【运维】K8S集群部署系列之ETCD集群搭建(四)

已于 2022-02-25 09:34:20 修改
阅读量836 收藏 1
点赞数
分类专栏: 运维经验 k8s 文章标签: ETCD ETCD集群 TLS ETCD扩容 K8S
于 2019-08-13 17:12:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39974140/article/details/99442725
版权

ETCD集群扩容和缩容

本文将介绍生产环境下如何对ETCD集群进行扩容和缩容。

文章目录

新节点环境准备(node3)

下载安装包并初始化环境

mkdir /home/k8s
cd /home/k8s
wget https://github.com/etcd-io/etcd/releases/download/v3.3.13/etcd-v3.3.13-linux-amd64.tar.gz
tar -zxvf etcd-v3.3.13-linux-amd64.tar.gz
mv etcd-v3.3.13-linux-amd64 etcd
chmod -R +x etcd/
cp -f ./{etcd,etcdctl} /usr/bin/
cp -f ./{etcd,etcdctl} /usr/local/bin/
mkdir -p /opt/etcd/{etc,data,pki}

网络准备

cat >>/etc/hosts<< EOF
192.168.159.3 master
192.168.159.4 node1
192.168.159.5 node2
192.168.159.6 node3
EOF

# 防火墙设置,开放2379和2380端口,如果启动防火墙但未放开端口则集群状态为“degraded”,
# 开启防火墙的节点状态为“are all unreachable”
# 2379端口提供给客户端访问集群,客户端如:etcdctl
# 2380端口提供给集群节点间通信
systemctl start firewalld
firewall-cmd --zone=public --add-port=2379/tcp --permanent
firewall-cmd --zone=public --add-port=2380/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all

生成node3对等证书

由于已有集群开启了服务端内部的TLS安全认证,因此需要在nodes准备好证书,
但旧的证书中hosts列表并不包含node3节点的主机IP,因此需要重新生成node3节点的peer证书。

cat > /home/k8s/cfssl/ssl/etcd4-peer-csr.json << EOF 
{
    "CN": "etcd4-peer",
    "hosts": [
        "192.168.159.6"
    ],
    "key": {
        "algo": "ecdsa",
        "size": 256
    },
    "names": [
        {
            "C": "CN",
            "L": "ChengDu",
            "O": "JSQ",
            "OU": "k8s",
            "ST": "SiChuan"
        }
    ]
}
EOF

cfssl gencert --ca=ca.pem --ca-key=ca-key.pem --config=ca-config.json --profile=peer etcd4-peer-csr.json  | cfssljson -bare etcd4-peer
scp etcd4-* root@192.168.159.6:/opt/etcd/pki/

注意:此处hosts列表中只包含了node3节点的主机IP,实际上为了更加方便的进行动态的扩容和缩容操作,对等证书服务器证书hosts列表最好只包含本机的IP地址。

向集群中添加普通节点node3

添加新节点

命令调用方式:etcdctl member add <memberName> <peerURLS>
注意此处添加的节点名和链接应该与新增节点的配置一致;
在已有集群的任意节点(最好为集群主节点,即isLeader=true的节点)执行如下命令。

etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member add etcd-4 http://192.168.159.6:2380

查看集群状态

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member list
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false
e1b7f9d6e4ff0f36[unstarted]: peerURLs=https://192.168.159.6:2380

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem cluster-health
member 46899d42c87d524e is healthy: got healthy result from https://192.168.159.4:2379
member 6bdd9302771bc9c5 is healthy: got healthy result from https://192.168.159.5:2379
member a3ec213779ea2c81 is healthy: got healthy result from https://192.168.159.3:2379
member e1b7f9d6e4ff0f36 is unreachable: no available published client urls
cluster is healthy

