7

Etcd:Kubernetes集群的大脑

 3 years ago
source link: https://studygolang.com/articles/30668
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

uMJ3iuU.png!mobile

Etcd是Kubernetes的关键组件,因为它存储了集群的整个状态:其配置,规格以及运行中的工作负载的状态。在本文中,我们将会揭开其神秘的面纱,了解etcd如何存储所有这些信息。

Etcd 简介

Etcd被定义为分布式,可靠的键值存储,用于分布式系统中最关键的数据。

在Kubernetes世界中,etcd用作服务发现的后端,并存储集群的状态及其配置。

Etcd被部署为一个集群,几个节点的通信由Raft算法处理。在生产环境中,集群包含奇数个节点,并且至少需要三个。在 http://thesecretlivesofdata.com/ 中,您可以找到一个很好的动画,说明该算法的运行方式,它说明了集群生命周期的几个阶段,其中包括:

  • 选主
  • 日志复制

Kubernetes 中的 Etcd

在Kubernetes集群的上下文中,etcd实例可以作为Pod部署在master节点上(这是我们将在本文中使用的示例)。

VNziQzF.jpg!mobile

为了增加安全性和弹性,还可以将其部署为外部集群。

jquYjmz.jpg!mobile

以下来自Heptio博客的序列图显示了在简单的Pod创建过程中涉及的组件。它很好地说明了API服务器和etcd的交互作用。

rEn6jib.png!mobile

Kubernetes 测试集群

在本篇文章中,我们使用的Kubernetes集群,由kubeadm创建的三个节点组成,其中一个master节点运行了Etcd。所选的网络附加组件是weavenet。这种配置不适合实际的HA集群,但足以浏览etcd中存储的数据。

$ kubectl get nodes
NAME    STATUS ROLES  AGE   VERSION
node-01 Ready  master 56m   v1.15.2
node-02 Ready  <none> 2m17  v1.15.2
node-03 Ready  <none> 2m17  v1.15.2

The Etcd Pod

首先,让我们列出集群中运行的所有Pod:

$ kubectl get pods --all-namespaces
NAMESPACE   NAME                           READY STATUS  RESTART AGE
kube-system coredns-5c98db65d4–5kjjv       1/1   Running 0       57m
kube-system coredns-5c98db65d4–88hkq       1/1   Running 0       57m
kube-system etcd-node-01                   1/1   Running 0       56m
kube-system kube-apiserver-node-01         1/1   Running 0       56m
kube-system kube-controller-manager-node-01 1/1  Running 0       56m
kube-system kube-proxy-7642v               1/1   Running 0       3m
kube-system kube-proxy-jsp4r               1/1   Running 0       3m
kube-system kube-proxy-xj8qm               1/1   Running 0       57m
kube-system kube-scheduler-node-01         1/1   Running 0       56m
kube-system weave-net-2hvbx                2/2   Running 0       87s
kube-system weave-net-5mrjl                2/2   Running 0       87s
kube-system weave-net-c76fx                2/2   Running 0       87s

由于集群刚刚被初始化,因此只有kube-system名称空间中的Pod正在运行。这些Pod负责集群的管理任务。我们感兴趣的Pod是 etcd-node-01 ,它运行etcd的实例来负责存储集群的状态。

首先,在etcd Pod中运行一个shell,并检查其中运行的etcd容器的配置:

QnmuyeU.jpg!mobile

使用 --advertise-client-urls 标志的值,我们可以使用 etcdctl 实用程序获取所有现有的键/值对,并将其保存在 etcd-kv.json 中。 

$ ADVERTISE_URL="https://134.209.178.162:2379"
$ kubectl exec etcd-node-01 -n kube-system -- sh -c 
"ETCDCTL_API=3 etcdctl 
--endpoints $ADVERTISE_URL 
--cacert /etc/kubernetes/pki/etcd/ca.crt 
--key /etc/kubernetes/pki/etcd/server.key 
--cert /etc/kubernetes/pki/etcd/server.crt 
get "" --prefix=true -w json" > etcd-kv.json

