Etcd是Kubernetes的要害组件,因为它存储了集群的整个状态:其配置,规格以及运行中的工作负载的状态。在本文中,咱们将会揭开其神秘的面纱,理解etcd如何存储所有这些信息。
Etcd 简介
Etcd被定义为分布式,牢靠的键值存储,用于分布式系统中最要害的数据。
在Kubernetes世界中,etcd用作服务发现的后端,并存储集群的状态及其配置。
Etcd被部署为一个集群,几个节点的通信由Raft算法解决。在生产环境中,集群蕴含奇数个节点,并且至多须要三个。在 http://thesecretlivesofdata.com/ 中,您能够找到一个很好的动画,阐明该算法的运行形式,它阐明了集群生命周期的几个阶段,其中包含:
- 选主
- 日志复制
Kubernetes 中的 Etcd
在Kubernetes集群的上下文中,etcd实例能够作为Pod部署在master节点上(这是咱们将在本文中应用的示例)。
为了减少安全性和弹性,还能够将其部署为内部集群。
以下来自Heptio博客的序列图显示了在简略的Pod创立过程中波及的组件。它很好地阐明了API服务器和etcd的交互作用。
Kubernetes 测试集群
在本篇文章中,咱们应用的Kubernetes集群,由kubeadm创立的三个节点组成,其中一个master节点运行了Etcd。所选的网络附加组件是weavenet。这种配置不适宜理论的HA集群,但足以浏览etcd中存储的数据。
$ kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-01 Ready master 56m v1.15.2node-02 Ready <none> 2m17 v1.15.2node-03 Ready <none> 2m17 v1.15.2The Etcd Pod
首先,让咱们列出集群中运行的所有Pod:
$ kubectl get pods --all-namespacesNAMESPACE NAME READY STATUS RESTART AGEkube-system coredns-5c98db65d4–5kjjv 1/1 Running 0 57mkube-system coredns-5c98db65d4–88hkq 1/1 Running 0 57mkube-system etcd-node-01 1/1 Running 0 56mkube-system kube-apiserver-node-01 1/1 Running 0 56mkube-system kube-controller-manager-node-01 1/1 Running 0 56mkube-system kube-proxy-7642v 1/1 Running 0 3mkube-system kube-proxy-jsp4r 1/1 Running 0 3mkube-system kube-proxy-xj8qm 1/1 Running 0 57mkube-system kube-scheduler-node-01 1/1 Running 0 56mkube-system weave-net-2hvbx 2/2 Running 0 87skube-system weave-net-5mrjl 2/2 Running 0 87skube-system weave-net-c76fx 2/2 Running 0 87s因为集群刚刚被初始化,因而只有kube-system名称空间中的Pod正在运行。这些Pod负责集群的治理工作。咱们感兴趣的Pod是etcd-node-01,它运行etcd的实例来负责存储集群的状态。
首先,在etcd Pod中运行一个shell,并查看其中运行的etcd容器的配置:
应用--advertise-client-urls标记的值,咱们能够应用etcdctl实用程序获取所有现有的键/值对,并将其保留在etcd-kv.json中。
$ ADVERTISE_URL="https://134.209.178.162:2379"$ kubectl exec etcd-node-01 -n kube-system -- sh -c "ETCDCTL_API=3 etcdctl --endpoints $ADVERTISE_URL --cacert /etc/kubernetes/pki/etcd/ca.crt --key /etc/kubernetes/pki/etcd/server.key --cert /etc/kubernetes/pki/etcd/server.crt get "" --prefix=true -w json" > etcd-kv.json疾速查看此文件将显示健列表及其对应的值,它们均以base64编码(此处仅显示文件的摘录)。
首先让咱们以纯文本格式获取所有键,以查看其内容。我把所有键输入:
$ for k in $(cat etcd-kv.json | jq '.kvs[].key' | cut -d '"' -f2); do echo $k | base64 --decode; echo; done/registry/apiregistration.k8s.io/apiservices/v1./registry/apiregistration.k8s.io/apiservices/v1.apps/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.autoscaling/registry/apiregistration.k8s.io/apiservices/v1.batch/registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorization.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.scheduling.k8s.io/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionregistration.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.apiextensions.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.apps/registry/apiregistration.k8s.io/apiservices/v1beta1.authentication.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.authorization.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.batch/registry/apiregistration.k8s.io/apiservices/v1beta1.certificates.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.coordination.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.events.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.extensions/registry/apiregistration.k8s.io/apiservices/v1beta1.networking.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.node.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.policy/registry/apiregistration.k8s.io/apiservices/v1beta1.rbac.authorization.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.scheduling.