基於Docker部署ETCD集羣

 

基於Docker部署ETCD集羣

關於ETCD要不要使用TLS？

首先TLS的目的是爲了鑑權爲了防止別人任意的鏈接上你的etcd集羣。其實意思就是說若是你要放到公網上的ETCD集羣，並開放端口，我建議你必定要用TLS。
若是你的ETCD集羣跑在一個內網環境好比（VPC環境），並且你也不會開放ETCD端口，你的ETCD跑在防火牆以後，一個安全的局域網中，那麼你用不用TLS，都行。

優化參數

• --auto-compaction-retention
  • 因爲ETCD數據存儲多版本數據，隨着寫入的主鍵增長曆史版本須要定時清理，默認的歷史數據是不會清理的，數據達到2G就不能寫入，必需要清理壓縮歷史數據才能繼續寫入;因此根據業務需求，在上生產環境以前就提早肯定，歷史數據多長時間壓縮一次;推薦一小時壓縮一次數據這樣能夠極大的保證集羣穩定，減小內存和磁盤佔用
• --max-request-bytes
  • etcd Raft消息最大字節數，ETCD默認該值爲1.5M; 可是不少業務場景發現同步數據的時候1.5M徹底無法知足要求，因此提早肯定初始值很重要;因爲1.5M致使咱們線上的業務沒法寫入元數據的問題，咱們緊急升級以後把該值修改成默認32M，可是官方推薦的是10M，你們能夠根據業務狀況本身調整
• --quota-backend-bytes
  • ETCD db數據大小，默認是2G，當數據達到2G的時候就不容許寫入，必須對歷史數據進行壓縮才能繼續寫入;參加1裏面說的，咱們啓動的時候就應該提早肯定大小，官方推薦是8G，這裏咱們也使用8G的配置

Docker安裝ETCD

請依次在你規劃好的etcd機器上運行便可

etcd-s1

mkdir -p /var/etcd docker rm etcd1 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd1 -d \ -v /var/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-s1 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://192.168.150.141:2380 \
--advertise-client-urls http://192.168.150.141:2379,http://192.168.150.141:2380 \
-initial-cluster-token etcd-cluster \ -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" \ 
-initial-cluster-state new

etcd-s2

mkdir -p /var/etcd docker rm etcd2 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd2 -d \ -v /var/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-s2 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://192.168.150.142:2380 \
--advertise-client-urls http://192.168.150.142:2379,http://192.168.150.142:2380 \
-initial-cluster-token etcd-cluster \ -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" \ -initial-cluster-state new

etcd-s3

mkdir -p /var/etcd docker rm etcd3 -f rm -rf /var/etcd docker run --restart=always --net host -it --name etcd3 -d \ -v /var/etcd:/var/etcd \ -v /etc/localtime:/etc/localtime \ registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 \ etcd --name etcd-s3 \ --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 \ --data-dir=/var/etcd/etcd-data \ --listen-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://192.168.150.143:2380 \
--advertise-client-urls http://192.168.150.143:2379,http://192.168.150.143:2380 \
-initial-cluster-token etcd-cluster \ -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" \ -initial-cluster-state new

驗證

➜ ETCDCTL_API=3 etcdctl member list 410feb26f4fa3c7f: name=etcd-s1 peerURLs=http://192.168.150.141:2380 clientURLs=http://192.168.150.141:2379,http://192.168.150.141:2380
56fa117fc503543c: name=etcd-s3 peerURLs=http://192.168.150.143:2380 clientURLs=http://192.168.150.143:2379,http://192.168.150.143:2380
bc4d900274366497: name=etcd-s2 peerURLs=http://192.168.150.142:2380 clientURLs=http://192.168.150.142:2379,http://192.168.150.142:2380
 ➜ ETCDCTL_API=3 etcdctl cluster-health member 410feb26f4fa3c7f is healthy: got healthy result from http://192.168.150.141:2379
member 56fa117fc503543c is healthy: got healthy result from http://192.168.150.143:2379
member bc4d900274366497 is healthy: got healthy result from http://192.168.150.142:2379
cluster is healthy

到此ETCD集羣部署完畢。