本文所有命令均在 TLS 環(huán)境下運(yùn)行，如需參考，請(qǐng)自行更改為您的環(huán)境（節(jié)點(diǎn)IP宅倒，證書路徑）尖殃，無證書環(huán)境請(qǐng)刪除證書相關(guān)指令

本文所有命令均在 etcdctl 默認(rèn)api 丈莺，即 etcd api v2 下操作，v3 指令略有改動(dòng)可能不匹配送丰，詳情請(qǐng)查閱官方文檔：https://etcd.io/docs/

Etcd 使用

• 舉例：創(chuàng)建缔俄、查詢、刪除 key （ /test/ok，值為 11）

# Etcd 錄入數(shù)據(jù)示例
ETCDCTL_API=3 etcdctl \
--endpoints=https://172.16.10.70:2379 \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
put /test/ok 11

# Etcd 查詢數(shù)據(jù)示例
ETCDCTL_API=3 etcdctl \
--endpoints=https://172.16.10.70:2379 \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
get /test/ok

# Etcd 刪除數(shù)據(jù)示例
ETCDCTL_API=3 etcdctl \
--endpoints=https://172.16.10.70:2379 \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
del /test/ok

通過 Curl 來維護(hù) Etcd

查看版本

curl ‐k ‐‐cert /etc/etcd/ssl/etcd.pem ‐‐key /etc/etcd/ssl/etcd‐key.pem https://127.0.0.1:2379/version

查看 Etcd 暴露出來的 prometheus 指標(biāo)俐载，在 prometheus 對(duì)其監(jiān)控時(shí)可調(diào)用

curl ‐k ‐‐cert /etc/etcd/ssl/etcd.pem ‐‐key /etc/etcd/ssl/etcd‐key.pem https://127.0.0.1:2379/metrics

通過 Etcdctl 查看 版本

查看 etcd蟹略、etcd api v2 版本

etcdctl -v

查看 etcd、etcd api v3 版本

ETCDCTL_API=3 etcdctl version

查看集群健康狀態(tài)

etcdctl \
--endpoints=https://172.16.10.70:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/etcd/ssl/etcd.pem \
--key-file=/etc/etcd/ssl/etcd-key.pem \
cluster-health

查看集群成員遏佣、哪個(gè)是leader節(jié)點(diǎn)

etcdctl \
--endpoints=https://172.16.10.70:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/etcd/ssl/etcd.pem \
--key-file=/etc/etcd/ssl/etcd-key.pem \
member list

刪除 Etcd 節(jié)點(diǎn)

查詢節(jié)點(diǎn) ID

etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐ca‐file=/etc/kubernetes/ssl/ca.pem \
‐‐cert‐file=/etc/etcd/ssl/etcd.pem \
‐‐key‐file=/etc/etcd/ssl/etcd‐key.pem \member list
340acbd004e6bcdb: name=etcd3 peerURLs=https://172.16.10.72:2380 clientURLs=https://172.16.10.72:2379isLeader=false9784cb04cceb3a48: name=etcd1 peerURLs=https://172.16.10.70:2380 clientURLs=https://172.16.10.70:2379isLeader=trueba343177666dd96e: name=etcd2 peerURLs=https://172.16.10.71:2380 clientURLs=https://172.16.10.71:2379isLeader=false

刪除節(jié)點(diǎn)挖炬，如刪除 Eecd3

etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐ca‐file=/etc/kubernetes/ssl/ca.pem \
‐‐cert‐file=/etc/etcd/ssl/etcd.pem \
‐‐key‐file=/etc/etcd/ssl/etcd‐key.pem \
member remove 340acbd004e6bcdb

修改配置文件 etcd.conf，修改參數(shù) ETCD_INITIAL_CLUSTER 并移除節(jié)點(diǎn)信息状婶，重啟etcd服務(wù)

image.png

加入 Etcd 節(jié)點(diǎn)

