Minikube etcd


Here are my experiment with etcd and minikube

I ran below command

etcdctl --endpoints="127.0.0.1:2379" --cacert="/var/lib/minikube/certs/etcd/ca.crt"  --cert="/var/lib/minikube/certs/apiserver-etcd-client.crt"  --key="/var/lib/minikube/certs/apiserver-etcd-client.key"  member list

I got permission error for /var/lib/minikube/certs/apiserver-etcd-client.key
I used sudo, but i faced different error. 
So I copied the file and changed its permission. I could run following command: 

etcdctl --endpoints="127.0.0.1:2379" --cacert="/var/lib/minikube/certs/etcd/ca.crt"  --cert="/var/lib/minikube/certs/apiserver-etcd-client.crt"  --key="/home/manish/.etcd/apiserver-etcd-client.key"  member list

Instead of "member list" i could also able to run below commands

get --prefix /registry 

get / --prefix --keys-only

get --prefix /registry/events/default to dump events in default namespace. 

Same we we can get details of all pods, by
get --prefix /registry/pods/default  

and for specific pod 
get --prefix /registry/pods/"namespace name"/"pod name" 

with option -w json, we get json data, but values are base64 encoded. We can set value v1, for k1 using

etcdctl set k1 v1 // version 2 and
etcdctl put k1 v1 // version 3

We can add --limit="number" to limit output number of entries. 

Reference: 

https://medium.com/better-programming/a-closer-look-at-etcd-the-brain-of-a-kubernetes-cluster-788c8ea759a5#:~:text=In%20the%20Kubernetes%20world%2C%20etcd,handled%20by%20the%20Raft%20algorithm.


We can run these command inside etcd pod , with kubectl exec -it "etcd pod name" -n kube-system. No need to download etcdctl. This is as per following options for api-server

    - --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt
    - --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt
    - --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379


"ETCDCTL_API=3 ETCDCTL_CACERT=/var/lib/minikube/certs/etcd/ca.crt ETCDCTL_CERT=/var/lib/minikube/certs/etcd/server.crt  ETCDCTL_KEY=/var/lib/minikube/certs/etcd/server.key etcdctl --endpoints=https://127.0.0.1:2379 get /registry/secrets/default/first"

2 comments:

Manish Panchmatia said...

https://containerlabs.kubedaily.com/Kubernetes/fundamentals/etcd-k8s.html

Manish Panchmatia said...

https://learnk8s.io/etcd-kubernetes

Post a Comment