In order to persist the Kubernetes cluster information, we need to set up datastore. Kubernetes uses etcd as a standard datastore. This section will guide you to build the etcd server.
The etcd database requires Linux OS; some Linux distributions provide the etcd package and some don't. This section describes how to install etcd.
Red Hat Enterprise Linux (RHEL) 7, CentOS 7 or later has an official package for etcd. You can install via the yum
command, as follows:
//it will perform to install etcd package on RHEL/CentOS Linux sudo yum update -y sudo yum install etcd
Ubuntu 15.10 or later has an official package for etcd as well. You can install via the apt-get
command as follows:
//it will perform to install etcd package on Ubuntu Linux sudo apt-get update -y sudo apt-get install etcd
If you are using a different Linux version, such as Amazon Linux, you can download a binary from the official website and install it as follows.
etcd is provided via https://github.com/coreos/etcd/releases
. OS X (darwin-amd64), Linux, Windows binary, and source code are available for download.
On your Linux machine, use the curl
command to download the etcd-v2.2.1-linux-amd64.tar.gz
binary:
// follow redirection(-L) and use remote name (-O) curl -L -O https://github.com/coreos/etcd/releases/download/v2.2.1/etcd-v2.2.1-linux-amd64.tar.gz
Due to security reasons, create a local user and group that can own etcd packages:
useradd
command://options // create group(-U), home directory(-d), and create it(-m) // name in GCOS field (-c), login shell(-s) $ sudo useradd -U -d /var/lib/etcd -m -c "etcd user" -s /sbin/nologin etcd
/etc/passwd
to see whether creating etcd user
has created a user or not://search etcd user on /etc/passwd, uid and gid is vary $ grep etcd /etc/passwd etcd:x:997:995:etcd user:/var/lib/etcd:/sbin/nologin
tar
command to extract files:$ tar xf etcd-v2.2.1-linux-amd64.tar.gz $ cd etcd-v2.2.1-linux-amd64 //use ls command to see that there are documentation and binaries $ ls Documentation README-etcdctl.md README.md etcd etcdctl
etcd
daemon and etcdctl
command that need to be copied to /usr/local/bin
. Also, create /etc/etcd/etcd.conf
as a setting file:$ sudo cp etcd etcdctl /usr/local/bin/ //create etcd.conf $ sudo mkdir -p /etc/etcd/ $ sudo touch /etc/etcd/etcd.conf $ sudo chown -R etcd:etcd /etc/etcd
Let's test run the etcd
daemon to explorer the etcd functionalities. Type the etcd
command with the name
and data-dir
argument as follows:
//for the testing purpose, create data file under /tmp $ etcd --name happy-etcd --data-dir /tmp/happy.etcd &
Then, you will see several output logs as follows:
Now, you can try to use the etcdctl
command to access etcd and to load and store the data as follows:
//set value "hello world" to the key /my/happy/data $ etcdctl set /my/happy/data "hello world" //get value for key /my/happy/data $ etcdctl get /my/happy/data hello world
In addition, by default, etcd opens TCP port 2379
to access the RESTful API, so you may also try to use an HTTP client, such as the curl
command to access data as follows:
//get value for key /my/happy/data using cURL $ curl -L http://localhost:2379/v2/keys/my/happy/data {"action":"get","node":{"key":"/my/happy/data","value":"hello world","modifiedIndex":4,"createdIndex":4}} //set value "My Happy world" to the key /my/happy/data using cURL $ curl http://127.0.0.1:2379/v2/keys/my/happy/data -XPUT -d value="My Happy world" //get value for key /my/happy/data using etcdctl $ etcdctl get /my/happy/data My Happy world
Okay! Now, you can delete the key using the curl
command as follows:
$ curl http://127.0.0.1:2379/v2/keys/my?recursive=true -XDELETE //no more data returned afterword $ curl http://127.0.0.1:2379/v2/keys/my/happy/data {"errorCode":100,"message":"Key not found","cause":"/my","index":10} $ curl http://127.0.0.1:2379/v2/keys/my/happy {"errorCode":100,"message":"Key not found","cause":"/my","index":10} $ curl http://127.0.0.1:2379/v2/keys/my {"errorCode":100,"message":"Key not found","cause":"/my","index":10}
Based on your Linux, either systemd or init, there are different ways to make an auto startup script.