已存在的 Etcd 節(jié)點(diǎn)故障重新添加（例 etcd3 重新添加）

1）在群集中刪除故障節(jié)點(diǎn)
在任意一 etcd 節(jié)點(diǎn)服務(wù)器查詢?cè)摴?jié)點(diǎn) ID意敛，通過ID刪除故障節(jié)點(diǎn)，操作步驟如下
刪除目標(biāo)節(jié)點(diǎn)的數(shù)據(jù)

# 停止目標(biāo)節(jié)點(diǎn) etcd 服務(wù)
systemctl stop etcd

# 刪除前備份
cd /var/lib/
mkdir ‐p etcd_bak
tar ‐czvf etcd_bak/etcd_`date +%Y%m%d%H%M%S`.tar.gz etcd

# 刪除節(jié)點(diǎn)數(shù)據(jù)
rm ‐rf /var/lib/etcd/*

2）編輯目標(biāo)節(jié)點(diǎn)配置文件膛虫，將 --initial-cluster-state值改為 existing （否則會(huì)生成新的ID草姻，與原ID不匹配將無法加入集群）

vim /etc/etcd/etcd.conf

[member]
ETCD_NAME=etcd3
ETCD_DATA_DIR="/var/lib/etcd/"
ETCD_SNAPSHOT_COUNT="100"
ETCD_HEARTBEAT_INTERVAL="100"
ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://172.16.10.72:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.16.10.72:2379,https://127.0.0.1:2379"
ETCD_MAX_SNAPSHOTS="5"
ETCD_MAX_WALS="5"
# [cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.10.72:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.16.10.70:2380,etcd2=https://172.16.10.71:2380,etcd3=https://172.16.10.72:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.10.72:2379"
# [security]
ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_AUTO_TLS="true"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_AUTO_TLS="true"

3）加入節(jié)點(diǎn)至集群，需輸入目標(biāo)節(jié)點(diǎn)的 etcd name 和 PEER_URLS

etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐ca‐file=/etc/kubernetes/ssl/ca.pem \
‐‐cert‐file=/etc/etcd/ssl/etcd.pem \
‐‐key‐file=/etc/etcd/ssl/etcd‐key.pem \
member add etcd3 https://172.16.10.72:2380

4）啟動(dòng)目標(biāo)節(jié)點(diǎn) etcd 服務(wù)

systemctl start etcd && systemctl status etcd

5）查看集群健康狀態(tài)

etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐ca‐file=/etc/kubernetes/ssl/ca.pem \
‐‐cert‐file=/etc/etcd/ssl/etcd.pem \
‐‐key‐file=/etc/etcd/ssl/etcd‐key.pem \
cluster‐health

對(duì) Etcd 進(jìn)行快照備份

ETCDCTL_API=3 etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐cacert=/etc/kubernetes/ssl/ca.pem \
‐‐cert=/etc/etcd/ssl/etcd.pem \
‐‐key=/etc/etcd/ssl/etcd‐key.pem \
snapshot save /tmp/snapshot_`date +%Y%m%d%H%M%S`.db

ETCDCTL_API=3：表示使用etcd的v3版本的API接口
注：一定要添加ETCDCTL_API=3才能正常備份稍刀；如果不添加將無法備份

通過快照備份恢復(fù) Etcd集群撩独；（每個(gè)節(jié)點(diǎn)都要執(zhí)行）

停止 Etcd 服務(wù)

systemctl stop etcd

備份并刪除當(dāng)前 Etcd 數(shù)據(jù)

cd /var/lib/
mkdir ‐p etcd_bak
tar ‐czvf etcd_bak/etcd_`date +%Y%m%d%H%M%S`.tar.gz etcd ‐‐remove‐files