快速查看此文件将显示健列表及其对应的值,它们均以base64编码(此处仅显示文件的摘录)。

M3mymmv.jpg!mobile

首先让我们以纯文本格式获取所有键,以查看其内容。我把所有键输出:

$ for k in $(cat etcd-kv.json | jq '.kvs[].key' | cut -d '"' -f2); do echo $k | base64 --decode; echo; done

/registry/apiregistration.k8s.io/apiservices/v1.
/registry/apiregistration.k8s.io/apiservices/v1.apps
/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v1.batch
/registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.scheduling.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionregistration.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.apiextensions.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.apps
/registry/apiregistration.k8s.io/apiservices/v1beta1.authentication.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.batch
/registry/apiregistration.k8s.io/apiservices/v1beta1.certificates.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.coordination.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.events.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.extensions
/registry/apiregistration.k8s.io/apiservices/v1beta1.networking.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.node.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.policy
/registry/apiregistration.k8s.io/apiservices/v1beta1.rbac.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.scheduling.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta2.apps
/registry/apiregistration.k8s.io/apiservices/v2beta1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v2beta2.autoscaling
/registry/certificatesigningrequests/csr-h9mcg
/registry/certificatesigningrequests/csr-qwnxf
/registry/certificatesigningrequests/csr-xklls
/registry/clusterrolebindings/cluster-admin
/registry/clusterrolebindings/kubeadm:kubelet-bootstrap
/registry/clusterrolebindings/kubeadm:node-autoapprove-bootstrap
/registry/clusterrolebindings/kubeadm:node-autoapprove-certificate-rotation
/registry/clusterrolebindings/kubeadm:node-proxier
/registry/clusterrolebindings/system:basic-user
/registry/clusterrolebindings/system:controller:attachdetach-controller
/registry/clusterrolebindings/system:controller:certificate-controller
/registry/clusterrolebindings/system:controller:clusterrole-aggregation-controller
/registry/clusterrolebindings/system:controller:cronjob-controller
/registry/clusterrolebindings/system:controller:daemon-set-controller
/registry/clusterrolebindings/system:controller:deployment-controller
/registry/clusterrolebindings/system:controller:disruption-controller
/registry/clusterrolebindings/system:controller:endpoint-controller
/registry/clusterrolebindings/system:controller:expand-controller
/registry/clusterrolebindings/system:controller:generic-garbage-collector
/registry/clusterrolebindings/system:controller:horizontal-pod-autoscaler
/registry/clusterrolebindings/system:controller:job-controller
/registry/clusterrolebindings/system:controller:namespace-controller
/registry/clusterrolebindings/system:controller:node-controller
/registry/clusterrolebindings/system:controller:persistent-volume-binder
/registry/clusterrolebindings/system:controller:pod-garbage-collector
/registry/clusterrolebindings/system:controller:pv-protection-controller
/registry/clusterrolebindings/system:controller:pvc-protection-controller
/registry/clusterrolebindings/system:controller:replicaset-controller
/registry/clusterrolebindings/system:controller:replication-controller
/registry/clusterrolebindings/system:controller:resourcequota-controller
/registry/clusterrolebindings/system:controller:route-controller
/registry/clusterrolebindings/system:controller:service-account-controller
/registry/clusterrolebindings/system:controller:service-controller
/registry/clusterrolebindings/system:controller:statefulset-controller
/registry/clusterrolebindings/system:controller:ttl-controller
