etcd management

[pieterlange]

There are currently some people forking because we're not sure about the current etcd solution. Lets discuss the issues in this topic. A lot of us seem to center around @crewjam's etcd solution but there's also others:

• https://github.com/MonsantoCo/etcd-aws-cluster
• https://github.com/sttts/elastic-etcd

I have a personal preference for https://crewjam.com/etcd-aws/ (https://github.com/crewjam/etcd-aws) but we should definitely have this conversation as a community (as i tried in the old repo coreos/coreos-kubernetes#629)
Lets combine our efforts @colhom @camilb @dzavalkinolx

Branches for inspiration:

• https://github.com/pieterlange/kube-aws/tree/feature/external-etcd (refers to etcd-aws managed by separate cloudformation template)
• @camilb's work
  • https://github.com/camilb/etcd-aws/tree/ssl (SSL support for etcd-aws)
  • https://github.com/camilb/coreos-kubernetes/tree/etcd-asg

Currently missing features:

• backup/restore
• node cycling
• node discovery from ASG
• cluster recovery from complete failure

As noted in the overall production readiness issue #9 there's also work being done on etcd being hosted inside of kubernetes itself, which is probably where all of this is going in the end.

[pieterlange]

I should add that i've been running a test cluster with my monkeypatch branch and it seems to perform well.

I've been seeing a lot of warnings like these though:

Nov 02 10:54:33 ip-10-50-44-174.eu-west-1.compute.internal kubelet-wrapper[1983]: W1102 10:54:33.799124    1983 reflector.go:330] pkg/kubelet/kubelet.go:384: watch of *api.Service ended with: too old resource version: 30825 (30896)
Nov 02 10:54:54 ip-10-50-44-174.eu-west-1.compute.internal kubelet-wrapper[1983]: W1102 10:54:54.711865    1983 reflector.go:330] pkg/kubelet/config/apiserver.go:43: watch of *api.Pod ended with: too old resource version: 30847 (30919)

I think it's because the controller is configured to talk to the internal ELB and we might be hitting an etcd node that's lagging on replication but i'm not sure. It doesn't seem to break anything though.

[camilb]

@pieterlange made some progress on etcd-aws with TLS and just saw this:
https://github.com/coreos/etcd-operator

[pieterlange]

Yes, this is obviously where this is all going eventually but i think it might be many moons before all components in that deployment scenario reach a stable state. It would be nice to get some clarity from the coreos crew on deployment plans for this in case i'm completely wrong 😬

Edit: they have, i missed their latest blogs:

• https://coreos.com/blog/introducing-operators.html
• https://coreos.com/blog/introducing-the-etcd-operator.html

[mumoshu]

Hey, thanks for bringing up the discussion!

@pieterlange I agree with every missing feature you've listed in the first comment. I believe we should eventually provide standard way(s) to cover those.

At the beginning, as I am looking forward with introducing @crewjam's etcd-aws (I was very impressed when I first read his blog post describing it btw) as a viable option, I'd like to see your branch https://github.com/pieterlange/kube-aws/tree/feature/external-etcd to get merged into master.

Would you mind pull-requesting it so that everyone can start to experiment/feedback(I believe this is what we'd like to have 😄 ) easier using rc binaries of kube-aws?

[mumoshu]

@camilb Hi, I've just read through your great work in the your etcd-asg branch!

Though I'm not sure whether we can include the etcd-aws part entirely in kube-aws soon enough or not, I'd like to merge significant parts of your work to support SSL to external etcd in calico-enabled setup camilb/coreos-kubernetes@a7a14a2...29d538b into kube-aws(Am I missed something? Let me know!)

In that way, combined with @pieterlange's work, we can also encourage everyone to try out calico+etcd-aws+ssl setup easier than now, using rc binaries of kube-aws.

Would you mind pull-requesting that part of your work and collaborate more with us? 😃

[pieterlange]

I'm not sure we'd want to merge my branch in yet. It's fairly intrusive. I'm also still digesting the etcd-operator news..

Can we work on a experimental/external-etcd branch for this?

[mumoshu]

@pieterlange Sure. Anyways, I've created that branch wishing it to become a possible place to merge our effort 👍 https://github.com/coreos/kube-aws/tree/experimental/external-etcd

[camilb]

@mumoshu I'll be glad to. The etcd-awspart still require more work, doubles the size of stack-template.json template and still require some manual steps to get it working. I will prepare the PR for the calico with SSL.

[mumoshu]

@pieterlange I know you're already working on this, but would you let me explicitly assign this issue to you just for clarity? 🙇
There's many ongoing issues over here and there recently so I'd like more clarity 😉

[mumoshu]

@camilb Any chance you could take a look into this recently?

[mumoshu]

FYI I've written #298 (comment) about the general concerns about H/A of an etcd cluster and why we don't collocated etcd on controller nodes.