• 還原快照鏡像

ETCDCTL_API=3 etcdctl \
‐‐cacert=/etc/kubernetes/ssl/ca.pem \
‐‐cert=/etc/etcd/ssl/etcd.pem \
‐‐key=/etc/etcd/ssl/etcd‐key.pem \
‐‐name etcd1 \
‐‐data‐dir=/var/lib/etcd \
‐‐initial‐cluster etcd1=https://172.16.10.70:2380,etcd2=https://172.16.10.71:2380,etcd3=https://172.16.10.72:2380 \
‐‐initial‐cluster‐token k8s‐etcd‐cluster \
‐‐initial‐advertise‐peer‐urls https://172.16.10.70:2380 \
snapshot restore /tmp/2019‐12‐18_snapshot.db
‐‐name：表示當(dāng)前etcd節(jié)點(diǎn)的名字（非主機(jī)名）
‐‐data‐dir：表示當(dāng)前 etcd 節(jié)點(diǎn)的數(shù)據(jù)目錄
‐‐initial‐cluster：集群中所有節(jié)點(diǎn)的peer訪問地址；例：etcd1=https:///172.16.10.70:2380,etcd2=https:///172.16.10.71:2380,etcd3=https:///172.16.10.72:2380‐‐initial‐cluster‐token：集群中各節(jié)點(diǎn)通信的token ‐‐initial‐advertise‐peer‐urls：當(dāng)前節(jié)點(diǎn)對(duì)其它節(jié)點(diǎn)的通信地址

• 啟動(dòng) 所有 Etcd 節(jié)點(diǎn)服務(wù)器

systemctl start etcd

• 查看集群健康狀態(tài)

etcdctl \
‐‐endpoints=https://172.16.10.70:2379 \
‐‐ca‐file=/etc/kubernetes/ssl/ca.pem \
‐‐cert‐file=/etc/etcd/ssl/etcd.pem \
‐‐key‐file=/etc/etcd/ssl/etcd‐key.pem \
cluster‐health

沒有進(jìn)行快照備份账月，通過數(shù)據(jù)目錄的 db 恢復(fù)

注意：此方法恢復(fù)數(shù)據(jù)可能不完整跌榔，僅建議極端環(huán)境下使用，常規(guī)數(shù)據(jù)恢復(fù)請(qǐng)使用快照

• 如果當(dāng)前 Etcd 集群故障捶障，且沒有快照備份文件僧须，可通過數(shù)據(jù)目錄的 db 恢復(fù)數(shù)據(jù)；
• 從數(shù)據(jù)目錄 db 復(fù)制而來數(shù)據(jù)源项炼，沒有完整性hash担平，需要 --skip-hash-check=true 參數(shù)跳過完整性檢查。

ETCDCTL_API=3 etcdctl \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--name etcd3 \
--data-dir=/var/lib/etcd \
--initial-cluster etcd1=https://172.16.10.70:2380,etcd2=https://172.16.10.71:2380,etcd3=https://172.16.10.72:2380 \
--initial-cluster-token k8s-etcd-cluster \
--initial-advertise-peer-urls https://172.16.10.72:2380 \
--skip-hash-check=true \
snapshot restore /var/lib/etcd_bak/etcd/member/snap/db

--name：表示當(dāng)前etcd節(jié)點(diǎn)的名字（非主機(jī)名）
--data-dir：表示當(dāng)前 etcd 節(jié)點(diǎn)的數(shù)據(jù)目錄
--initial-cluster：集群中所有節(jié)點(diǎn)的peer訪問地址锭部；例：https://172.16.10.70:2380,etcd2=https://172.16.10.71:2380,etcd3=https://172.16.10.72:2380
--initial-cluster-token：集群中各節(jié)點(diǎn)通信的token --initial-advertise-peer-urls：當(dāng)前節(jié)點(diǎn)對(duì)其它節(jié)點(diǎn)的通信地址

轉(zhuǎn)載自：https://www.cnblogs.com/nethrd/p/12067966.html#2416877618
Etcd安裝及使用詳解
https://blog.csdn.net/ccy19910925/article/details/79959956?utm_term=etcd%E6%95%B0%E6%8D%AE%E7%89%88%E6%9C%AC&utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2_allsobaiduweb~default-2-79959956&spm=3001.4430

https://blog.csdn.net/ccy19910925/category_7590496.html