/registry/clusterrolebindings/system:coredns
/registry/clusterrolebindings/system:discovery
/registry/clusterrolebindings/system:kube-controller-manager
/registry/clusterrolebindings/system:kube-dns
/registry/clusterrolebindings/system:kube-scheduler
/registry/clusterrolebindings/system:node
/registry/clusterrolebindings/system:node-proxier
/registry/clusterrolebindings/system:public-info-viewer
/registry/clusterrolebindings/system:volume-scheduler
/registry/clusterrolebindings/weave-net
/registry/clusterroles/admin
/registry/clusterroles/cluster-admin
/registry/clusterroles/edit
/registry/clusterroles/system:aggregate-to-admin
/registry/clusterroles/system:aggregate-to-edit
/registry/clusterroles/system:aggregate-to-view
/registry/clusterroles/system:auth-delegator
/registry/clusterroles/system:basic-user
/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:nodeclient
/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient
/registry/clusterroles/system:controller:attachdetach-controller
/registry/clusterroles/system:controller:certificate-controller
/registry/clusterroles/system:controller:clusterrole-aggregation-controller
/registry/clusterroles/system:controller:cronjob-controller
/registry/clusterroles/system:controller:daemon-set-controller
/registry/clusterroles/system:controller:deployment-controller
/registry/clusterroles/system:controller:disruption-controller
/registry/clusterroles/system:controller:endpoint-controller
/registry/clusterroles/system:controller:expand-controller
/registry/clusterroles/system:controller:generic-garbage-collector
/registry/clusterroles/system:controller:horizontal-pod-autoscaler
/registry/clusterroles/system:controller:job-controller
/registry/clusterroles/system:controller:namespace-controller
/registry/clusterroles/system:controller:node-controller
/registry/clusterroles/system:controller:persistent-volume-binder
/registry/clusterroles/system:controller:pod-garbage-collector
/registry/clusterroles/system:controller:pv-protection-controller
/registry/clusterroles/system:controller:pvc-protection-controller
/registry/clusterroles/system:controller:replicaset-controller
/registry/clusterroles/system:controller:replication-controller
/registry/clusterroles/system:controller:resourcequota-controller
/registry/clusterroles/system:controller:route-controller
/registry/clusterroles/system:controller:service-account-controller
/registry/clusterroles/system:controller:service-controller
/registry/clusterroles/system:controller:statefulset-controller
/registry/clusterroles/system:controller:ttl-controller
/registry/clusterroles/system:coredns
/registry/clusterroles/system:csi-external-attacher
/registry/clusterroles/system:csi-external-provisioner
/registry/clusterroles/system:discovery
/registry/clusterroles/system:heapster
/registry/clusterroles/system:kube-aggregator
/registry/clusterroles/system:kube-controller-manager
/registry/clusterroles/system:kube-dns
/registry/clusterroles/system:kube-scheduler
/registry/clusterroles/system:kubelet-api-admin
/registry/clusterroles/system:node
/registry/clusterroles/system:node-bootstrapper
/registry/clusterroles/system:node-problem-detector
/registry/clusterroles/system:node-proxier
/registry/clusterroles/system:persistent-volume-provisioner
/registry/clusterroles/system:public-info-viewer
/registry/clusterroles/system:volume-scheduler
/registry/clusterroles/view
/registry/clusterroles/weave-net
/registry/configmaps/kube-public/cluster-info
/registry/configmaps/kube-system/coredns
/registry/configmaps/kube-system/extension-apiserver-authentication
/registry/configmaps/kube-system/kube-proxy
/registry/configmaps/kube-system/kubeadm-config
/registry/configmaps/kube-system/kubelet-config-1.15
/registry/configmaps/kube-system/weave-net
/registry/controllerrevisions/kube-system/kube-proxy-84c6b844cd
/registry/controllerrevisions/kube-system/weave-net-7db89b6d4
/registry/daemonsets/kube-system/kube-proxy
/registry/daemonsets/kube-system/weave-net
/registry/deployments/kube-system/coredns
/registry/events/default/node-01.15b9e0cd75ea6932
/registry/events/default/node-02.15b9e0ae0342c323
/registry/events/default/node-02.15b9e0ae0f9c2ae3
/registry/events/default/node-02.15b9e0ae0f9c5fa9
/registry/events/default/node-02.15b9e0ae0f9c7206
/registry/events/default/node-02.15b9e0ae1575182e
/registry/events/default/node-02.15b9e0aea1c4eeaf
/registry/events/default/node-02.15b9e0af99ba73a2
/registry/events/default/node-02.15b9e0ca43c5e760
/registry/events/default/node-03.15b9e0ae9bdae96c
/registry/events/default/node-03.15b9e0aea880813c
/registry/events/default/node-03.15b9e0aea880ae05
/registry/events/default/node-03.15b9e0aea880c0de
/registry/events/default/node-03.15b9e0aeb13cfeef
/registry/events/default/node-03.15b9e0afcbcf299b
/registry/events/default/node-03.15b9e0b02f28fa3c
/registry/events/default/node-03.15b9e0cadf7dce89
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9ddb67e6ab700
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0af3bdb47fe
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cbbbb7579d
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc279fbd33
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc34fb8de2
/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc4994ad54
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9ddb6850e5ff1
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0aea988964f
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cbbb3af928
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc2ffb9d11
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc3a4def6c
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc4bd20265
/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc6e488534
/registry/events/kube-system/kube-proxy-7642v.15b9e0ae1444b38c
/registry/events/kube-system/kube-proxy-7642v.15b9e0ae7ff6f434
/registry/events/kube-system/kube-proxy-7642v.15b9e0af631fa3d0
/registry/events/kube-system/kube-proxy-7642v.15b9e0af7632698a
/registry/events/kube-system/kube-proxy-7642v.15b9e0af85356aad
/registry/events/kube-system/kube-proxy-jsp4r.15b9e0aeadc2ce3a
/registry/events/kube-system/kube-proxy-jsp4r.15b9e0af27535c1b
/registry/events/kube-system/kube-proxy-jsp4r.15b9e0affc7fc79e
/registry/events/kube-system/kube-proxy-jsp4r.15b9e0b00a290340
/registry/events/kube-system/kube-proxy-jsp4r.15b9e0b01b0a4eef
/registry/events/kube-system/kube-proxy.15b9e0ae1333a730
/registry/events/kube-system/kube-proxy.15b9e0aeaad76df0
/registry/events/kube-system/weave-net-2hvbx.15b9e0c6e9b6c1de
/registry/events/kube-system/weave-net-2hvbx.15b9e0c71a365ad4
/registry/events/kube-system/weave-net-2hvbx.15b9e0c88a5af203
/registry/events/kube-system/weave-net-2hvbx.15b9e0c8a5998774
/registry/events/kube-system/weave-net-2hvbx.15b9e0c8b54252cb
/registry/events/kube-system/weave-net-2hvbx.15b9e0c8b5543df6
/registry/events/kube-system/weave-net-2hvbx.15b9e0c98384d3e1
/registry/events/kube-system/weave-net-2hvbx.15b9e0c9916478ce
/registry/events/kube-system/weave-net-2hvbx.15b9e0c9a090c521
/registry/events/kube-system/weave-net-5mrjl.15b9e0c6e9523ad2
/registry/events/kube-system/weave-net-5mrjl.15b9e0c7194191cb
/registry/events/kube-system/weave-net-5mrjl.15b9e0c89c46497c
/registry/events/kube-system/weave-net-5mrjl.15b9e0c8b335c817
/registry/events/kube-system/weave-net-5mrjl.15b9e0c8c714f12d
/registry/events/kube-system/weave-net-5mrjl.15b9e0c8c770ebdd
/registry/events/kube-system/weave-net-5mrjl.15b9e0c995196184
/registry/events/kube-system/weave-net-5mrjl.15b9e0c9a24d099d
/registry/events/kube-system/weave-net-5mrjl.15b9e0c9b2e0cdef
/registry/events/kube-system/weave-net-c76fx.15b9e0c6ec0133eb
/registry/events/kube-system/weave-net-c76fx.15b9e0c7255593bb
