In order to persist the Kubernetes cluster information, we need to set up datastore. Kubernetes uses etcd as a standard datastore. This section will guide you to build the etcd server.
The etcd database requires Linux OS; some Linux distributions provide the etcd package and some don't. This section describes how to install etcd.
Red Hat Enterprise Linux (RHEL) 7, CentOS 7 or later has an official package for etcd. You can install via the yum command, as follows:
//it will perform to install etcd package on RHEL/CentOS Linux sudo yum update -y sudo yum install etcd
Ubuntu 15.10 or later has an official package for etcd as well. You can install via the apt-get command as follows:
//it will perform to install etcd package on Ubuntu Linux sudo apt-get update -y sudo apt-get install etcd
If you are using a different Linux version, such as Amazon Linux, you can download a binary from the official website and install it as follows.
etcd is provided via https://github.com/coreos/etcd/releases. OS X (darwin-amd64), Linux, Windows binary, and source code are available for download.
On your Linux machine, use the curl command to download the etcd-v2.2.1-linux-amd64.tar.gz binary:
// follow redirection(-L) and use remote name (-O) curl -L -O https://github.com/coreos/etcd/releases/download/v2.2.1/etcd-v2.2.1-linux-amd64.tar.gz
Due to security reasons, create a local user and group that can own etcd packages:
- Run the following
useraddcommand://options // create group(-U), home directory(-d), and create it(-m) // name in GCOS field (-c), login shell(-s) $ sudo useradd -U -d /var/lib/etcd -m -c "etcd user" -s /sbin/nologin etcd
- You can check
/etc/passwdto see whether creatingetcd userhas created a user or not://search etcd user on /etc/passwd, uid and gid is vary $ grep etcd /etc/passwd etcd:x:997:995:etcd user:/var/lib/etcd:/sbin/nologin
- After downloading an etcd binary, use the
tarcommand to extract files:$ tar xf etcd-v2.2.1-linux-amd64.tar.gz $ cd etcd-v2.2.1-linux-amd64 //use ls command to see that there are documentation and binaries $ ls Documentation README-etcdctl.md README.md etcd etcdctl
- There are
etcddaemon andetcdctlcommand that need to be copied to/usr/local/bin. Also, create/etc/etcd/etcd.confas a setting file:$ sudo cp etcd etcdctl /usr/local/bin/ //create etcd.conf $ sudo mkdir -p /etc/etcd/ $ sudo touch /etc/etcd/etcd.conf $ sudo chown -R etcd:etcd /etc/etcd
Let's test run the etcd daemon to explorer the etcd functionalities. Type the etcd command with the name and data-dir argument as follows:
//for the testing purpose, create data file under /tmp $ etcd --name happy-etcd --data-dir /tmp/happy.etcd &
Then, you will see several output logs as follows:
Now, you can try to use the etcdctl command to access etcd and to load and store the data as follows:
//set value "hello world" to the key /my/happy/data $ etcdctl set /my/happy/data "hello world" //get value for key /my/happy/data $ etcdctl get /my/happy/data hello world
In addition, by default, etcd opens TCP port 2379 to access the RESTful API, so you may also try to use an HTTP client, such as the curl command to access data as follows:
//get value for key /my/happy/data using cURL $ curl -L http://localhost:2379/v2/keys/my/happy/data {"action":"get","node":{"key":"/my/happy/data","value":"hello world","modifiedIndex":4,"createdIndex":4}} //set value "My Happy world" to the key /my/happy/data using cURL $ curl http://127.0.0.1:2379/v2/keys/my/happy/data -XPUT -d value="My Happy world" //get value for key /my/happy/data using etcdctl $ etcdctl get /my/happy/data My Happy world
Okay! Now, you can delete the key using the curl command as follows:
$ curl http://127.0.0.1:2379/v2/keys/my?recursive=true -XDELETE //no more data returned afterword $ curl http://127.0.0.1:2379/v2/keys/my/happy/data {"errorCode":100,"message":"Key not found","cause":"/my","index":10} $ curl http://127.0.0.1:2379/v2/keys/my/happy {"errorCode":100,"message":"Key not found","cause":"/my","index":10} $ curl http://127.0.0.1:2379/v2/keys/my {"errorCode":100,"message":"Key not found","cause":"/my","index":10}
Based on your Linux, either systemd or init, there are different ways to make an auto startup script.