[mumoshu]

#332 for the ASG-EBS-EIP/ENI-per-etcd-node strategy of achieving H/A and rolling-updates and an etcd cluster is almost finished 😃
Anyone is working on the backup/restore feature?

[mumoshu]

fyi: @hjacobs kindly shared me that his company uses https://github.com/zalando-incubator/stups-etcd-cluster for running dedicated etcd clusters, separately from k8s clusters.
Multi-region etcd cluster sounds exciting 😄

[mumoshu]

#332 is generally working with ability to choose which strategy to be used for node identity and an optional support for DNS other than Amazon DNS(related issue: #189)

[gianrubio]

@mumoshu kubernetes/kubernetes#40027

[mumoshu]

@gianrubio Thanks for the info!
fyi I've commented on the etcd v3 draft documentation referred from there with a question https://docs.google.com/document/d/16ES7N51Xj8r1P5ITan3gPRvwMzoavvX9TqoN8IpEOU8/edit?disco=AAAABHpLq1U

[mumoshu]

fyi my question is briefly:

• Is it safe to just take an EBS snapshot WHILE etcd is still writing data to the EBS volume(=without freezing the filesystem) and restore from it?
  • If yes, does it apply to both etcd v2 and v3?
• If it is safe to take an EBS snapshot without freezing the fs, how do we strip metadata(including the identity of the etcd node) from etcd data?
• Do we need to take an EBS snapshot per node and restore it to an etcd node with the same identity as included in the EBS snapshot?
• Or do we need to wipe its metadata, for v2 by running etcdctl backup and then running etcd with the data and wal directories recreated from the backup, and for v3 by running etcdctl snapshot save and etcdctl snapshot restore?

[mumoshu]

FYI my question was answered thanks to @hongchaodeng 😄

[mumoshu]

In a nutshell, I'd like to start with a POC which supports:

1. Automated backup of etcd cluster

• Probably by periodically running etcdctl backup and then aws s3 cp <backup dir> <etcd backup s3 uri>/<storage revision> in the "next" node of a "leader" node at that time
• <etcd backup s3 uri> would be specified via cluster.yaml

And then extend it to also support:

2. Manual recovery of etcd node data

• If an EBS data volume for an etcd node is not initialized yet, look for the most fresh backup of etcd cluster, which would have the highest <storage revision>, from <etcd backup s3 uri>/*
• And then run etcd with a data dir recovered from it
• Easiest way of manually recovering etcd cluster is to recreate your kube-aws cluster completely after adding <etcd backup s3 uri> to your cluster.yaml
• Or otherwise you may also trigger this procedure via systemctl

Finally extend it to also support:

3. (Experimental) Automatic recovery of etcd node data

• If an EBS data volume seems to be corrupted i.e. etcd2.service exits early producing a specific error, wipe the data dir and the wal dir and then do 2.

[mumoshu]

It turns out, when recreating an etcd cluster from a backup, we need a single founding member and all the subsequent etcd members needs to be added one by one; This(i.e. dynamic reconfiguration of etcd cluster) diverges greatly from a static configuration of etcd cluster we're currently relying on.

Supporting both static and dynamic configuration of etcd members does complicate the implementation.

[mumoshu]

Etcd v3, AFAIK supported in k8s 1.6, seems to provide a new way of restoring an etcd cluster in a way more similar to the static configuration according to etcd-io/etcd#2366 (comment)

[mumoshu]

Submitted #417 for this.

• etcd is now v3
• automatic recovery from any number of permanently failed etcd nodes are enabled by default(for now)
  • Please suggest a way to toggle it if you'd like to turn it off optionally/or by default!

[ReneSaenz]

Hello. I am trying to restore a k8s cluster from etcd data backup. I am able to restore the etcd cluster to it original state (has all the k8s info). However, when I get the k8s cluster rc,services,deployments,etc they are all gone. The k8s cluster is not like before the restore.
What am I missing? Can someone point me in the right direction?

[mumoshu]

Hi @ReneSaenz, thanks for trying kube-aws 👍

Several questions came to my mind at this point:

• How did you save & restore your k8s cluster?
• Which part of your cluster has successfully restored i.e. what has not gone? Only pods, secrets, etc?

[redbaron]

@ReneSaenz did you finish etcd backup restore before any controller-managers are started? And certainly not doing a restore when controller-managers are running?

[ReneSaenz]

@mumoshu I am not using aws. Sorry for the confusion. The etcd backup is done like this.
etcdctl backup --data-dir /var/lib/etcd --backup-dir /var/tmp/etcdbackup.
Then I create a tar-ball of that directory. The resulting file is then sent to an external nfs server.

@redbaron When before making a backup, I stopped the etcd process. Make the backup, and then restarted etcd process again.
When I restored, I did not stopped any k8s related process. So the restore was done when kube-apiserver, kube-controller, scheduler were running.