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta1.storage.k8s.io/registry/apiregistration.k8s.io/apiservices/v1beta2.apps/registry/apiregistration.k8s.io/apiservices/v2beta1.autoscaling/registry/apiregistration.k8s.io/apiservices/v2beta2.autoscaling/registry/certificatesigningrequests/csr-h9mcg/registry/certificatesigningrequests/csr-qwnxf/registry/certificatesigningrequests/csr-xklls/registry/clusterrolebindings/cluster-admin/registry/clusterrolebindings/kubeadm:kubelet-bootstrap/registry/clusterrolebindings/kubeadm:node-autoapprove-bootstrap/registry/clusterrolebindings/kubeadm:node-autoapprove-certificate-rotation/registry/clusterrolebindings/kubeadm:node-proxier/registry/clusterrolebindings/system:basic-user/registry/clusterrolebindings/system:controller:attachdetach-controller/registry/clusterrolebindings/system:controller:certificate-controller/registry/clusterrolebindings/system:controller:clusterrole-aggregation-controller/registry/clusterrolebindings/system:controller:cronjob-controller/registry/clusterrolebindings/system:controller:daemon-set-controller/registry/clusterrolebindings/system:controller:deployment-controller/registry/clusterrolebindings/system:controller:disruption-controller/registry/clusterrolebindings/system:controller:endpoint-controller/registry/clusterrolebindings/system:controller:expand-controller/registry/clusterrolebindings/system:controller:generic-garbage-collector/registry/clusterrolebindings/system:controller:horizontal-pod-autoscaler/registry/clusterrolebindings/system:controller:job-controller/registry/clusterrolebindings/system:controller:namespace-controller/registry/clusterrolebindings/system:controller:node-controller/registry/clusterrolebindings/system:controller:persistent-volume-binder/registry/clusterrolebindings/system:controller:pod-garbage-collector/registry/clusterrolebindings/system:controller:pv-protection-controller/registry/clusterrolebindings/system:controller:pvc-protection-controller/registry/clusterrolebindings/system:controller:replicaset-controller/registry/clusterrolebindings/system:controller:replication-controller/registry/clusterrolebindings/system:controller:resourcequota-controller/registry/clusterrolebindings/system:controller:route-controller/registry/clusterrolebindings/system:controller:service-account-controller/registry/clusterrolebindings/system:controller:service-controller/registry/clusterrolebindings/system:controller:statefulset-controller/registry/clusterrolebindings/system:controller:ttl-controller/registry/clusterrolebindings/system:coredns/registry/clusterrolebindings/system:discovery/registry/clusterrolebindings/system:kube-controller-manager/registry/clusterrolebindings/system:kube-dns/registry/clusterrolebindings/system:kube-scheduler/registry/clusterrolebindings/system:node/registry/clusterrolebindings/system:node-proxier/registry/clusterrolebindings/system:public-info-viewer/registry/clusterrolebindings/system:volume-scheduler/registry/clusterrolebindings/weave-net/registry/clusterroles/admin/registry/clusterroles/cluster-admin/registry/clusterroles/edit/registry/clusterroles/system:aggregate-to-admin/registry/clusterroles/system:aggregate-to-edit/registry/clusterroles/system:aggregate-to-view/registry/clusterroles/system:auth-delegator/registry/clusterroles/system:basic-user/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:nodeclient/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient/registry/clusterroles/system:controller:attachdetach-controller/registry/clusterroles/system:controller:certificate-controller/registry/clusterroles/system:controller:clusterrole-aggregation-controller/registry/clusterroles/system:controller:cronjob-controller/registry/clusterroles/system:controller:daemon-set-controller/registry/clusterroles/system:controller:deployment-controller/registry/clusterroles/system:controller:disruption-controller/registry/clusterroles/system:controller:endpoint-controller/registry/clusterroles/system:controller:expand-controller/registry/clusterroles/system:controller:generic-garbage-collector/registry/clusterroles/system:controller:horizontal-pod-autoscaler/registry/clusterroles/system:controller:job-controller/registry/clusterroles/system:controller:namespace-controller/registry/clusterroles/system:controller:node-controller/registry/clusterroles/system:controller:persistent-volume-binder/registry/clusterroles/system:controller:pod-garbage-collector/registry/clusterroles/system:controller:pv-protection-controller/registry/clusterroles/system:controller:pvc-protection-controller/registry/clusterroles/system:controller:replicaset-controller/registry/clusterroles/system:controller:replication-controller/registry/clusterroles/system:controller:resourcequota-controller/registry/clusterroles/system:controller:route-controller/registry/clusterroles/system:controller:service-account-controller/registry/clusterroles/system:controller:service-controller/registry/clusterroles/system:controller:statefulset-controller/registry/clusterroles/system:controller:ttl-controller/registry/clusterroles/system:coredns/registry/clusterroles/system:csi-external-attacher/registry/clusterroles/system:csi-external-provisioner/registry/clusterroles/system:discovery/registry/clusterroles/system:heapster/registry/clusterroles/system:kube-aggregator/registry/clusterroles/system:kube-controller-manager/registry/clusterroles/system:kube-dns/registry/clusterroles/system:kube-scheduler/registry/clusterroles/system:kubelet-api-admin/registry/clusterroles/system:node/registry/clusterroles/system:node-bootstrapper/registry/clusterroles/system:node-problem-detector/registry/clusterroles/system:node-proxier/registry/clusterroles/system:persistent-volume-provisioner/registry/clusterroles/system:public-info-viewer/registry/clusterroles/system:volume-scheduler/registry/clusterroles/view/registry/clusterroles/weave-net/registry/configmaps/kube-public/cluster-info/registry/configmaps/kube-system/coredns/registry/configmaps/kube-system/extension-apiserver-authentication/registry/configmaps/kube-system/kube-proxy/registry/configmaps/kube-system/kubeadm-config/registry/configmaps/kube-system/kubelet-config-1.15/registry/configmaps/kube-system/weave-net/registry/controllerrevisions/kube-system/kube-proxy-84c6b844cd/registry/controllerrevisions/kube-system/weave-net-7db89b6d4/registry/daemonsets/kube-system/kube-proxy/registry/daemonsets/kube-system/weave-net/registry/deployments/kube-system/coredns/registry/events/default/node-01.15b9e0cd75ea6932/registry/events/default/node-02.15b9e0ae0342c323/registry/events/default/node-02.15b9e0ae0f9c2ae3/registry/events/default/node-02.15b9e0ae0f9c5fa9/registry/events/default/node-02.15b9e0ae0f9c7206/registry/events/default/node-02.15b9e0ae1575182e/registry/events/default/node-02.15b9e0aea1c4eeaf/registry/events/default/node-02.15b9e0af99ba73a2/registry/events/default/node-02.15b9e0ca43c5e760/registry/events/default/node-03.15b9e0ae9bdae96c/registry/events/default/node-03.15b9e0aea880813c/registry/events/default/node-03.15b9e0aea880ae05/registry/events/default/node-03.15b9e0aea880c0de/registry/events/default/node-03.15b9e0aeb13cfeef/registry/events/default/node-03.15b9e0afcbcf299b/registry/events/default/node-03.15b9e0b02f28fa3c/registry/events/default/node-03.15b9e0cadf7dce89/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9ddb67e6ab700/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0af3bdb47fe/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cbbbb7579d/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc279fbd33/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc34fb8de2/registry/events/kube-system/coredns-5c98db65d4-5kjjv.15b9e0cc4994ad54/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9ddb6850e5ff1/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0aea988964f/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cbbb3af928/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc2ffb9d11/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc3a4def6c/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc4bd20265/registry/events/kube-system/coredns-5c98db65d4-88hkq.15b9e0cc6e488534/registry/events/kube-system/kube-proxy-7642v.15b9e0ae1444b38c/registry/events/kube-system/kube-proxy-7642v.15b9e0ae7ff6f434/registry/events/kube-system/kube-proxy-7642v.15b9e0af631fa3d0/registry/events/kube-system/kube-proxy-7642v.15b9e0af7632698a/registry/events/kube-system/kube-proxy-7642v.15b9e0af85356aad/registry/events/kube-system/kube-proxy-jsp4r.15b9e0aeadc2ce3a/registry/events/kube-system/kube-proxy-jsp4r.15b9e0af27535c1b/registry/events/kube-system/kube-proxy-jsp4r.15b9e0affc7fc79e/registry/events/kube-system/kube-proxy-jsp4r.15b9e0b00a290340/registry/events/kube-system/kube-proxy-jsp4r.15b9e0b01b0a4eef/registry/events/kube-system/kube-proxy.15b9e0ae1333a730/registry/events/kube-system/kube-proxy.15b9e0aeaad76df0/registry/events/kube-system/weave-net-2hvbx.15b9e0c6e9b6c1de/registry/events/kube-system/weave-net-2hvbx.15b9e0c71a365ad4/registry/events/kube-system/weave-net-2hvbx.15b9e0c88a5af203/registry/events/kube-system/weave-net-2hvbx.15b9e0c8a5998774/registry/events/kube-system/weave-net-2hvbx.15b9e0c8b54252cb/registry/events/kube-system/weave-net-2hvbx.15b9e0c8b5543df6/registry/events/kube-system/weave-net-2hvbx.15b9e0c98384d3e1/registry/events/kube-system/weave-net-2hvbx.15b9e0c9916478ce/registry/events/kube-system/weave-net-2hvbx.15b9e0c9a090c521/registry/events/kube-system/weave-net-5mrjl.15b9e0c6e9523ad2/registry/events/kube-system/weave-net-5mrjl.15b9e0c7194191cb/registry/events/kube-system/weave-net-5mrjl.15b9e0c89c46497c/registry/events/kube-system/weave-net-5mrjl.15b9e0c8b335c817/registry/events/kube-system/weave-net-5mrjl.15b9e0c8c714f12d/registry/events/kube-system/weave-net-5mrjl.15b9e0c8c770ebdd/registry/events/kube-system/weave-net-5mrjl.15b9e0c995196184/registry/events/kube-system/weave-net-5mrjl.15b9e0c9a24d099d/registry/events/kube-system/weave-net-5mrjl.15b9e0c9b2e0cdef/registry/events/kube-system/weave-net-c76fx.15b9e0c6ec0133eb/registry/events/kube-system/weave-net-c76fx.15b9e0c7255593bb/registry/events/kube-system/weave-net-c76fx.15b9e0c8d4f52821/registry/events/kube-system/weave-net-c76fx.15b9e0c90ebfeb95/registry/events/kube-system/weave-net-c76fx.15b9e0c922410c3a/registry/events/kube-system/weave-net-c76fx.15b9e0c922580ded/registry/events/kube-system/weave-net-c76fx.15b9e0c9f7834364/registry/events/kube-system/weave-net-c76fx.15b9e0ca15411664/registry/events/kube-system/weave-net-c76fx.15b9e0ca2d254f2c/registry/events/kube-system/weave-net.15b9e0c6e7edf622/registry/events/kube-system/weave-net.15b9e0c6e9c8d2c1/registry/events/kube-system/weave-net.15b9e0c6ea880cd2/registry/leases/kube-node-lease/node-01/registry/leases/kube-node-lease/node-02/registry/leases/kube-node-lease/node-03/registry/masterleases/134.209.178.162/registry/minions/node-01/registry/minions/node-02/registry/minions/node-03/registry/namespaces/default/registry/namespaces/kube-node-lease/registry/namespaces/kube-public/registry/namespaces/kube-system/registry/pods/kube-system/coredns-5c98db65d4-5kjjv/registry/pods/kube-system/coredns-5c98db65d4-88hkq/registry/pods/kube-system/etcd-node-01/registry/pods/kube-system/kube-apiserver-node-01/registry/pods/kube-system/kube-controller-manager-node-01/registry/pods/kube-system/kube-proxy-7642v/registry/pods/kube-system/kube-proxy-jsp4r/registry/pods/kube-system/kube-proxy-xj8qm/registry/pods/kube-system/kube-scheduler-node-01/registry/pods/kube-system/weave-net-2hvbx/registry/pods/kube-system/weave-net-5mrjl/registry/pods/kube-system/weave-net-c76fx/registry/priorityclasses/system-cluster-critical/registry/priorityclasses/system-node-critical/registry/ranges/serviceips/registry/ranges/servicenodeports/registry/replicasets/kube-system/coredns-5c98db65d4/registry/rolebindings/kube-public/kubeadm:bootstrap-signer-clusterinfo/registry/rolebindings/kube-public/system:controller:bootstrap-signer/registry/rolebindings/kube-system/kube-proxy/registry/rolebindings/kube-system/kubeadm:kubelet-config-1.15/registry/rolebindings/kube-system/kubeadm:nodes-kubeadm-config/registry/rolebindings/kube-system/system::extension-apiserver-authentication-reader/registry/rolebindings/kube-system/system::leader-locking-kube-controller-manager/registry/rolebindings/kube-system/system::leader-locking-kube-scheduler/registry/rolebindings/kube-system/system:controller:bootstrap-signer/registry/rolebindings/kube-system/system:controller:cloud-provider/registry/rolebindings/kube-system/system:controller:token-cleaner/registry/rolebindings/kube-system/weave-net/registry/roles/kube-public/kubeadm:bootstrap-signer-clusterinfo/registry/roles/kube-public/system:controller:bootstrap-signer/registry/roles/kube-system/extension-apiserver-authentication-reader/registry/roles/kube-system/kube-proxy/registry/roles/kube-system/kubeadm:kubelet-config-1.15/registry/roles/kube-system/kubeadm:nodes-kubeadm-config/registry/roles/kube-system/system::leader-locking-kube-controller-manager/registry/roles/kube-system/system::leader-locking-kube-scheduler/registry/roles/kube-system/system:controller:bootstrap-signer/registry/roles/kube-system/system:controller:cloud-provider/registry/roles/kube-system/system:controller:token-cleaner/registry/roles/kube-system/weave-net/registry/secrets/default/default-token-nz988/registry/secrets/kube-node-lease/default-token-4w7tf/registry/secrets/kube-public/default-token-pzhnr/registry/secrets/kube-system/attachdetach-controller-token-69mzv/registry/secrets/kube-system/bootstrap-signer-token-584pq/registry/secrets/kube-system/bootstrap-token-w1d2kx/registry/secrets/kube-system/certificate-controller-token-rff4s/registry/secrets/kube-system/clusterrole-aggregation-controller-token-6hks4/registry/secrets/kube-system/coredns-token-b2874/registry/secrets/kube-system/cronjob-controller-token-55pgx/registry/secrets/kube-system/daemon-set-controller-token-nhcdf/registry/secrets/kube-system/default-token-f5kl4/registry/secrets/kube-system/deployment-controller-token-lm58l/registry/secrets/kube-system/disruption-controller-token-4tw6s/registry/secrets/kube-system/endpoint-controller-token-qdh8q/registry/secrets/kube-system/expand-controller-token-6stw5/registry/secrets/kube-system/generic-garbage-collector-token-hqfqx/registry/secrets/kube-system/horizontal-pod-autoscaler-token-h6czj/registry/secrets/kube-system/job-controller-token-nmw8f/registry/secrets/kube-system/kube-proxy-token-zcrj8/registry/secrets/kube-system/namespace-controller-token-trhl9/registry/secrets/kube-system/node-controller-token-mmf4d/registry/secrets/kube-system/persistent-volume-binder-token-wnh9s/registry/secrets/kube-system/pod-garbage-collector-token-h7vvp/registry/secrets/kube-system/pv-protection-controller-token-lcqb6/registry/secrets/kube-system/pvc-protection-controller-token-k2kf8/registry/secrets/kube-system/replicaset-controller-token-zhc7k/registry/secrets/kube-system/replication-controller-token-l8hr6/registry/secrets/kube-system/resourcequota-controller-token-bglb2/registry/secrets/kube-system/service-account-controller-token-5dhxz/registry/secrets/kube-system/service-controller-token-l98rk/registry/secrets/kube-system/statefulset-controller-token-dj85r/registry/secrets/kube-system/token-cleaner-token-qz8hs/registry/secrets/kube-system/ttl-controller-token-6vbv6/registry/secrets/kube-system/weave-net-token-87h6x/registry/serviceaccounts/default/default/registry/serviceaccounts/kube-node-lease/default/registry/serviceaccounts/kube-public/default/registry/serviceaccounts/kube-system/attachdetach-controller/registry/serviceaccounts/kube-system/bootstrap-signer/registry/serviceaccounts/kube-system/certificate-controller/registry/serviceaccounts/kube-system/clusterrole-aggregation-controller/registry/serviceaccounts/kube-system/coredns/registry/serviceaccounts/kube-system/cronjob-controller/registry/serviceaccounts/kube-system/daemon-set-controller/registry/serviceaccounts/kube-system/default/registry/serviceaccounts/kube-system/deployment-controller/registry/serviceaccounts/kube-system/disruption-controller/registry/serviceaccounts/kube-system/endpoint-controller/registry/serviceaccounts/kube-system/expand-controller/registry/serviceaccounts/kube-system/generic-garbage-collector/registry/serviceaccounts/kube-system/horizontal-pod-autoscaler/registry/serviceaccounts/kube-system/job-controller/registry/serviceaccounts/kube-system/kube-proxy/registry/serviceaccounts/kube-system/namespace-controller/registry/serviceaccounts/kube-system/node-controller/registry/serviceaccounts/kube-system/persistent-volume-binder/registry/serviceaccounts/kube-system/pod-garbage-collector/registry/serviceaccounts/kube-system/pv-protection-controller/registry/serviceaccounts/kube-system/pvc-protection-controller/registry/serviceaccounts/kube-system/replicaset-controller/registry/serviceaccounts/kube-system/replication-controller/registry/serviceaccounts/kube-system/resourcequota-controller/registry/serviceaccounts/kube-system/service-account-controller/registry/serviceaccounts/kube-system/service-controller/registry/serviceaccounts/kube-system/statefulset-controller/registry/serviceaccounts/kube-system/token-cleaner/registry/serviceaccounts/kube-system/ttl-controller/registry/serviceaccounts/kube-system/weave-net/registry/services/endpoints/default/kubernetes/registry/services/endpoints/kube-system/kube-controller-manager/registry/services/endpoints/kube-system/kube-dns/registry/services/endpoints/kube-system/kube-scheduler/registry/services/specs/default/kubernetes/registry/services/specs/kube-system/kube-dnscompact_rev_key下面的结果显示了342个键,这些键定义了集群中所有资源的配置和状态:
- Nodes
- Namespaces
- ServiceAccounts
- Roles and RoleBindings, ClusterRoles / ClusterRoleBindings
- ConfigMaps
- Secrets
- Workloads: Deployments, DaemonSets, Pods, …
- Cluster’s certificates
- The resources within each apiVersion
- The events that bring the cluster in the current state
抉择这些键之一后,咱们能够应用以下命令获取关联的值:
$ kubectl exec etcd-node-01 -n kube-system —- sh -c "ETCDCTL_API=3 etcdctl --endpoints $ADVERTISE_URL --cacert /etc/kubernetes/pki/etcd/ca.crt --key /etc/kubernetes/pki/etcd/server.key --cert /etc/kubernetes/pki/etcd/server.crt get "KEY" -w json"例如,让咱们获取与/registry/deployments/kube-system/coredns键相关联的值:
如果咱们解码与此键关联的值,则返回值将很难读,因为无法解释某些字符,然而,当然,Kubernetes晓得如何正确处理它们。
依据此后果,咱们能够推断出此key用于存储管理coredns Pods的部署的标准和状态。
Pod 的创立
让咱们创立一个Pod,并查看如何批改集群的状态以及增加哪些新Key。
$ cat <<EoF | kubectl apply -f -apiVersion: v1kind: Podmetadata: name: wwwspec: containers: - name: nginx image: nginx:1.16-alpineEoF应用与之前雷同的命令,咱们获取所有key并将此列表保留在etcd-kv-after-nginx-pod.json中。疾速比拟这两个键列表,一个是在创立集群后立刻检索的键(etcd-kv.json),另一个是在咱们部署了www Pod之后检索的键(etcd-kv-after-nginx-pod.json),显示以下内容:
> /registry/events/default/www.15b9e3051648764f> /registry/events/default/www.15b9e3056b8ce3f0> /registry/events/default/www.15b9e306918312ea> /registry/events/default/www.15b9e306a32beb6d> /registry/events/default/www.15b9e306b5892b60> /registry/pods/default/www产生了五个事件和一个Pod,这很有意义。让咱们认真看看,首先解码与事件键关联的值。依照工夫程序,咱们能够看到它们与以下操作关联:
- 调度
default/www 到 node-02 拉取镜像 “nginx:1.16-alpine胜利拉取镜像 “nginx:1.16-alpine- 创立容器
nginx - 启动
”Started container nginx
这些事件在形容Pod的命令开端列出:
$ kubectl describe pod www最初一个键_/registry/pods/default/www_,提供与新创建的Pod相干的所有信息:
- 最近的配置
- 相干的token
- I状态
- …
总结
本文的目标不是深入研究etcd,而是略微解释一下其中蕴含的内容以及信息的组织形式。这样做是心愿它看起来不像黑盒子。
PS: 本文属于翻译,原文