If you are not sure, check the process ID 1 on your system. Type ps -P 1 to see the process name as follows:
//This Linux is systemd based $ ps -P 1 PID PSR TTY STAT TIME COMMAND 1 0 ? Ss 0:03 /usr/lib/systemd/systemd --switched-root –system
//This Linux is init based # ps -P 1 PID PSR TTY STAT TIME COMMAND 1 0 ? Ss 0:01 /sbin/init
If you are using systemd-based Linux, such as RHEL 7, CentOS 7, Ubuntu 15.4 or later, you need to prepare the /usr/lib/systemd/system/etcd.service file as follows:
[Unit] Description=Etcd Server After=network.target [Service] Type=simple WorkingDirectory=/var/lib/etcd/ EnvironmentFile=/etc/etcd/etcd.conf User=etcd ExecStart=/usr/local/bin/etcd [Install] WantedBy=multi-user.target
After that, register to systemd using the systemctl command as follows:
# sudo systemctl enable etcd
Then, you restart the system or type sudo systemctl start etcd to launch the etcd daemon. You may check the etcd service status using sudo systemctl status -l etcd.
If you are using the init-based Linux, such as Amazon Linux, use the traditional way to prepare the /etc/init.d/etcd script as follows:
#!/bin/bash
#
# etcd This shell script takes care of starting and stopping etcd
#
# chkconfig: - 60 74
# description: etcd
### BEGIN INIT INFO
# Provides: etcd
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named ntpdate
# Should-Stop: $syslog $named
# Short-Description: start and stop etcd
# Description: etcd
### END INIT INFO
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
prog=/usr/local/bin/etcd
etcd_conf=/etc/etcd/etcd.conf
lockfile=/var/lock/subsys/`basename $prog`
hostname=`hostname`
start() {
# Start daemon.
. $etcd_conf
echo -n $"Starting $prog: "
daemon --user=etcd $prog > /var/log/etcd.log 2>&1 &
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart)
stop
start
;;
reload)
exit 3
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 2
esacAfter that, register to init script using the chkconfig command as follows:
//set file permission correctly $ sudo chmod 755 /etc/init.d/etcd $ sudo chown root:root /etc/init.d/etcd //auto start when boot Linux $ sudo chkconfig --add etcd $ sudo chkconfig etcd on
Then, you restart the system or type /etc/init.d/etcd start to launch the etcd daemon.
There is the file /etc/etcd/etcd.conf to change the configuration of etcd, such as data file path and TCP port number.
The minimal configuration is as follows:
|
NAME |
Mean |
Example |
Note |
|---|---|---|---|
|
|
Instance name |
| |
|
|
Data file path |
|
File path must be owned by etcd user |
|
|
TCP port number |
|
Specifying |
|
|
Advertise this etcd URL to other cluster instances |
|
Use for clustering configuration |
Note that you need to use the export directive if you want to use the init-based Linux in order to set environment variables as follows:
$ cat /etc/etcd/etcd.conf export ETCD_NAME=myhappy-etcd export ETCD_DATA_DIR="/var/lib/etcd/myhappy.etcd" export ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:8080" export ETCD_ADVERTISE_CLIENT_URLS="http://localhost:8080"
On the other hand, systemd-based Linux doesn't need the export directive as follows:
$ cat /etc/etcd/etcd.conf ETCD_NAME=myhappy-etcd ETCD_DATA_DIR="/var/lib/etcd/myhappy.etcd" ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:8080" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:8080"
This section described how to configure etcd. It is easy and simple to operate via the RESTful API, but powerful. However, there's a need to be aware of its security and availability. The following recipes will describe how to ensure that etcd is secure and robust: