When building a k8s cluster, we often use kubeadm. This tool can help us quickly build a highly available, online available k8s cluster. For some reasons, we often need the etcd cluster to be independent of the k8s cluster. Is there any way to build an etcd cluster as quickly as kubeadm? Today we will introduce etcdadm .
Using etcdadm is very simple. Download the latest version to the host where etcd needs to be installed.
Common commands
新建一个集群:
etcdadm init
常用参数:
--certs-dir: 指定etcd证书存放路径,默认为/etc/etcd/pki
--install-dir: 指定etcd命令存放路径,默认为/opt/bin/
--name: 设置节点名称,对应ETCD_NAME
--release-url: 指定下载地址,默认为https://github.com/coreos/etcd/releases/download 此地址会与version参数拼接成下载地址,格式为 https://github.com/coreos/etcd/releases/download/v{version}/etcd-v{version}-linux-amd64.tar.gz
--server-cert-extra-sans: 用于额外指定dns地址,默认包括127.0.0.1,本机地址,ETCD_NAME
--snapshot: 用快照数据初始化一个集群
--version: 指定启动etcd的版本,默认为3.3.8
向现有集群添加一个节点:
将一个节点加入到集群内。一个新节点加入集群前,必须手动将其他节点的ca证书复制到certs-dir下。
etcdadm join https://first-etcd-node-ip:2379
参数和上面的一致。
移除一个节点:
将一个节点从集群中删掉,并会自动清理相关文件
etcdadm resetproblem
etcd is very convenient and easy to use, but there are some problems:
- As of the v0.1.3 version of 2020-06, etcdadm does not support etcd v3.4 and later versions. Because after etcd v3.4, the default API version of etcd has been changed from v2 to v3, and the v3 version of etcdctl is not the same as the v2 version, which leads to etcdadm version verification error. Related issue
- Currently, the configuration of additional etcd parameters is not supported. To add parameters, you need to manually modify and maintain etcd.env files on all hosts.
- Like kubeadm, the CA certificate is valid for 10 years, and other certificates are valid for 1 year, and renew certificates are currently not supported.
- Only support deployment using root user
to sum up
In summary, I think etcdadm is only very suitable for use in testing or less demanding scenarios. If you really need to deploy a highly available etcd cluster in a production environment, it is recommended to use tools such as saltstack or ansible for deployment, which has a higher degree of freedom.