k8s.io/apiservices/v1beta1.networking.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.node.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.policy /registry/apiregistration.k8s.io/apiservices/v1beta1.rbac.authorization.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.scheduling.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta1.storage.k8s.io /registry/apiregistration.k8s.io/apiservices/v1beta2.apps /registry/apiregistration.k8s.io/apiservices/v2beta1.autoscaling /registry/apiregistration.k8s.io/apiservices/v2beta2.autoscaling /registry/certificatesigningrequests/csr-h9mcg /registry/certificatesigningrequests/csr-qwnxf /registry/certificatesigningrequests/csr-xklls /registry/clusterrolebindings/cluster-admin /registry/clusterrolebindings/kubeadm:kubelet-bootstrap /registry/clusterrolebindings/kubeadm:node-autoapprove-bootstrap /registry/clusterrolebindings/kubeadm:node-autoapprove-certificate-rotation /registry/clusterrolebindings/kubeadm:node-proxier /registry/clusterrolebindings/system:basic-user /registry/clusterrolebindings/system:controller:attachdetach-controller /registry/clusterrolebindings/system:controller:certificate-controller /registry/clusterrolebindings/system:controller:clusterrole-aggregation-controller /registry/clusterrolebindings/system:controller:cronjob-controller /registry/clusterrolebindings/system:controller:daemon-set-controller /registry/clusterrolebindings/system:controller:deployment-controller /registry/clusterrolebindings/system:controller:disruption-controller /registry/clusterrolebindings/system:controller:endpoint-controller /registry/clusterrolebindings/system:controller:expand-controller /registry/clusterrolebindings/system:controller:generic-garbage-collector /registry/clusterrolebindings/system:controller:horizontal-pod-autoscaler /registry/clusterrolebindings/system:controller:job-controller /registry/clusterrolebindings/system:controller:namespace-controller /registry/clusterrolebindings/system:controller:node-controller /registry/clusterrolebindings/system:controller:persistent-volume-binder /registry/clusterrolebindings/system:controller:pod-garbage-collector /registry/clusterrolebindings/system:controller:pv-protection-controller /registry/clusterrolebindings/system:controller:pvc-protection-controller /registry/clusterrolebindings/system:controller:replicaset-controller /registry/clusterrolebindings/system:controller:replication-controller /registry/clusterrolebindings/system:controller:resourcequota-controller /registry/clusterrolebindings/system:controller:route-controller /registry/clusterrolebindings/system:controller:service-account-controller /registry/clusterrolebindings/system:controller:service-controller /registry/clusterrolebindings/system:controller:statefulset-controller /registry/clusterrolebindings/system:controller:ttl-controller /registry/clusterrolebindings/system:coredns /registry/clusterrolebindings/system:discovery /registry/clusterrolebindings/system:kube-controller-manager /registry/clusterrolebindings/system:kube-dns /registry/clusterrolebindings/system:kube-scheduler /registry/clusterrolebindings/system:node /registry/clusterrolebindings/system:node-proxier /registry/clusterrolebindings/system:public-info-viewer /registry/clusterrolebindings/system:volume-scheduler /registry/clusterrolebindings/weave-net /registry/clusterroles/admin /registry/clusterroles/cluster-admin /registry/clusterroles/edit /registry/clusterroles/system:aggregate-to-admin /registry/clusterroles/system:aggregate-to-edit /registry/clusterroles/system:aggregate-to-view /registry/clusterroles/system:auth-delegator /registry/clusterroles/system:basic-user /registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:nodeclient /registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient /registry/clusterroles/system:controller:attachdetach-controller /registry/clusterroles/system:controller:certificate-controller /registry/clusterroles/system:controller:clusterrole-aggregation-controller /registry/clusterroles/system:controller:cronjob-controller /registry/clusterroles/system:controller:daemon-set-controller /registry/clusterroles/system:controller:deployment-controller /registry/clusterroles/system:controller:disruption-controller /registry/clusterroles/system:controller:endpoint-controller /registry/clusterroles/system:controller:expand-controller /registry/clusterroles/system:controller:generic-garbage-collector /registry/clusterroles/system:controller:horizontal-pod-autoscaler /registry/clusterroles/system:controller:job-controller /registry/clusterroles/system:controller:namespace-controller /registry/clusterroles/system:controller:node-controller /registry/clusterroles/system:controller:persistent-volume-binder /registry/clusterroles/system:controller:pod-garbage-collector /registry/clusterroles/system:controller:pv-protection-controller /registry/clusterroles/system:controller:pvc-protection-controller /registry/clusterroles/system:controller:replicaset-controller /registry/clusterroles/system:controller:replication-controller /registry/clusterroles/system:controller:resourcequota-controller /registry/clusterroles/system:controller:route-controller /registry/clusterroles/system:controller:service-account-controller /registry/clusterroles/system:controller:service-controller /registry/clusterroles/system:controller:statefulset-controller /registry/clusterroles/system:controller:ttl-controller /registry/clusterroles/system:coredns /registry/clusterroles/system:csi-external-attacher /registry/clusterroles/system:csi-external-provisioner /registry/clusterroles/system:discovery /registry/clusterroles/system:heapster /registry/clusterroles/system:kube-aggregator /registry/clusterroles/system:kube-controller-manager /registry/clusterroles/system:kube-dns /registry/clusterroles/system:kube-scheduler /registry/clusterroles/system:kubelet-api-admin /registry/clusterroles/system:node /registry/clusterroles/system:node-bootstrapper /registry/clusterroles/system:node-problem-detector /registry/clusterroles/system:node-proxier /registry/clusterroles/system:persistent-volume-provisioner /registry/clusterroles/system:public-info-viewer /registry/clusterroles/system:volume-scheduler /registry/clusterroles/view /registry/clusterroles/weave-net /registry/configmaps/kube-public/cluster-info /registry/configmaps/kube-system/coredns /registry/configmaps/kube-system/extension-apiserver-authentication /registry/configmaps/kube-system/kube-proxy /registry/configmaps/kube-system/kubeadm-config /registry/configmaps/kube-system/kubelet-config-1.15 /registry/configmaps/kube-system/weave-net /registry/controllerrevisions/kube-system/kube-proxy-84c6b844cd /registry/controllerrevisions/kube-system/weave-net-7db89b6d4 /registry/daemonsets/kube-system/kube-proxy /registry/daemonsets/kube-system/weave-net /registry/deployments/kube-system/coredns /registry/events/default/node-01.15b9e0cd75ea6932 /registry/events/default/node-02.15b9e0ae0342c323 /registry/events/default/node-02.15b9e0ae0f9c2ae3 /registry/events/default/node-02.15b9e0ae0f9c5fa9 /registry/events/default/node-02.15b9e0ae0f9c7206 /registry/events/default/node-02.15b9e0ae1575182e /registry/events/default/node-02.15b9e0aea1c4eeaf /registry/events/default/node-02.15b9e0af99ba73a2 /registry/events/default/node-02.15b9e0ca43c5e760 /registry/events/default/node-03.15b9e0ae9bdae96c /registry/events/default/node-03.15b9e0aea880813c /registry/events/default/node-03.15b9e0aea880ae05 /registry/events/default/node-03.15b9e0aea880c0de /registry/events/default/node-03.15b9e0aeb13cfeef /registry/events/default/node-03.15b9e0afcbcf299b /registry/events/default/node-03.15b9e0b02f28fa3c /registry/events/default/node-03.15b9e0cadf7dce89 /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9ddb67e6ab700 /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0af3bdb47fe /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cbbbb7579d /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc279fbd33 /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc34fb8de2 /registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc4994ad54 /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9ddb6850e5ff1 /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0aea988964f /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cbbb3af928 /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc2ffb9d11 /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc3a4def6c /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc4bd20265 /registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc6e488534 /registry/events/kube-system/kube-proxy-7642v.15b9e0ae1444b38c /registry/events/kube-system/kube-proxy-7642v.15b9e0ae7ff6f434 /registry/events/kube-system/kube-proxy-7642v.15b9e0af631fa3d0 /registry/events/kube-system/kube-proxy-7642v.15b9e0af7632698a /registry/events/kube-system/kube-proxy-7642v.15b9e0af85356aad /registry/events/kube-system/kube-proxy-jsp4r.15b9e0aeadc2ce3a /registry/events/kube-system/kube-proxy-jsp4r.15b9e0af27535c1b /registry/events/kube-system/kube-proxy-jsp4r.15b9e0affc7fc79e /registry/events/kube-system/kube-proxy-jsp4r.15b9e0b00a290340 /registry/events/kube-system/kube-proxy-jsp4r.15b9e0b01b0a4eef /registry/events/kube-system/kube-proxy.15b9e0ae1333a730 /registry/events/kube-system/kube-proxy.15b9e0aeaad76df0 /registry/events/kube-system/weave-net-2hvbx.15b9e0c6e9b6c1de /registry/events/kube-system/weave-net-2hvbx.15b9e0c71a365ad4 /registry/events/kube-system/weave-net-2hvbx.15b9e0c88a5af203 /registry/events/kube-system/weave-net-2hvbx.15b9e0c8a5998774 /registry/events/kube-system/weave-net-2hvbx.15b9e0c8b54252cb /registry/events/kube-system/weave-net-2hvbx.15b9e0c8b5543df6 /registry/events/kube-system/weave-net-2hvbx.15b9e0c98384d3e1 /registry/events/kube-system/weave-net-2hvbx.15b9e0c9916478ce /registry/events/kube-system/weave-net-2hvbx.15b9e0c9a090c521 /registry/events/kube-system/weave-net-5mrjl.15b9e0c6e9523ad2 /registry/events/kube-system/weave-net-5mrjl.15b9e0c7194191cb /registry/events/kube-system/weave-net-5mrjl.15b9e0c89c46497c /registry/events/kube-system/weave-net-5mrjl.15b9e0c8b335c817 /registry/events/kube-system/weave-net-5mrjl.15b9e0c8c714f12d /registry/events/kube-system/weave-net-5mrjl.15b9e0c8c770ebdd /registry/events/kube-system/weave-net-5mrjl.15b9e0c995196184 /registry/events/kube-system/weave-net-5mrjl.15b9e0c9a24d099d /registry/events/kube-system/weave-net-5mrjl.15b9e0c9b2e0cdef /registry/events/kube-system/weave-net-c76fx.15b9e0c6ec0133eb /registry/events/kube-system/weave-net-c76fx.15b9e0c7255593bb /registry/events/kube-system/weave-net-c76fx.15b9e0c8d4f52821 /registry/events/kube-system/weave-net-c76fx.15b9e0c90ebfeb95 /registry/events/kube-system/weave-net-c76fx.15b9e0c922410c3a /registry/events/kube-system/weave-net-c76fx.15b9e0c922580ded /registry/events/kube-system/weave-net-c76fx.15b9e0c9f7834364 /registry/events/kube-system/weave-net-c76fx.15b9e0ca15411664 /registry/events/kube-system/weave-net-c76fx.15b9e0ca2d254f2c /registry/events/kube-system/weave-net.15b9e0c6e7edf622 /registry/events/kube-system/weave-net.15b9e0c6e9c8d2c1 /registry/events/kube-system/weave-net.15b9e0c6ea880cd2 /registry/leases/kube-node-lease/node-01 /registry/leases/kube-node-lease/node-02 /registry/leases/kube-node-lease/node-03 /registry/masterleases/134.209.178.162 /registry/minions/node-01 /registry/minions/node-02 /registry/minions/node-03 /registry/namespaces/default /registry/namespaces/kube-node-lease /registry/namespaces/kube-public /registry/namespaces/kube-system /registry/pods/kube-system/coredns-5c98db65d4-5kjjv /registry/pods/kube-system/coredns-5c98db65d4-88hkq /registry/pods/kube-system/etcd-node-01 /registry/pods/kube-system/kube-apiserver-node-01 /registry/pods/kube-system/kube-controller-manager-node-01 /registry/pods/kube-system/kube-proxy-7642v /registry/pods/kube-system/kube-proxy-jsp4r /registry/pods/kube-system/kube-proxy-xj8qm /registry/pods/kube-system/kube-scheduler-node-01 /registry/pods/kube-system/weave-net-2hvbx /registry/pods/kube-system/weave-net-5mrjl /registry/pods/kube-system/weave-net-c76fx /registry/priorityclasses/system-cluster-critical /registry/priorityclasses/system-node-critical /registry/ranges/serviceips /registry/ranges/servicenodeports /registry/replicasets/kube-system/coredns-5c98db65d4 /registry/rolebindings/kube-public/kubeadm:bootstrap-signer-clusterinfo /registry/rolebindings/kube-public/system:controller:bootstrap-signer /registry/rolebindings/kube-system/kube-proxy /registry/rolebindings/kube-system/kubeadm:kubelet-config-1.15 /registry/rolebindings/kube-system/kubeadm:nodes-kubeadm-config /registry/rolebindings/kube-system/system::extension-apiserver-authentication-reader /registry/rolebindings/kube-system/system::leader-locking-kube-controller-manager /registry/rolebindings/kube-system/system::leader-locking-kube-scheduler /registry/rolebindings/kube-system/system:controller:bootstrap-signer /registry/rolebindings/kube-system/system:controller:cloud-provider /registry/rolebindings/kube-system/system:controller:token-cleaner /registry/rolebindings/kube-system/weave-net /registry/roles/kube-public/kubeadm:bootstrap-signer-clusterinfo /registry/roles/kube-public/system:controller:bootstrap-signer /registry/roles/kube-system/extension-apiserver-authentication-reader /registry/roles/kube-system/kube-proxy /registry/roles/kube-system/kubeadm:kubelet-config-1.15 /registry/roles/kube-system/kubeadm:nodes-kubeadm-config /registry/roles/kube-system/system::leader-locking-kube-controller-manager /registry/roles/kube-system/system::leader-locking-kube-scheduler /registry/roles/kube-system/system:controller:bootstrap-signer /registry/roles/kube-system/system:controller:cloud-provider /registry/roles/kube-system/system:controller:token-cleaner /registry/roles/kube-system/weave-net /registry/secrets/default/default-token-nz988 /registry/secrets/kube-node-lease/default-token-4w7tf /registry/secrets/kube-public/default-token-pzhnr /registry/secrets/kube-system/attachdetach-controller-token-69mzv /registry/secrets/kube-system/bootstrap-signer-token-584pq /registry/secrets/kube-system/bootstrap-token-w1d2kx /registry/secrets/kube-system/certificate-controller-token-rff4s /registry/secrets/kube-system/clusterrole-aggregation-controller-token-6hks4 /registry/secrets/kube-system/coredns-token-b2874 /registry/secrets/kube-system/cronjob-controller-token-55pgx /registry/secrets/kube-system/daemon-set-controller-token-nhcdf /registry/secrets/kube-system/default-token-f5kl4 /registry/secrets/kube-system/deployment-controller-token-lm58l /registry/secrets/kube-system/disruption-controller-token-4tw6s /registry/secrets/kube-system/endpoint-controller-token-qdh8q /registry/secrets/kube-system/expand-controller-token-6stw5 /registry/secrets/kube-system/generic-garbage-collector-token-hqfqx /registry/secrets/kube-system/horizontal-pod-autoscaler-token-h6czj /registry/secrets/kube-system/job-controller-token-nmw8f /registry/secrets/kube-system/kube-proxy-token-zcrj8 /registry/secrets/kube-system/namespace-controller-token-trhl9 /registry/secrets/kube-system/node-controller-token-mmf4d /registry/secrets/kube-system/persistent-volume-binder-token-wnh9s /registry/secrets/kube-system/pod-garbage-collector-token-h7vvp /registry/secrets/kube-system/pv-protection-controller-token-lcqb6 /registry/secrets/kube-system/pvc-protection-controller-token-k2kf8 /registry/secrets/kube-system/replicaset-controller-token-zhc7k /registry/secrets/kube-system/replication-controller-token-l8hr6 /registry/secrets/kube-system/resourcequota-controller-token-bglb2 /registry/secrets/kube-system/service-account-controller-token-5dhxz /registry/secrets/kube-system/service-controller-token-l98rk /registry/secrets/kube-system/statefulset-controller-token-dj85r /registry/secrets/kube-system/token-cleaner-token-qz8hs /registry/secrets/kube-system/ttl-controller-token-6vbv6 /registry/secrets/kube-system/weave-net-token-87h6x /registry/serviceaccounts/default/default /registry/serviceaccounts/kube-node-lease/default /registry/serviceaccounts/kube-public/default /registry/serviceaccounts/kube-system/attachdetach-controller /registry/serviceaccounts/kube-system/bootstrap-signer /registry/serviceaccounts/kube-system/certificate-controller /registry/serviceaccounts/kube-system/clusterrole-aggregation-controller /registry/serviceaccounts/kube-system/coredns /registry/serviceaccounts/kube-system/cronjob-controller /registry/serviceaccounts/kube-system/daemon-set-controller /registry/serviceaccounts/kube-system/default /registry/serviceaccounts/kube-system/deployment-controller /registry/serviceaccounts/kube-system/disruption-controller /registry/serviceaccounts/kube-system/endpoint-controller /registry/serviceaccounts/kube-system/expand-controller /registry/serviceaccounts/kube-system/generic-garbage-collector /registry/serviceaccounts/kube-system/horizontal-pod-autoscaler /registry/serviceaccounts/kube-system/job-controller /registry/serviceaccounts/kube-system/kube-proxy /registry/serviceaccounts/kube-system/namespace-controller /registry/serviceaccounts/kube-system/node-controller /registry/serviceaccounts/kube-system/persistent-volume-binder /registry/serviceaccounts/kube-system/pod-garbage-collector /registry/serviceaccounts/kube-system/pv-protection-controller /registry/serviceaccounts/kube-system/pvc-protection-controller /registry/serviceaccounts/kube-system/replicaset-controller /registry/serviceaccounts/kube-system/replication-controller /registry/serviceaccounts/kube-system/resourcequota-controller /registry/serviceaccounts/kube-system/service-account-controller /registry/serviceaccounts/kube-system/service-controller /registry/serviceaccounts/kube-system/statefulset-controller /registry/serviceaccounts/kube-system/token-cleaner /registry/serviceaccounts/kube-system/ttl-controller /registry/serviceaccounts/kube-system/weave-net /registry/services/endpoints/default/kubernetes /registry/services/endpoints/kube-system/kube-controller-manager /registry/services/endpoints/kube-system/kube-dns /registry/services/endpoints/kube-system/kube-scheduler /registry/services/specs/default/kubernetes /registry/services/specs/kube-system/kube-dns compact_rev_key
上面的结果显示了342个键,这些键定义了集群中全部资源的配置和状态:
- Nodes
- Namespaces
- ServiceAccounts
- Roles and RoleBindings, ClusterRoles / ClusterRoleBindings
- ConfigMaps
- Secrets
- Workloads: Deployments, DaemonSets, Pods, …
- Cluster’s certificates
- The resources within each apiVersion
- The events that bring the cluster in the current state
选择这些键之一后,咱们可使用如下命令获取关联的值:
$ kubectl exec etcd-node-01 -n kube-system —- sh -c "ETCDCTL_API=3 etcdctl --endpoints $ADVERTISE_URL --cacert /etc/kubernetes/pki/etcd/ca.crt --key /etc/kubernetes/pki/etcd/server.key --cert /etc/kubernetes/pki/etcd/server.crt get "KEY" -w json"
例如,让咱们获取与/registry/deployments/kube-system/coredns键相关联的值:
若是咱们解码与此键关联的值,则返回值将很难读,由于没法解释某些字符,可是,固然,Kubernetes知道如何正确处理它们。
根据此结果,咱们能够推断出此key用于存储管理coredns Pods的部署的规范和状态。
Pod 的建立
让咱们建立一个Pod,并检查如何修改集群的状态以及添加哪些新Key。
$ cat <<EoF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: www
spec:
containers:
- name: nginx
image: nginx:1.16-alpine
EoF
使用与以前相同的命令,咱们获取全部key并将此列表保存在etcd-kv-after-nginx-pod.json中。快速比较这两个键列表,一个是在建立集群后当即检索的键(etcd-kv.json),另外一个是在咱们部署了www Pod以后检索的键(etcd-kv-after-nginx-pod.json),显示如下内容:
> /registry/events/default/www.15b9e3051648764f > /registry/events/default/www.15b9e3056b8ce3f0 > /registry/events/default/www.15b9e306918312ea > /registry/events/default/www.15b9e306a32beb6d > /registry/events/default/www.15b9e306b5892b60 > /registry/pods/default/www
产生了五个事件和一个Pod,这颇有意义。让咱们仔细看看,首先解码与事件键关联的值。按照时间顺序,咱们能够看到它们与如下操做关联:
- 调度
default/www 到 node-02 拉取镜像 “nginx:1.16-alpine成功拉取镜像 “nginx:1.16-alpine- 建立容器
nginx - 启动
”Started container nginx
这些事件在描述Pod的命令末尾列出:
$ kubectl describe pod www
最后一个键_/registry/pods/default/www_,提供与新建立的Pod相关的全部信息:
- 最近的配置
- 相关的token
- I状态
- …
总结
本文的目的不是深刻研究etcd,而是稍微解释一下其中包含的内容以及信息的组织方式。这样作是但愿它看起来不像黑盒子。
PS: 本文属于翻译,原文
相关文章
- 1. Zookeeper集群脑裂问题
- 2. Elasticsearch之集群脑裂
- 3. Elasticsearch集群的脑裂问题
- 4. 如何防止HA集群的脑裂
- 5. Linux 集群大全
- 6. Zookeeper集群“脑裂”问题处理大全
- 7. Elasticsearch集群所谓脑裂问题
- 8. 分布式集群脑裂问题
- 9. 三台电脑搭建Hadoop集群
- 10. 最大的Redis集群:新浪Redis集群揭秘
- 更多相关文章...
- • Swarm 集群管理 - Docker教程
- • Docker 命令大全 - Docker教程
- • JDK13 GA发布:5大特性解读
- • ☆技术问答集锦(13)Java Instrument原理
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 论文大盘点-光流篇
- 2. Photoshop教程_ps中怎么载入图案?PS图案如何导入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 导入源码包
- 6. python学习 day2——基础学习
- 7. 3D将是页游市场新赛道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 图片(pgn显示、jpg不显示)解决方案
欢迎关注本站公众号,获取更多信息
相关文章