etcdadm is a command-line tool for operating an etcd cluster. It makes it easy to create a new cluster, add a member to, or remove a member from an existing cluster. Its user experience is inspired by kubeadm.
go get -u sigs.k8s.io/etcdadm
- Copy
etcdadm
to each machine that will become a member. - Choose one machine and run
etcdadm init
- Copy the CA certificate and key from any machine in the cluster to the machine being added.
rsync -avR /etc/etcd/pki/ca.* <Member IP address>:/
- Choose a cluster endpoint (i.e. client URL of some member) and run
etcdadm join <endpoint>
On the machine being removed, run
etcdadm reset
If you have an existing etcd snapshot, you can use it to create a new cluster:
etcdadm init --snapshot /path/to/etcd.snapshot
- Must run as root. (This is because etcdadm creates a systemd service)
- Does not support etcd v2.
- Currently tested on Container Linux, with plans for other platforms.
The goal of etcdadm is to make it easy to operate an etcd cluster. It downloads a specific etcd release, installs the binary, configures a systemd service, generates certificates, calls the etcd API to add (or remove) a member, and verifies that the new member is healthy.
Etcdadm must be run on the machine that is being added or removed. As a consequence, if a member permanently fails, and the operator cannot invoke etcdadm reset
on that machine, the operator must use the etcd API to delete the failed member from the list of members.
On its own, etcdadm does not automate cluster operation, but a cluster orchestrator can delegate all the above tasks to etcdadm.
See docs/diagrams
for sequence diagrams of init, join, and reset.
For more information reach out to etcdadm slack channel