添加node3节点配置

此处ETCD_INITIAL_CLUSTER_STATE必须为existing,表示向已有集群新增节点;
由于已有集群已开启TLS安全验证,因此必须配置相关证书,如果是普通集群则无须配置;
ETCD_PEER_CLIENT_CERT_AUTH=false表示集群内部访问该节点服务端无须进行TLS验证。

mkdir -p /opt/etcd/{data,etc}
cat > /opt/etcd/etc/etcd.conf << EOF
#[Member]
ETCD_NAME="etcd-4"
ETCD_DATA_DIR="/opt/etcd/data"
ETCD_LISTEN_PEER_URLS="http://192.168.159.6:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.159.6:2379,http://127.0.0.1:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.159.6:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.159.6:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.159.3:2380,etcd-2=https://192.168.159.4:2380,etcd-3=https://192.168.159.5:2380,etcd-4=http://192.168.159.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="existing"

#[Security]
ETCD_PEER_CERT_FILE="/opt/etcd/pki/etcd4-peer.pem"    
ETCD_PEER_KEY_FILE="/opt/etcd/pki/etcd4-peer-key.pem"   
ETCD_PEER_CLIENT_CERT_AUTH="false"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/pki/ca.pem" 
EOF

添加node3节点服务文件

cat >  /usr/lib/systemd/system/etcd.service << EOF    
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=-/opt/etcd/etc/etcd.conf
ExecStart=/home/k8s/etcd/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=${ETCD_INITIAL_CLUSTER_STATE} \
--peer-cert-file=${ETCD_PEER_CERT_FILE} \
--peer-key-file=${ETCD_PEER_KEY_FILE} \
--peer-client-cert-auth=${ETCD_PEER_CLIENT_CERT_AUTH} \
--peer-trusted-ca-file=${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

启动node3节点

systemctl daemon-reload && systemctl start etcd

再次查看集群状态

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member list
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false
e1b7f9d6e4ff0f36: name=etcd-4 peerURLs=http://192.168.159.6:2380 clientURLs=http://192.168.159.6:2379 isLeader=false

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem cluster-health
member 46899d42c87d524e is healthy: got healthy result from https://192.168.159.4:2379
member 6bdd9302771bc9c5 is healthy: got healthy result from https://192.168.159.5:2379
member a3ec213779ea2c81 is healthy: got healthy result from https://192.168.159.3:2379
member e1b7f9d6e4ff0f36 is healthy: got healthy result from http://192.168.159.6:2379
cluster is healthy

至此完成向集群添加一个普通节点的操作,下一步继续进行节点的移除操作。

node3节点从集群中移除

集群节点查看

通过查看集群节点确定需要移除节点的ID

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member list
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false
e1b7f9d6e4ff0f36: name=etcd-4 peerURLs=http://192.168.159.6:2380 clientURLs=http://192.168.159.6:2379 isLeader=false

移除节点

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member remove e1b7f9d6e4ff0f36
Removed member e1b7f9d6e4ff0f36 from cluster

查看集群状态

可以看到节点etcd-4已经从集群移除。

[root@master pki]# etcdctl -ca-file=ca.pem -cert-file=etcdctl.pem -key-file=etcdctl-key.pem member list
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false

[root@master pki]# etcdctl -ca-file=ca.pem -cert-file=etcdctl.pem -key-file=etcdctl-key.pem cluster-health
member 46899d42c87d524e is healthy: got healthy result from https://192.168.159.4:2379
member 6bdd9302771bc9c5 is healthy: got healthy result from https://192.168.159.5:2379
member a3ec213779ea2c81 is healthy: got healthy result from https://192.168.159.3:2379
cluster is healthy

查看node3节点的服务状态

可以看到服务已被节点a3ec213779ea2c81通知停止通信。

[root@localhost ~]# systemctl status etcd
● etcd.service
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; bad; vendor preset: disabled)
   Active: inactive (dead)

