ETCD数据迁移
本文阅读对象为想要将Rainbond平台rbd-etcd切换至外部etcd的相关人员。
- 在k8s master节点创建secret
本文中将要切换的ETCD为根据Rainbond官方文档安装的k8s集群ETCD,需要TLS认证,所以在这里将相关证书创建为k8s集群secret资源供Rainbond组件连接时使用;其他方式搭建的k8s集群请根据自身需要进行创建。
kubectl create secret generic etcd-tls-secret --from-file=/etc/kubernetes/ssl/kubernetes.pem --from-file=/etc/kubernetes/ssl/kubernetes-key.pem --from-file=/etc/kubernetes/ssl/ca.pem -n rbd-system
修改ETCD连接地址
修改Rainbond各组件连接ETCD的地址。
- rbd-api
$ kubectl edit deploy rbd-api -n rbd-system
spec:
containers:
- args:
- --etcd=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
相关解释:
将启动参数 --etcd 地址修改为要切换的ETCD地址,其他参数为指定ETCD的TLS证书文件地址,并且挂载使用上面创建好的sercret;以下组件都与之类似。
- rbd-mq
$ kubectl edit deploy rbd-mq -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-webcli
$ kubectl edit deploy rbd-webcli -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-worker
$ kubectl edit deploy rbd-worker -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-chaos
$ kubectl edit ds rbd-chaos -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-gateway
$ kubectl edit ds rbd-gateway -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-node
$ kubectl edit ds rbd-node -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-eventlog
$ kubectl edit sts rbd-eventlog -n rbd-system
spec:
containers:
- args:
- --discover.etcd.addr=https://172.24.206.76:2379
- --discover.etcd.ca=/etc/kubernetes/ssl/ca.pem
- --discover.etcd.cert=/etc/kubernetes/ssl/kubernetes.pem
- --discover.etcd.key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
- rbd-monitor
$ kubectl edit sts rbd-monitor -n rbd-system
spec:
containers:
- args:
- --etcd-endpoints=https://172.24.206.76:2379
- --etcd-ca=/etc/kubernetes/ssl/ca.pem
- --etcd-cert=/etc/kubernetes/ssl/kubernetes.pem
- --etcd-key=/etc/kubernetes/ssl/kubernetes-key.pem
volumeMounts:
- mountPath: /etc/kubernetes/ssl
readOnly: true
name: etcd-tls
volumes:
- name: etcd-tls
secret:
secretName: etcd-tls-secret
验证
1.查看Rainbond各组件是否处于Running状态
$ kubectl get po -n rbd-system
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-754cdcbbb6-pckfj 1/1 Running 1 2d3h
kubernetes-dashboard-57b897f8df-8hkrv 1/1 Running 1 2d3h
nfs-provisioner-0 1/1 Running 1 2d3h
rbd-api-5c4c5d6487-bxqgr 1/1 Running 0 20m
rbd-app-ui-64c7c55995-svg56 1/1 Running 1 2d3h
rbd-app-ui-migrations-k5jwd 0/1 Completed 0 2d3h
rbd-chaos-7qjq6 1/1 Running 0 15m
rbd-db-0 2/2 Running 2 2d3h
rbd-eventlog-0 1/1 Running 0 77s
rbd-gateway-hmxp7 1/1 Running 0 14m
rbd-hub-85b7b94846-kbffc 1/1 Running 1 2d3h
rbd-monitor-0 1/1 Running 0 11m
rbd-mq-5dcfcd9948-wbgrr 1/1 Running 0 19m
rbd-node-2ctjp 1/1 Running 0 13m
rbd-node-8pnql 1/1 Running 0 13m
rbd-node-wpzhd 1/1 Running 0 13m
rbd-repo-0 1/1 Running 1 2d3h
rbd-webcli-6ccd564d98-9kgxd 1/1 Running 0 18m
rbd-worker-6d79d8d5f5-hbt5l 1/1 Running 0 17m
2.在平台基于源码创建组件,测试此过程是否可正常创建组件
验证没有问题后删除rbd-etcd组件
kubectl delete rbdcomponents.rainbond.io rbd-etcd -n rbd-system