kubesphere安装ETCD后,默认开启了安全认证,需要在etcdctl后跟上证书文件的路径等配置参数。
查看kubeadm的配置文件:
可以看到,etcd所需的三个文件的文件路径分别为:
如果仅使用kubeadm安装,没有使用kubesphere,此处的文件路径将不是这些路径。
创建别名:
alias etcdctl='etcdctl --cacert=/etc/ssl/etcd/ssl/ca.pem --cert=/etc/ssl/etcd/ssl/node-m1master.pem --key=/etc/ssl/etcd/ssl/node-m1master-key.pem'
之后在master节点上,可以正常使用etcdctl。
[root@m1master kubernetes]# etcdctl get /registry/services --prefix --keys-only
/registry/services/endpoints/default/kubernetes
/registry/services/endpoints/istio-system/istio-ingressgateway
/registry/services/endpoints/istio-system/istiod-1-6-10
/registry/services/endpoints/istio-system/jaeger-collector
/registry/services/endpoints/istio-system/jaeger-collector-headless
/registry/services/endpoints/istio-system/jaeger-operator-metrics