8月 13 16:36:22 localhost.localdomain etcd[1344]: failed to dial a3ec213779ea2c81 on stream MsgApp v2 (context canceled)
8月 13 16:36:22 localhost.localdomain etcd[1344]: peer a3ec213779ea2c81 became inactive (message send to peer failed)
8月 13 16:36:22 localhost.localdomain etcd[1344]: stopped streaming with peer a3ec213779ea2c81 (stream MsgApp v2 reader)
8月 13 16:36:22 localhost.localdomain etcd[1344]: stopped streaming with peer a3ec213779ea2c81 (stream Message reader)
8月 13 16:36:22 localhost.localdomain etcd[1344]: stopped peer a3ec213779ea2c81
8月 13 16:39:07 localhost.localdomain systemd[1]: [/usr/lib/systemd/system/etcd.service:1] Assignment outside of section. Ignoring.
8月 13 16:39:07 localhost.localdomain systemd[1]: [/usr/lib/systemd/system/etcd.service:2] Assignment outside of section. Ignoring.
8月 13 16:39:07 localhost.localdomain systemd[1]: [/usr/lib/systemd/system/etcd.service:3] Assignment outside of section. Ignoring.
8月 13 16:39:07 localhost.localdomain systemd[1]: [/usr/lib/systemd/system/etcd.service:4] Assignment outside of section. Ignoring.
8月 13 16:39:07 localhost.localdomain systemd[1]: [/usr/lib/systemd/system/etcd.service:5] Assignment outside of section. Ignoring.

向集群中添加安全节点node3

生成node3节点的服务端证书

由于集群已开启服务端的TLS认证,因此node3节点需要有相应的服务器证书;
但旧的服务端证书中hosts列表并不包含node3节点的主机IP,因此需要重新生成node3节点的server证书

cat > etcd4-csr.json << EOF 
{
    "CN": "etcd4",
    "hosts": [
        "192.168.159.6"
    ],
    "key": {
        "algo": "ecdsa",
        "size": 256
    },
    "names": [
        {
            "C": "CN",
            "L": "ChengDu",
            "O": "JSQ",
            "OU": "k8s",
            "ST": "SiChuan"
        }
    ]
}
EOF

cfssl gencert --ca=ca.pem --ca-key=ca-key.pem --config=ca-config.json --profile=server etcd4-csr.json  | cfssljson -bare etcd4
scp etcd4* root@192.168.159.6:/opt/etcd/pki/

[root@localhost pki]# ls etcd4*
etcd4.csr  etcd4-csr.json  etcd4-key.pem  etcd4-peer.csr  etcd4-peer-csr.json  etcd4-peer-key.pem  etcd4-peer.pem  etcd4.pem

集群的客户端证书由于没有hosts主机列表,因此可以通用。

从普通节点升级为TLS认证的安全节点

参照【运维】K8S集群部署系列之ETCD集群搭建(三)

直接将node3添加为TLS认证的安全节点

https方式添加node3节点
[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member add etcd-4 https://192.168.159.6:2380
Added member named etcd-4 with ID 1e7da56305348d0d to cluster

ETCD_NAME="etcd-4"
ETCD_INITIAL_CLUSTER="etcd-4=https://192.168.159.6:2380,etcd-2=https://192.168.159.4:2380,etcd-3=https://192.168.159.5:2380,etcd-1=https://192.168.159.3:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
查看集群状态
[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member list
1e7da56305348d0d[unstarted]: peerURLs=https://192.168.159.6:2380
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem cluster-health
member 1e7da56305348d0d is unreachable: no available published client urls
member 46899d42c87d524e is healthy: got healthy result from https://192.168.159.4:2379
member 6bdd9302771bc9c5 is healthy: got healthy result from https://192.168.159.5:2379
member a3ec213779ea2c81 is healthy: got healthy result from https://192.168.159.3:2379
cluster is degraded
修改node3节点配置

此处修改字段ETCD_LISTEN_PEER_URLSETCD_LISTEN_CLIENT_URLSETCD_INITIAL_ADVERTISE_PEER_URLSETCD_ADVERTISE_CLIENT_URLSETCD_INITIAL_CLUSTERETCD_PEER_CLIENT_CERT_AUTH
新增字段ETCD_CERT_FILEETCD_KEY_FILEETCD_CLIENT_CERT_AUTHETCD_TRUSTED_CA_FILE
注意字段ETCD_INITIAL_CLUSTER_STATE的值必须为existing

cat > /opt/etcd/etc/etcd.conf << EOF
#[Member]
ETCD_NAME="etcd-4"
ETCD_DATA_DIR="/opt/etcd/data"
ETCD_LISTEN_PEER_URLS="https://192.168.159.6:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.159.6:2379,http://127.0.0.1:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.159.6:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.159.6:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.159.3:2380,etcd-2=https://192.168.159.4:2380,etcd-3=https://192.168.159.5:2380,etcd-4=https://192.168.159.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="existing"

#[Security]
ETCD_CERT_FILE="/opt/etcd/pki/etcd4.pem"
ETCD_KEY_FILE="/opt/etcd/pki/etcd4-key.pem"

ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/opt/etcd/pki/ca.pem"

ETCD_PEER_CERT_FILE="/opt/etcd/pki/etcd4-peer.pem"    
ETCD_PEER_KEY_FILE="/opt/etcd/pki/etcd4-peer-key.pem"   
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/pki/ca.pem" 
EOF
安全启动node3的服务文件
cat > /usr/lib/systemd/system/etcd.service << EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=-/opt/etcd/etc/etcd.conf
ExecStart=/home/k8s/etcd/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS} \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=${ETCD_INITIAL_CLUSTER_STATE} \
--cert-file=${ETCD_CERT_FILE} \
--key-file=${ETCD_KEY_FILE} \
--client-cert-auth=${ETCD_CLIENT_CERT_AUTH} \
--trusted-ca-file=${ETCD_TRUSTED_CA_FILE} \
--peer-cert-file=${ETCD_PEER_CERT_FILE} \
--peer-key-file=${ETCD_PEER_KEY_FILE} \
--peer-client-cert-auth=${ETCD_PEER_CLIENT_CERT_AUTH} \
--peer-trusted-ca-file=${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
删除node3节点的旧数据

这一步很重要,否则node3节点无法正确启动。

rm -rf /opt/etcd/data/*

启动node3节点

systemctl daemon-reload && systemctl start etcd

再次查看集群状态

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem member list
1e7da56305348d0d: name=etcd-4 peerURLs=https://192.168.159.6:2380 clientURLs=https://192.168.159.6:2379 isLeader=false
46899d42c87d524e: name=etcd-2 peerURLs=https://192.168.159.4:2380 clientURLs=https://192.168.159.4:2379 isLeader=true
6bdd9302771bc9c5: name=etcd-3 peerURLs=https://192.168.159.5:2380 clientURLs=https://192.168.159.5:2379 isLeader=false
a3ec213779ea2c81: name=etcd-1 peerURLs=https://192.168.159.3:2380 clientURLs=https://192.168.159.3:2379 isLeader=false

[root@master pki]# etcdctl --ca-file=ca.pem  --cert-file=etcdctl.pem --key-file=etcdctl-key.pem cluster-health
member 1e7da56305348d0d is healthy: got healthy result from https://192.168.159.6:2379
member 46899d42c87d524e is healthy: got healthy result from https://192.168.159.4:2379
member 6bdd9302771bc9c5 is healthy: got healthy result from https://192.168.159.5:2379
member a3ec213779ea2c81 is healthy: got healthy result from https://192.168.159.3:2379
cluster is healthy

