如何从Kubernetes Master访问etcd集群端点

时间:2019-12-12 12:22:35

标签: kubernetes etcd

是否有一种方法可以从etcd主节点访问kubernetes端点而无需实际进入etcd集群?

例如,我可以对ssh端点进行运行状况卷曲(使用etcd)还是查看端点并从kubernetes主节点获取返回状态? (即没有真正进入etcd管理员内部)

2 个答案:

答案 0 :(得分:1)

这实际上取决于您如何配置集群。实际上,etcd集群完全可以在k8s集群之外工作。另外etcd可以使用TLS身份验证进行配置,因此您将需要提供证书文件才能通过curl发出任何请求。 etcdctl做您需要的一切。像这样:

~# export ETCDCTL_API=3
~# export ETCDCTL_ENDPOINTS=https://kub01.msk.test.ru:2379,https://kub02.msk.test.ru:2379,https://avi-kub05.msk.test.ru:2379
~# etcdctl endpoint status
https://kub01.msk.test.ru:2379, e9bc9d307c96fd08, 3.3.13, 10 MB, true, 1745, 17368976
https://kub02.msk.test.ru:2379, 885ed66440d63a79, 3.3.13, 10 MB, false, 1745, 17368976
https://kub03.msk.test.ru:2379, 8c5c20ece034a652, 3.3.13, 10 MB, false, 1745, 17368976

或使用TLS:

~# etcdctl endpoint health
client: etcd cluster is unavailable or misconfigured; error #0: remote error: tls: bad certificate
; error #1: remote error: tls: bad certificate
; error #2: remote error: tls: bad certificate

# need to export environment vars

~# export ETCDCTL_CACERT=<PATH_TO_FILE>
~# export ETCDCTL_CERT=<PATH_TO_FILE>
~# export ETCDCTL_KEY=<PATH_TO_FILE>
~# etcdctl endpoint health
https://kub01.msk.test.ru:2379 is healthy: successfully committed proposal: took = 2.946423ms
https://kub02.msk.test.ru:2379 is healthy: successfully committed proposal: took = 1.5883ms
https://kub03.msk.test.ru:2379 is healthy: successfully committed proposal: took = 1.745591ms

答案 1 :(得分:0)

例如,如果我必须在ls -l容器内运行etcd,则可以将命令运行到容器中,而无需实际进入容器中

kubectl exec -it -n kube-system etcd-kanister-control-plane -- ls -l

类似地,您可以运行任何命令来代替ls -l

相关问题
最新问题