/registry/events/kube-system/weave-net-c76fx.15b9e0c8d4f52821
/registry/events/kube-system/weave-net-c76fx.15b9e0c90ebfeb95
/registry/events/kube-system/weave-net-c76fx.15b9e0c922410c3a
/registry/events/kube-system/weave-net-c76fx.15b9e0c922580ded
/registry/events/kube-system/weave-net-c76fx.15b9e0c9f7834364
/registry/events/kube-system/weave-net-c76fx.15b9e0ca15411664
/registry/events/kube-system/weave-net-c76fx.15b9e0ca2d254f2c
/registry/events/kube-system/weave-net.15b9e0c6e7edf622
/registry/events/kube-system/weave-net.15b9e0c6e9c8d2c1
/registry/events/kube-system/weave-net.15b9e0c6ea880cd2
/registry/leases/kube-node-lease/node-01
/registry/leases/kube-node-lease/node-02
/registry/leases/kube-node-lease/node-03
/registry/masterleases/134.209.178.162
/registry/minions/node-01
/registry/minions/node-02
/registry/minions/node-03
/registry/namespaces/default
/registry/namespaces/kube-node-lease
/registry/namespaces/kube-public
/registry/namespaces/kube-system
/registry/pods/kube-system/coredns-5c98db65d4-5kjjv
/registry/pods/kube-system/coredns-5c98db65d4-88hkq
/registry/pods/kube-system/etcd-node-01
/registry/pods/kube-system/kube-apiserver-node-01
/registry/pods/kube-system/kube-controller-manager-node-01
/registry/pods/kube-system/kube-proxy-7642v
/registry/pods/kube-system/kube-proxy-jsp4r
/registry/pods/kube-system/kube-proxy-xj8qm
/registry/pods/kube-system/kube-scheduler-node-01
/registry/pods/kube-system/weave-net-2hvbx
/registry/pods/kube-system/weave-net-5mrjl
/registry/pods/kube-system/weave-net-c76fx
/registry/priorityclasses/system-cluster-critical
/registry/priorityclasses/system-node-critical
/registry/ranges/serviceips
/registry/ranges/servicenodeports
/registry/replicasets/kube-system/coredns-5c98db65d4
/registry/rolebindings/kube-public/kubeadm:bootstrap-signer-clusterinfo
/registry/rolebindings/kube-public/system:controller:bootstrap-signer
/registry/rolebindings/kube-system/kube-proxy
/registry/rolebindings/kube-system/kubeadm:kubelet-config-1.15
/registry/rolebindings/kube-system/kubeadm:nodes-kubeadm-config
/registry/rolebindings/kube-system/system::extension-apiserver-authentication-reader
/registry/rolebindings/kube-system/system::leader-locking-kube-controller-manager
/registry/rolebindings/kube-system/system::leader-locking-kube-scheduler
/registry/rolebindings/kube-system/system:controller:bootstrap-signer
/registry/rolebindings/kube-system/system:controller:cloud-provider
/registry/rolebindings/kube-system/system:controller:token-cleaner
/registry/rolebindings/kube-system/weave-net
/registry/roles/kube-public/kubeadm:bootstrap-signer-clusterinfo
/registry/roles/kube-public/system:controller:bootstrap-signer
/registry/roles/kube-system/extension-apiserver-authentication-reader
/registry/roles/kube-system/kube-proxy
/registry/roles/kube-system/kubeadm:kubelet-config-1.15
/registry/roles/kube-system/kubeadm:nodes-kubeadm-config
/registry/roles/kube-system/system::leader-locking-kube-controller-manager
/registry/roles/kube-system/system::leader-locking-kube-scheduler
/registry/roles/kube-system/system:controller:bootstrap-signer
/registry/roles/kube-system/system:controller:cloud-provider
/registry/roles/kube-system/system:controller:token-cleaner
/registry/roles/kube-system/weave-net
/registry/secrets/default/default-token-nz988
/registry/secrets/kube-node-lease/default-token-4w7tf
/registry/secrets/kube-public/default-token-pzhnr
/registry/secrets/kube-system/attachdetach-controller-token-69mzv
/registry/secrets/kube-system/bootstrap-signer-token-584pq
/registry/secrets/kube-system/bootstrap-token-w1d2kx
/registry/secrets/kube-system/certificate-controller-token-rff4s
/registry/secrets/kube-system/clusterrole-aggregation-controller-token-6hks4
/registry/secrets/kube-system/coredns-token-b2874
/registry/secrets/kube-system/cronjob-controller-token-55pgx