至此ETCD集群搭建及其动态扩容和缩容介绍完毕,下一篇我们将对etcdctl的基本操作进行简单介绍。

Let's Golang
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
青云高效运维k8s集群.pdf
10-18
2019年10月 最新的 容器技术 青云 高效运维K8S集群
k8S中的MySQL如何扩容_Kubernetes的etcd多节点扩容实战技巧
weixin_36342428的博客
02-01 671
在《Kubernetes探秘-多master节点容错部署》中介绍了通过部署多个主节点来提高Kubernetes的容错能力。其中,最为关键是存储集群控制数据的etcd服务必须在多个副节点间实时同步,而kube-apiserver通过keepalived进行IP主地址的切换。在《Kubernetes探秘-etcd节点和实例扩容》中已经详细介绍了etcd多节点扩容的步骤,但在实际操作中发现,必需要遵循一...
k8s部署-2.etcd部署
a791846的博客
01-26 247
一、etcd下载地址 https://github.com/coreos/etcd/releases 二、etcd 新建kubernetes目录 mkdir -p /opt/kubernetes/{bin,cfg,ssl} 解压etcd压缩包,并复制到指定目录 cp etcd /opt/kubernetes/bin/ cp etcdctl /opt/kubernetes/bin/ 把pem文件复制到ssl目录下 cp *.pem /opt/kubernetes/ssl 自签证书详见https:
kubeadm部署k8s只有etcd单点,etcd实例扩容
red_sky_blue的专栏
03-10 1174
kubeadm安装默认只有一个etcd实例,存在单点故障的风险。提升Kubernetes集群可用性的方法包括: 1、备份(Kubernetes探秘—etcd状态数据及其备份); 2、etcd节点和实例扩容; 3、apiserver的多节点服务和负载均衡。这里主要实验etcd节点和实例的扩容部署完后,发现etcd只有一个实例,想要扩成集群的方式 # kubectl get po -n kube-system ...
k8s 部署etcd集群
邢宁
12-06 5586
前言 公司计划使用etcd来做统一配置管理,由于服务都在阿里云托管k8s集群上,所以这里也打算使用k8s部署etcd集群。 一、创建持久化存储 1、创建etcd目录 mkdir etcd/ mkdir etcd/nas 2、创建storageclass存储 (1)设置rbac cd /data/etcd/nas cat rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-
基于kubeadm部署k8s集群,使用二进制文件部署etcd节点扩容
FizzX1的博客
04-25 825
可以看到etcd详细配置,这里添加新的etcd节点主要需要关注etcd的证书,配置中主要包括三个证书----根证书、客户端通讯用的server证书、etcd服务端之间通讯用的peer证书。所以,总结来说,要备份 etcd 集群的数据,需要:暂时停止 apiserver 写入 etcd。恢复 apiserver 的 etcd 数据存储管理功能备份的数据文件 snapshot.db 可以用于在数据损坏时快速恢复 etcd 集群的状态。这可以从各节点获得本地的数据快照,并基于多份快照数据恢复出整个集群的状态。
k8s搭建Nacos集群
05-26
k8s搭建Nacos集群,制作Java运行容器镜像,再制作Nacos镜像 Nacos版本是:2.1.0 说明: 如果想搭建:2.2.0也根据文档步骤操作即可
k8s安装Nacos集群
05-21
k8s搭建Nacos集群,制作Nacos镜像 Nacos版本是:2.0.2
K8S+Jenkins+Harbor+Docker+gitlab集群部署所需资源
02-20
K8S+Jenkins+Harbor+Docker+gitlab集群部署所需的所有资源
k8s搭建运维监控一体化
最新发布
12-15
2. ETCD集群搭建 3. Nginx 搭建 4. Keepalive搭建 5. K8S搭建 6. Harbor搭建(docker) 7. Rancher 搭建 8. Jenkins(k8s流水线)搭建 9. Glusterfs搭建 10. 安装k8s 备份工具 velero 11. 安装promethus 12....
k8s1.23.15版本二进制部署/扩容及高可用架构详解
97运维的博客
01-01 4057
这次官方消息表明在1.24版本中彻底移除了dockershim,即移除docker。但是在1.24之前的版本中还是可以正常使用docker的,本次使用二进制方式部署可支持docker的最后k8s版本1.23.15。使用nginx和keepalived实现k8s集群apiserver的高可用。
etcd集群节点缩容(下线)
a13568hki的博客
04-08 887
