k3s/docs/admin/etcd.md

<!-- BEGIN MUNGE: UNVERSIONED_WARNING -->

<!-- BEGIN STRIP_FOR_RELEASE -->

<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
     width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
     width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
     width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
     width="25" height="25">
<img src="http://kubernetes.io/img/warning.png" alt="WARNING"
     width="25" height="25">

<h2>PLEASE NOTE: This document applies to the HEAD of the source tree</h2>

If you are using a released version of Kubernetes, you should
refer to the docs that go with that version.

<strong>
The latest release of this document can be found
[here](http://releases.k8s.io/release-1.1/docs/admin/etcd.md).

Documentation for other releases can be found at
[releases.k8s.io](http://releases.k8s.io).
</strong>
--

<!-- END STRIP_FOR_RELEASE -->

<!-- END MUNGE: UNVERSIONED_WARNING -->

# etcd

[etcd](https://coreos.com/etcd/docs/2.2.1/) is a highly-available key value
store which Kubernetes uses for persistent storage of all of its REST API
objects.

## Configuration: high-level goals

Access Control: give *only* kube-apiserver read/write access to etcd. You do not
want apiserver's etcd exposed to every node in your cluster (or worse, to the
internet at large), because access to etcd is equivalent to root in your
cluster.

Data Reliability: for reasonable safety, either etcd needs to be run as a
[cluster](high-availability.md#clustering-etcd) (multiple machines each running
etcd) or etcd's data directory should be located on durable storage (e.g., GCE's
persistent disk). In either case, if high availability is required--as it might
be in a production cluster--the data directory ought to be [backed up
periodically](https://coreos.com/etcd/docs/2.2.1/admin_guide.html#disaster-recovery),
to reduce downtime in case of corruption.

## Default configuration

The default setup scripts use kubelet's file-based static pods feature to run etcd in a
[pod](http://releases.k8s.io/HEAD/cluster/saltbase/salt/etcd/etcd.manifest). This manifest should only
be run on master VMs. The default location that kubelet scans for manifests is
`/etc/kubernetes/manifests/`.

## Kubernetes's usage of etcd

By default, Kubernetes objects are stored under the `/registry` key in etcd.
This path can be prefixed by using the [kube-apiserver](kube-apiserver.md) flag
`--etcd-prefix="/foo"`.

`etcd` is the only place that Kubernetes keeps state.

## Troubleshooting

To test whether `etcd` is running correctly, you can try writing a value to a
test key. On your master VM (or somewhere with firewalls configured such that
you can talk to your cluster's etcd), try:

```sh
curl -fs -X PUT "http://${host}:${port}/v2/keys/_test"
```


<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/admin/etcd.md?pixel)]()
<!-- END MUNGE: GENERATED_ANALYTICS -->
add etcd admin doc 2015-07-17 00:55:26 +00:00			`<!-- BEGIN MUNGE: UNVERSIONED_WARNING -->`

			`<!-- BEGIN STRIP_FOR_RELEASE -->`

			`<img src="http://kubernetes.io/img/warning.png" alt="WARNING"`
			`width="25" height="25">`
			`<img src="http://kubernetes.io/img/warning.png" alt="WARNING"`
			`width="25" height="25">`
			`<img src="http://kubernetes.io/img/warning.png" alt="WARNING"`
			`width="25" height="25">`
			`<img src="http://kubernetes.io/img/warning.png" alt="WARNING"`
			`width="25" height="25">`
			`<img src="http://kubernetes.io/img/warning.png" alt="WARNING"`
			`width="25" height="25">`

			`<h2>PLEASE NOTE: This document applies to the HEAD of the source tree</h2>`

			`If you are using a released version of Kubernetes, you should`
			`refer to the docs that go with that version.`

			`<strong>`
Run update-gendocs 2015-11-03 18:17:57 +00:00			`The latest release of this document can be found`
			`[here](http://releases.k8s.io/release-1.1/docs/admin/etcd.md).`
add etcd admin doc 2015-07-17 00:55:26 +00:00
			`Documentation for other releases can be found at`
			`[releases.k8s.io](http://releases.k8s.io).`
			`</strong>`
			`--`

			`<!-- END STRIP_FOR_RELEASE -->`

			`<!-- END MUNGE: UNVERSIONED_WARNING -->`
Fix run-gendocs breakage at head. 2015-07-17 23:45:37 +00:00
add etcd admin doc 2015-07-17 00:55:26 +00:00			`# etcd`

Update etcd to 2.2.1 2015-10-30 22:25:23 +00:00			`[etcd](https://coreos.com/etcd/docs/2.2.1/) is a highly-available key value`
add etcd admin doc 2015-07-17 00:55:26 +00:00			`store which Kubernetes uses for persistent storage of all of its REST API`
Fix trailing whitespace in all docs 2015-07-24 21:52:18 +00:00			`objects.`
add etcd admin doc 2015-07-17 00:55:26 +00:00
			`## Configuration: high-level goals`

			`Access Control: give only kube-apiserver read/write access to etcd. You do not`
			`want apiserver's etcd exposed to every node in your cluster (or worse, to the`
Copy edits for typos 2015-08-09 18:18:06 +00:00			`internet at large), because access to etcd is equivalent to root in your`
add etcd admin doc 2015-07-17 00:55:26 +00:00			`cluster.`

			`Data Reliability: for reasonable safety, either etcd needs to be run as a`
			`[cluster](high-availability.md#clustering-etcd) (multiple machines each running`
			`etcd) or etcd's data directory should be located on durable storage (e.g., GCE's`
			`persistent disk). In either case, if high availability is required--as it might`
			`be in a production cluster--the data directory ought to be [backed up`
Update etcd to 2.2.1 2015-10-30 22:25:23 +00:00			`periodically](https://coreos.com/etcd/docs/2.2.1/admin_guide.html#disaster-recovery),`
add etcd admin doc 2015-07-17 00:55:26 +00:00			`to reduce downtime in case of corruption.`

			`## Default configuration`

			`The default setup scripts use kubelet's file-based static pods feature to run etcd in a`
Absolutize links that leave the docs/ tree to go anywhere other than to examples/ or back to docs/ 2015-07-20 07:25:07 +00:00			`[pod](http://releases.k8s.io/HEAD/cluster/saltbase/salt/etcd/etcd.manifest). This manifest should only`
add etcd admin doc 2015-07-17 00:55:26 +00:00			`be run on master VMs. The default location that kubelet scans for manifests is`
			`/etc/kubernetes/manifests/`.

			`## Kubernetes's usage of etcd`

			By default, Kubernetes objects are stored under the `/registry` key in etcd.
			`This path can be prefixed by using the [kube-apiserver](kube-apiserver.md) flag`
			`--etcd-prefix="/foo"`.

			`etcd` is the only place that Kubernetes keeps state.

			`## Troubleshooting`

			To test whether `etcd` is running correctly, you can try writing a value to a
			`test key. On your master VM (or somewhere with firewalls configured such that`
			`you can talk to your cluster's etcd), try:`

Improve admin docs syntax highlighting. 2015-07-19 05:43:48 +00:00			```sh
add etcd admin doc 2015-07-17 00:55:26 +00:00			`curl -fs -X PUT "http://${host}:${port}/v2/keys/_test"`
			```


			`<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->`
			`[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/admin/etcd.md?pixel)]()`
			`<!-- END MUNGE: GENERATED_ANALYTICS -->`