/registry/secrets/kube-system/daemon-set-controller-token-nhcdf
/registry/secrets/kube-system/default-token-f5kl4
/registry/secrets/kube-system/deployment-controller-token-lm58l
/registry/secrets/kube-system/disruption-controller-token-4tw6s
/registry/secrets/kube-system/endpoint-controller-token-qdh8q
/registry/secrets/kube-system/expand-controller-token-6stw5
/registry/secrets/kube-system/generic-garbage-collector-token-hqfqx
/registry/secrets/kube-system/horizontal-pod-autoscaler-token-h6czj
/registry/secrets/kube-system/job-controller-token-nmw8f
/registry/secrets/kube-system/kube-proxy-token-zcrj8
/registry/secrets/kube-system/namespace-controller-token-trhl9
/registry/secrets/kube-system/node-controller-token-mmf4d
/registry/secrets/kube-system/persistent-volume-binder-token-wnh9s
/registry/secrets/kube-system/pod-garbage-collector-token-h7vvp
/registry/secrets/kube-system/pv-protection-controller-token-lcqb6
/registry/secrets/kube-system/pvc-protection-controller-token-k2kf8
/registry/secrets/kube-system/replicaset-controller-token-zhc7k
/registry/secrets/kube-system/replication-controller-token-l8hr6
/registry/secrets/kube-system/resourcequota-controller-token-bglb2
/registry/secrets/kube-system/service-account-controller-token-5dhxz
/registry/secrets/kube-system/service-controller-token-l98rk
/registry/secrets/kube-system/statefulset-controller-token-dj85r
/registry/secrets/kube-system/token-cleaner-token-qz8hs
/registry/secrets/kube-system/ttl-controller-token-6vbv6
/registry/secrets/kube-system/weave-net-token-87h6x
/registry/serviceaccounts/default/default
/registry/serviceaccounts/kube-node-lease/default
/registry/serviceaccounts/kube-public/default
/registry/serviceaccounts/kube-system/attachdetach-controller
/registry/serviceaccounts/kube-system/bootstrap-signer
/registry/serviceaccounts/kube-system/certificate-controller
/registry/serviceaccounts/kube-system/clusterrole-aggregation-controller
/registry/serviceaccounts/kube-system/coredns
/registry/serviceaccounts/kube-system/cronjob-controller
/registry/serviceaccounts/kube-system/daemon-set-controller
/registry/serviceaccounts/kube-system/default
/registry/serviceaccounts/kube-system/deployment-controller
/registry/serviceaccounts/kube-system/disruption-controller
/registry/serviceaccounts/kube-system/endpoint-controller
/registry/serviceaccounts/kube-system/expand-controller
/registry/serviceaccounts/kube-system/generic-garbage-collector
/registry/serviceaccounts/kube-system/horizontal-pod-autoscaler
/registry/serviceaccounts/kube-system/job-controller
/registry/serviceaccounts/kube-system/kube-proxy
/registry/serviceaccounts/kube-system/namespace-controller
/registry/serviceaccounts/kube-system/node-controller
/registry/serviceaccounts/kube-system/persistent-volume-binder
/registry/serviceaccounts/kube-system/pod-garbage-collector
/registry/serviceaccounts/kube-system/pv-protection-controller
/registry/serviceaccounts/kube-system/pvc-protection-controller
/registry/serviceaccounts/kube-system/replicaset-controller
/registry/serviceaccounts/kube-system/replication-controller
/registry/serviceaccounts/kube-system/resourcequota-controller
/registry/serviceaccounts/kube-system/service-account-controller
/registry/serviceaccounts/kube-system/service-controller
/registry/serviceaccounts/kube-system/statefulset-controller
/registry/serviceaccounts/kube-system/token-cleaner
/registry/serviceaccounts/kube-system/ttl-controller
/registry/serviceaccounts/kube-system/weave-net
/registry/services/endpoints/default/kubernetes
/registry/services/endpoints/kube-system/kube-controller-manager
/registry/services/endpoints/kube-system/kube-dns
/registry/services/endpoints/kube-system/kube-scheduler
/registry/services/specs/default/kubernetes
/registry/services/specs/kube-system/kube-dns
compact_rev_key

