安装etcd
https://github.com/etcd-io/etcd/releases/download/v3.3.4/etcd-v3.3.4-linux-amd64.tar.gz
可参考脚本:
etcdctl命令工具-V3 · Kubernetes 学习笔记
#!/bin/bash
ETCD_VER=v3.3.4
ETCD_DIR=etcd-download
DOWNLOAD_URL=https://github.com/coreos/etcd/releases/download# Download
mkdir ${ETCD_DIR}
cd ${ETCD_DIR}
wget ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar -xzvf etcd-${ETCD_VER}-linux-amd64.tar.gz# install
cd etcd-${ETCD_VER}-linux-amd64
cp etcdctl /usr/local/bin/安装完成后:
通过执行etcdctl version获取当前版本信息等
访问本地etcd
因为做了认证,无法直接访问
可以使用以下方式简化,或者在操作时加认证
alias etcdctl='etcdctl --key=/etc/kubernetes/pki/etcd/server.key --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints https://127.0.0.1:2379'
通过制定证书访问
etcdctl --key=/etc/kubernetes/pki/etcd/server.key --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints https://127.0.0.1:2379 endpoint health
列出所有的keys
etcdctl --key=/etc/kubernetes/pki/etcd/server.key --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints https://127.0.0.1:2379 get / --prefix --keys-only
查看集群状态:
etcdctl --write-out=table --key=/etc/kubernetes/pki/etcd/server.key --cert=/etc/kubernetes/pki/etcd/server.crt --cacert=/etc/kubernetes/pki/etcd/ca.crt --endpoints https://127.0.0.1:2379 endpoint status
获取指定的key对应的值:
etcdctl get / --prefix --keys-only | grep /secrets/kube-system/clusterrole etcdctl get --endpoints https://127.0.0.1:2379 /registry/secrets/kube-system/clusterrole-aggregation-controller-token-kxfr5通过获取的秘钥认证k8s apiserver,秘钥子字段为#号前
kubectl --insecure-skip-tls-verify -s https://127.0.0.1:6443/ --token="[ey...]" -n kube-system get pods详细用法参考:etcdctl命令工具-V3 · Kubernetes 学习笔记