If you are not sure, check the process ID 1
on your system. Type ps -P 1
to see the process name as follows:
//This Linux is systemd based $ ps -P 1 PID PSR TTY STAT TIME COMMAND 1 0 ? Ss 0:03 /usr/lib/systemd/systemd --switched-root –system
//This Linux is init based # ps -P 1 PID PSR TTY STAT TIME COMMAND 1 0 ? Ss 0:01 /sbin/init
If you are using systemd-based Linux, such as RHEL 7, CentOS 7, Ubuntu 15.4 or later, you need to prepare the /usr/lib/systemd/system/etcd.service
file as follows:
[Unit] Description=Etcd Server After=network.target [Service] Type=simple WorkingDirectory=/var/lib/etcd/ EnvironmentFile=/etc/etcd/etcd.conf User=etcd ExecStart=/usr/local/bin/etcd [Install] WantedBy=multi-user.target
After that, register to systemd
using the systemctl
command as follows:
# sudo systemctl enable etcd
Then, you restart the system or type sudo systemctl start etcd
to launch the etcd
daemon. You may check the etcd service status using sudo systemctl status -l etcd
.
If you are using the init-based Linux, such as Amazon Linux, use the traditional way to prepare the /etc/init.d/etcd
script as follows:
#!/bin/bash # # etcd This shell script takes care of starting and stopping etcd # # chkconfig: - 60 74 # description: etcd ### BEGIN INIT INFO # Provides: etcd # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Should-Start: $syslog $named ntpdate # Should-Stop: $syslog $named # Short-Description: start and stop etcd # Description: etcd ### END INIT INFO # Source function library. . /etc/init.d/functions # Source networking configuration. . /etc/sysconfig/network prog=/usr/local/bin/etcd etcd_conf=/etc/etcd/etcd.conf lockfile=/var/lock/subsys/`basename $prog` hostname=`hostname` start() { # Start daemon. . $etcd_conf echo -n $"Starting $prog: " daemon --user=etcd $prog > /var/log/etcd.log 2>&1 & RETVAL=$? echo [ $RETVAL -eq 0 ] && touch $lockfile return $RETVAL } stop() { [ "$EUID" != "0" ] && exit 4 echo -n $"Shutting down $prog: " killproc $prog RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f $lockfile return $RETVAL } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status $prog ;; restart) stop start ;; reload) exit 3 ;; *) echo $"Usage: $0 {start|stop|status|restart|reload}" exit 2 esac
After that, register to init script using the chkconfig
command as follows:
//set file permission correctly $ sudo chmod 755 /etc/init.d/etcd $ sudo chown root:root /etc/init.d/etcd //auto start when boot Linux $ sudo chkconfig --add etcd $ sudo chkconfig etcd on
Then, you restart the system or type /etc/init.d/etcd start
to launch the etcd
daemon.
There is the file /etc/etcd/etcd.conf
to change the configuration of etcd, such as data file path and TCP port number.
The minimal configuration is as follows:
NAME |
Mean |
Example |
Note |
---|---|---|---|
|
Instance name |
| |
|
Data file path |
|
File path must be owned by etcd user |
|
TCP port number |
|
Specifying |
|
Advertise this etcd URL to other cluster instances |
|
Use for clustering configuration |
Note that you need to use the export
directive if you want to use the init-based Linux in order to set environment variables as follows:
$ cat /etc/etcd/etcd.conf export ETCD_NAME=myhappy-etcd export ETCD_DATA_DIR="/var/lib/etcd/myhappy.etcd" export ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:8080" export ETCD_ADVERTISE_CLIENT_URLS="http://localhost:8080"
On the other hand, systemd-based Linux doesn't need the export directive as follows:
$ cat /etc/etcd/etcd.conf ETCD_NAME=myhappy-etcd ETCD_DATA_DIR="/var/lib/etcd/myhappy.etcd" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:8080" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:8080"
This section described how to configure etcd. It is easy and simple to operate via the RESTful API, but powerful. However, there's a need to be aware of its security and availability. The following recipes will describe how to ensure that etcd is secure and robust: