1. 技术文章
  2. How to access kubernetes keys in etcd

How to access kubernetes keys in etcd

白昼怎懂夜的黑 提交于 2019-11-29 18:57:51

问题


Question

How to get the Kubernetes related keys from etcd? Tried to list keys in etcd but could not see related keys. Also where is etcdctl installed?

$ etcdctl
bash: etcdctl: command not found..

$ sudo netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      386/etcd            
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      386/etcd            

$ curl -s http://localhost:2379/v2/keys | python -m json.tool
{
    "action": "get",
    "node": {
        "dir": true
    }
}

Background

Installed Kubernetes 1.8.5 by following Using kubeadm to Create a Cluster on CentOS 7. When I looked at Getting started with etcd, v2/keys looks to be the end point.


回答1:


Usually you need to get etcdctl by yourself. Just download the latest etcdctl archive from etcd releases page.

Also, starting from Kubernetes version 1.6 it uses etcd version 3, so to get a list of all keys is:

ETCDCTL_API=3 etcdctl --endpoints=<etcd_ip>:2379 get / --prefix --keys-only

You can find all etcdctl v3 actions using:

ETCDCTL_API=3 etcdctl --endpoints=<etcd_ip>:2379 --help

EDIT (thanks to @leodotcloud):

In case ETCD is configured with TLS certificates support:

ETCDCTL_API=3 etcdctl --endpoints <etcd_ip>:2379 --cacert <ca_cert_path> --cert <cert_path> --key <cert_key_path> get / --prefix --keys-only



回答2:


Access the docker container, and run the following commmand:

ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key get / --prefix --keys-only




回答3:


I needed to use etcdctl with etcd installed on CoreOS (Container Linux). In my case the following worked (executed from CoreOS shell prompt):

$ sudo ETCDCTL_API=3 etcdctl --cacert /etc/ssl/etcd/etcd/peer-ca.crt --cert /etc/ssl/etcd/etcd/peer.crt --key /etc/ssl/etcd/etcd/peer.key get --prefix / --keys-only

I used sudo as a quick solution to the permission problem "Error: open /etc/ssl/etcd/etcd/peer.crt: permission denied".



来源:https://stackoverflow.com/questions/47807892/how-to-access-kubernetes-keys-in-etcd

标签
Kubernetes
etcd
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!