ETCD

  •  ETCD : Port 2379 : You can then attach any service or client.

 


 A default client that comes with Etcd is  Ectd control client. It is command line client for etcd

etcd is a distributed key-value store used for the management of distributed systems. It is a crucial component in many cloud-native and container orchestration platforms such as Kubernetes. Here are some key points about etcd:

  1. Distributed Key-Value Store: etcd provides a reliable way to store and manage data across a distributed cluster of machines. It is based on a simple key-value pair data model.

  2. Consistency and Reliability: etcd is designed to be highly available and fault-tolerant. It uses a consensus algorithm (Raft) to ensure consistency and reliability in a distributed environment.

  3. Raft Consensus Algorithm: Raft is a consensus algorithm that etcd uses to ensure that all nodes in a cluster agree on the state of the system. It helps in maintaining consistency even in the presence of network partitions or node failures.

  4. Configuration Management: etcd is often used for configuration management in distributed systems. It allows services to dynamically discover and update their configurations.

  5. Service Discovery: etcd can be used as a service discovery mechanism. Applications can register their services, and others can discover and connect to these services through etcd.

  6. Distributed Locks: etcd provides support for distributed locks, which can be used to coordinate actions across multiple nodes in a distributed system.

  7. Used in Kubernetes: Kubernetes, the popular container orchestration platform, relies heavily on etcd for storing its cluster state, configuration, and metadata. Each Kubernetes cluster typically has a dedicated etcd cluster.

  8. API: etcd provides a simple HTTP/JSON API, making it easy to interact with programmatically. Clients can use tools like curl or programming languages like Go or Python to interact with etcd.

  9. Security: etcd supports encryption in transit and at rest, authentication, and authorization to ensure the security of the stored data.

  10. Open Source: etcd is an open-source project and is part of the Cloud Native Computing Foundation (CNCF). It is actively developed and maintained by the community.

When working with etcd, it's important to consider factors such as data consistency, availability, and partition tolerance, especially in distributed and highly dynamic



The Etcd datastore stores data about the cluster such as information about the cluster

If you setup your cluster using Kubeadm , then kubeadm deployes the etcd server as a Pod in the kube system namespace . You can explore the etcd control database using etcdctl utility .

kubectl get pods -n kube-system

You can explore the etcdctl utility using the etcdctl utility

To list all keys stores by kubernetes

etcctl get / --prefix -keys-only

The root directory is a registry and under that you have the various constructs

kubernetes stores data in the specific data structure .  kubernetes store data in a specific directory structure
The root directory under which we have various kubernetes constructs such as minions and nodes.


In a High Availability Environment you will have multiple master nodes in the cluster . And you will have multiple etcd spread across the master nodes. In that case make sure etcd instances know about each other by setting the right parameter in the etcd service configuration files. 

The initial cluster option is where you will set the instances of the etcd service . We speak about HA much more detail in this course.


ETCD - Commands (Optional)

(Optional) Additional information about ETCDCTL Utility

ETCDCTL is the CLI tool used to interact with ETCD.

ETCDCTL can interact with ETCD Server using 2 API versions - Version 2 and Version 3.  By default its set to use Version 2. Each version has different sets of commands.

For example ETCDCTL version 2 supports the following commands:

    etcdctl backup
    etcdctl cluster-health
    etcdctl mk
    etcdctl mkdir
    etcdctl set


Whereas the commands are different in version 3

    etcdctl snapshot save
    etcdctl endpoint health
    etcdctl get
    etcdctl put


To set the right version of API set the environment variable ETCDCTL_API command

export ETCDCTL_API=3


When API version is not set, it is assumed to be set to version 2. And version 3 commands listed above don't work. When API version is set to version 3, version 2 commands listed above don't work.


Apart from that, you must also specify path to certificate files so that ETCDCTL can authenticate to the ETCD API Server. The certificate files are available in the etcd-master at the following path. We discuss more about certificates in the security section of this course. So don't worry if this looks complex:

    --cacert /etc/kubernetes/pki/etcd/ca.crt     
    --cert /etc/kubernetes/pki/etcd/server.crt     
    --key /etc/kubernetes/pki/etcd/server.key


So for the commands I showed in the previous video to work you must specify the ETCDCTL API version and path to certificate files. Below is the final form:


    kubectl exec etcd-master -n kube-system -- sh -c "ETCDCTL_API=3 etcdctl get / --prefix --keys-only --limit=10 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt  --key /etc/kubernetes/pki/etcd/server.key"

The etcd datastore 

we set in etcd.service configuration. If you want etcd instances to know each other you need to configure this file.








This is the URL which you need to update on High Availability in kubernetes .


This is the URL that needs to configured in the kubeApi server when it tries to reach the etcd server.





Comments

Post a Comment

Popular posts from this blog

Delploy Cluster : Managed K8 & Self Managed K8

Self Managed K8 & Managed K8  In a self-managed Kubernetes cluster, the user is responsible for managing almost every aspect of the cluster. Here are the main components that need to be managed by users: 1. Control Plane Components : Kube-apiserver : The API server is the central management point of the Kubernetes cluster. Users are responsible for setting up, configuring, and managing its availability and performance. Etcd : The key-value store used by Kubernetes for all cluster data. Users need to manage the deployment, backup, scaling, and recovery of etcd . Kube-scheduler : This component is responsible for scheduling pods on available nodes. Users manage its configuration and ensure it runs reliably. Kube-controller-manager : This component runs controller processes that handle replication, node management, endpoints, etc. Users are responsible for managing these controllers. 2. Worker Nodes Components : Kubelet : This agent runs on each worker node and is responsible for ...
Read more

ctr | nerdctl | crictl

The Open Container Initiative (OCI) is a project under the Linux Foundation that aims to create open standards for container formats and runtimes. It was established in June 2015 by Docker, CoreOS, and other leaders in the container industry OCI has developed three key specifications: Runtime Specification (runtime-spec) : Defines how to run a container's filesystem bundle. Image Specification (image-spec) : Standardizes the format for container images. Distribution Specification (distribution-spec) : Provides an API protocol for distributing container content  The initiative also includes tools like runc , which is a reference implementation of the runtime-spec ctr, nerdctl, and crictl: Understanding Their Roles in the Container Ecosystem When working with containers, there are several tools available for interacting with container runtimes like containerd and Kubernetes. ctr , nerdctl , and crictl are three such tools, each serving different purposes within the container life...
Read more

Deploy To Kubernetes with Jenkins GitOps GitHub Pipeline

Image
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ https://www.youtube.com/watch?v=o4QG_kqYvHk  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Basic Jenkins file for the pipeline. Docker image creation and building pipeline {     agent any     environment {         ECR_REPOSITORY = 'your-ecr-repository'         GITOPS_REPO_URL = 'https://github.com/your-gitops-repo.git'         GITOPS_REPO_CREDENTIALS = credentials('your-gitops-credentials-id')     }     stages {         stage('Build Docker Image') {             steps {                 script {         ...
Read more