etcd statefuleset 생성

limes22·2024년 9월 11일
kubernetes
---
apiVersion: v1
kind: Service
metadata:
  name: etcd
  namespace: default
  labels:  # labels 필드를 metadata 섹션 아래로 이동
    app: etcd
spec:
  type: ClusterIP
  clusterIP: None
  selector:
    app: etcd
  ports:
    - name: etcd-client
      port: 2379
    - name: etcd-server
      port: 2380
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: etcd
  namespace: default
spec:
  serviceName: "etcd"
  replicas: 1
  podManagementPolicy: Parallel
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: etcd
  template:
    metadata:
      labels:
        app: etcd
    spec:
      containers:
      - name: etcd
        image: quay.io/coreos/etcd:v3.5.15
        imagePullPolicy: IfNotPresent
        ports:
        - name: etcd-client
          containerPort: 2379
        - name: etcd-server
          containerPort: 2380
        env:
        - name: ETCDCTL_API
          value: "3"
        - name: ETCD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: ETCD_DATA_DIR
          value: /etcd-data
        - name: ETCD_INITIAL_ADVERTISE_PEER_URLS
          value: http://$(ETCD_NAME).etcd:2380
        - name: ETCD_ADVERTISE_CLIENT_URLS
          value: http://$(ETCD_NAME).etcd:2379
        - name: ETCD_LISTEN_PEER_URLS
          value: http://0.0.0.0:2380
        - name: ETCD_LISTEN_CLIENT_URLS
          value: http://0.0.0.0:2379
        - name: ETCD_INITIAL_CLUSTER
          value: "etcd-0=http://etcd-0.etcd:2380,etcd-1=http://etcd-1.etcd:2380,etcd-2=http://etcd-2.etcd:2380"
        - name: ETCD_INITIAL_CLUSTER_STATE
          value: "new"
        - name: ETCD_INITIAL_CLUSTER_TOKEN
          value: "etcd-cluster"
        volumeMounts:
        - name: etcd-data
          mountPath: /etcd-data
  volumeClaimTemplates:
  - metadata:
      name: etcd-data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 5Gi

cluster role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-pvc-access
rules:
- apiGroups: [""]
  resources: ["persistentvolumeclaims", "persistentvolumes"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["serviceaccounts", "serviceaccounts/token"]
  verbs: ["create", "get", "list", "watch"]
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: node-pvc-access-binding
subjects:
- kind: Group
  name: system:nodes
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: node-pvc-access
  apiGroup: rbac.authorization.k8s.io
profile
limes22
안녕하세요. Maymust 에서 AI full stack 엔지니어로써 재직하고 있는 오수진입니다.
이전 포스트

kubectl get nodes시, Unable to connect to the server: x509 TLS 인증서 오류

다음 포스트

스냅샷을 통한 etcd 복원, 클러스터 멤버 재조인 및 노드 복구

0개의 댓글