上面的结果显示了342个键,这些键定义了集群中所有资源的配置和状态:

  • Nodes
  • Namespaces
  • ServiceAccounts
  • Roles and RoleBindings, ClusterRoles / ClusterRoleBindings
  • ConfigMaps
  • Secrets
  • Workloads: Deployments, DaemonSets, Pods, …
  • Cluster’s certificates
  • The resources within each apiVersion
  • The events that bring the cluster in the current state

选择这些键之一后,我们可以使用以下命令获取关联的值:

$ kubectl exec etcd-node-01 -n kube-system —- sh -c 
"ETCDCTL_API=3 etcdctl 
--endpoints $ADVERTISE_URL 
--cacert /etc/kubernetes/pki/etcd/ca.crt 
--key /etc/kubernetes/pki/etcd/server.key 
--cert /etc/kubernetes/pki/etcd/server.crt 
get "KEY" -w json"

例如,让我们获取与 /registry/deployments/kube-system/coredns 键相关联的值:

yQj6jya.jpg!mobile

如果我们解码与此键关联的值,则返回值将很难读,因为无法解释某些字符,但是,当然,Kubernetes知道如何正确处理它们。

euIVvuz.jpg!mobile

根据此结果,我们可以推断出此key用于存储管理coredns Pods的部署的规范和状态。

Pod 的创建

让我们创建一个Pod,并检查如何修改集群的状态以及添加哪些新Key。

$ cat <<EoF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: www
spec:
  containers:
  - name: nginx
    image: nginx:1.16-alpine
EoF

使用与之前相同的命令,我们获取所有key并将此列表保存在 etcd-kv-after-nginx-pod.json 中。快速比较这两个键列表,一个是在创建集群后立即检索的键( etcd-kv.json ),另一个是在我们部署了www Pod之后检索的键( etcd-kv-after-nginx-pod.json ),显示以下内容: 

> /registry/events/default/www.15b9e3051648764f
> /registry/events/default/www.15b9e3056b8ce3f0
> /registry/events/default/www.15b9e306918312ea
> /registry/events/default/www.15b9e306a32beb6d
> /registry/events/default/www.15b9e306b5892b60
> /registry/pods/default/www

产生了五个事件和一个Pod,这很有意义。让我们仔细看看,首先解码与事件键关联的值。按照时间顺序,我们可以看到它们与以下操作关联:

default/www 到 node-02
拉取镜像 “nginx:1.16-alpine
成功拉取镜像 “nginx:1.16-alpine
nginx
”Started container nginx

这些事件在描述Pod的命令末尾列出:

$ kubectl describe pod www

最后一个键_ /registry/pods/default/www _,提供与新创建的Pod相关的所有信息:

  • 最近的配置
  • 相关的token
  • I状态

总结

本文的目的不是深入研究etcd,而是稍微解释一下其中包含的内容以及信息的组织方式。这样做是希望它看起来不像黑盒子。

PS: 本文属于翻译, 原文

有疑问加站长微信联系

iiUfA3j.png!mobile

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK