每周阅读（1/28/2019）

etcd 文章：第一篇入门，第二篇如标题所言对于应用场景和实现原理做了全方位解读。

• etcd 使用入门
• etcd：从应用场景到实现原理的全方位解读

对于 IBM ICP，etcd 配置位于：/etc/cfc/pods/etcd.json，默认 wal 文件数目没有限制（设置为 0），可以参照如下步骤修改，不然磁盘会被撑爆。

// /etc/cfc/pods# cat etcd.json
{
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "k8s-etcd",
        "namespace": "kube-system",
        "annotations": {
            "scheduler.alpha.kubernetes.io/critical-pod": ""
        }
    },
    "spec": {
        "containers": [
            {
                "command": [
                    "etcd",
                    "--name=etcd0",
                    "--data-dir=/var/lib/etcd",
                    "--wal-dir=/var/lib/etcd-wal/wal",
                    "--max-wals=5",
                    "--initial-advertise-peer-urls=https://9.30.215.12:2380",
                    "--listen-peer-urls=https://0.0.0.0:2380",
                    "--listen-client-urls=https://0.0.0.0:4001",
                    "--advertise-client-urls=https://9.30.215.12:4001",
                    "--cert-file=/etc/cfc/conf/etcd/server.pem",
                    "--key-file=/etc/cfc/conf/etcd/server-key.pem",
                    "--client-cert-auth",
                    "--trusted-ca-file=/etc/cfc/conf/etcd/ca.pem",
                    "--initial-cluster-token=etcd-cluster-1",
                    "--initial-cluster=etcd0=https://9.30.215.12:2380",
                    "--peer-cert-file=/etc/cfc/conf/etcd/member-9.30.215.12.pem",
                    "--peer-key-file=/etc/cfc/conf/etcd/member-9.30.215.12-key.pem",
                    "--peer-trusted-ca-file=/etc/cfc/conf/etcd/ca.pem",
                    "--peer-client-cert-auth=true",
                    "--peer-auto-tls=false",
                    "--grpc-keepalive-timeout=0",
                    "--grpc-keepalive-interval=0",
                    "--snapshot-count=10000",
                    "--initial-cluster-state=new"
                ],
                "image": "mycluster.icp:8500/ibmcom/etcd:v3.2.18",
                "securityContext": {
                    "privileged": true
                },
                "imagePullPolicy": "IfNotPresent",
                "name": "etcd",
                "volumeMounts": [
                    {
                        "mountPath": "/var/lib/etcd",
                        "name": "data"
                    },
                    {
                        "mountPath": "/var/lib/etcd-wal",
                        "name": "wal"
                    },
                    {
                        "mountPath": "/etc/cfc/conf/etcd",
                        "name": "etcd-certs"
                    }
                ]
            }
        ],
        "hostNetwork": true,
        "volumes": [
            {
                "hostPath": {
                    "path": "/var/lib/etcd"
                },
                "name": "data"
            },
            {
                "hostPath": {
                    "path": "/var/lib/etcd-wal"
                },
                "name": "wal"
            },
            {
                "hostPath": {
                    "path": "/etc/cfc/conf/etcd"
                },
                "name": "etcd-certs"
            }
        ]
    }
}

- 停止 etcd: mv /etc/cfc/pods/etcd.json /etc/cfc/etcd.json 
- 查看 etcd 是否已经停止：docker ps | grep etcd
- 修改：vi /etc/cfc/etcd.json, max-wals=0 -> max-wals=5
- 启动 etcd: mv /etc/cfc/etcd.json /etc/cfc/pods/etcd.json，如果发现 etcd 没有启动，可以用 systemctl restart docker 来重启 docker 容器

如果要使用 etcdctl，可以从 etcd 容器复制它：

docker cp dc23e35c7fc6:/usr/local/bin/etcdctl /usr/local/bin/

ETCDCTL_API=3 /usr/local/bin/etcdctl --endpoints=9.30.215.12:4001 --cert /etc/cfc/conf/etcd/client.pem --key /etc/cfc/conf/etcd/client-key.pem --cacert /etc/cfc/conf/etcd/ca.pem endpoint health

ICP 上 etcd 是容器化提供，所以可以通过 docker logs -f xxxx-container-id 查看 etcd 日志。