环境 k8s-master1 10.0.19.127 etcd-1 k8s-node1 10.0.19.129 etcd-2 k8s-node2 10.0.19.130 etcd-3 k8s-node3 10.0.19.128 etcd-4(下线) etcd-4节点上拷贝配置文件和启动命令,暂不启动(etcd-4节点上操作) 将etcd-4故障节点剔除集群etcd-1节点上操作) 一、下线故障etcd-4节点 命令行下线etcd4 下线节点 #list 查看节点状态 [root
Kubernetes探秘-etcd节点和实例扩容
weixin_33726318的博客
12-07 1021
2019独角兽企业重金招聘Python工程师标准>>> ...
etcd节点扩容至两个节点
weixin_30737433的博客
01-20 502
本篇已经安装了单个etcd,然后进行扩容etcd节点至2个,安装单节点请参照:https://www.cnblogs.com/effortsing/p/10295261.html 实验架构 test1: 192.168.0.91 etcd test2: 192.168.0.92 etcd test3: 192.168.0.93 无 需...
etcd初始化集群
土豆
02-03 1457
准备条件 2台linux系统的虚拟机作etcd集群节点,其ip地址能够互相ping通(本文使用的镜像为:CentOS-8.2.2004-x86_64-minimal.iso) 集群节点分别安装好etcd服务(本文使用的rpm包为:etcd-3.2.21-2.el8.x86_64.rpm) 创建集群 配置文件的修改 etcd集群的创建通过修改配置文件/etc/etcd/etcd.conf实现,修改项主要包括 1.ETCD_DATA_DIR ...
etcd动态扩容
xiaoyaGrace的博客
12-02 1580
etcd集群一般采用3台机器组建集群,作为集群高可用,集群所在的机房也要高可用,通常3台机器分布在两个机房,但假如遇到机房层面的故障,可能会导致etcd集群不能正常工作,基于以上原因,我们需要扩容为5台 目前etcd 可以支持在线动态扩容,无须重启etcd集群 加入新增加etcd4 etcd5节点 ...
etcd集群节点扩容
a13568hki的博客
04-08 2919
1、etcd4 基础环境初始化(参考之前的文章etcd搭建) https://blog.csdn.net/a13568hki/article/details/123581346 2、etcd集群中新增etcd4 的hosts解析,如果是dns域名提前配置,保证4台机器的地址信息可以正常解析 环境 k8s-master1 10.0.19.127 etcd-1 k8s-node1 10.0.19.129 etcd-2 k8s-node2 10.0.19.130 etcd-3 k8s-no
ETCD集群的配置与扩容
foreverdingleo的博客
03-29 2389
目标:组建3台节点的etcd集群节点信息:node010.211.55.9node110.211.55.10node210.211.55.11一. 准备工作:1.关闭并停用防火墙    systemctl stop firewalld.service     systemctl disable firewalld.service2.永久关闭SELinux     vim /etc/selinux/...
基于etcd加saltstack的自动化扩容
weixin_33743661的博客
11-18 68
[root@linux-node1 ~]# vim /etc/salt/master =============>在配置文件最底部加上如下内容etcd_pillar_config: etcd.host: 10.0.0.7 etcd.port: 4001ext_pillar: - etcd: etcd_pillar_config ro...
k8s集群常见运维故障
05-15
Kubernetes (k8s)是一种流行的容器编排平台,使得容器部署和管理变得更加简单。尽管它可以自动化许多任务,但是维护k8s集群时也可能发生一些故障。以下是k8s集群常见的运维故障。 1.资源不足:k8s需要许多系统资源才能正常运行,包括CPU、内存和存储。如果资源不足,k8s集群可能出现延迟或崩溃等问题。解决方法是增加资源或限制资源使用。 2.网络问题:k8s集群需要一个高可靠的网络来保证容器之间的通信和服务发现。网络故障可能导致无法连接到服务或容器,甚至无法访问互联网。 3.节点故障:k8s集群包含多个节点,如果一个或多个节点出现故障,那么相应的容器和服务也将受到影响。通常可以使用容器自动重启或通过手动方式将任务移到其他节点。 4.升级问题:k8s集群的升级可能导致问题,例如版本冲突或组件不兼容。必须仔细规划和测试升级过程以最小化影响。 5.存储问题:k8s允许组织使用不同类型的存储来持久化数据。但是,存储卷可能会故障或容器无法访问,导致应用程序出现故障。在这种情况下,需要重新创建存储卷或手动清理存储空间。 总之,每个运维人员都应该意识到k8s的常见故障,并了解如何诊断和解决问题。定期备份集群数据以及进行详细的运维日志记录也是非常有必要的。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值