k8s-集群查看etcd
查看 etcd
[root@k8s-master etcd-v3.5.1-linux-amd64]# kubectl get po -n kube-system|grep etcd etcd-k8s-master 1/1 Running 5 (100m ago) 14d 查看etcd版本
[root@k8s-master etcd-v3.5.1-linux-amd64]# kubectl describe pod etcd-k8s-master -n kube-system|grep Image Image: k8s.gcr.io/etcd:3.5.0-0 Image ID: docker://sha256:0048118155842e4c91f0498dd298b8e93dc3aecc7052d9882b76f48e311a76ba 这里是3.5, 则下载3.5的客户端
wget https://github.com/etcd-io/etcd/releases/download/v3.5.1/etcd-v3.5.1-linux-amd64.tar.gz 解压并 将 etcdctl copy 到 /usr/bin下
tar -xzvf etcd-v3.5.1-linux-amd64.tar.gz cd etcd-v3.5.1-linux-amd64 cp etcdctl /usr/bin/ [root@k8s-master etcd-v3.5.1-linux-amd64]# ls /usr/bin/|grep etcd etcdctl 证书信息
Containers: etcd: Container ID: docker://ca45f745eea10a7f018e1a01bb20fb827da934e43ad97c7464565d12f597897b Image: k8s.gcr.io/etcd:3.5.0-0 Image ID: docker://sha256:0048118155842e4c91f0498dd298b8e93dc3aecc7052d9882b76f48e311a76ba Port: <none> Host Port: <none> Command: etcd --advertise-client-urls=https://192.168.226.19:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd --initial-advertise-peer-urls=https://192.168.226.19:2380 --initial-cluster=k8s-master=https://192.168.226.19:2380 --key-file=/etc/kubernetes/pki/etcd/server.key --listen-client-urls=https://127.0.0.1:2379,https://192.168.226.19:2379 --listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://192.168.226.19:2380 --name=k8s-master --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt --peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000 --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt 其中:
- –cert: 即–peer-cert-file
- –key : 即 --peer-key-file
查看etcd 所有的key
–insecure-skip-tls-verify: 跳过证书
etcdctl --cert /etc/kubernetes/pki/etcd/peer.crt --key /etc/kubernetes/pki/etcd/peer.key \n --insecure-skip-tls-verify --endpoints=localhost:2379 get / --prefix --keys-only