k8s-集群查看etcd
查看 etcd
[root@k8s-master etcd-v3.5.1-linux-amd64]# kubectl get po -n kube-system|grep etcd
etcd-k8s-master 1/1 Running 5 (100m ago) 14d
查看etcd版本
[root@k8s-master etcd-v3.5.1-linux-amd64]# kubectl describe pod etcd-k8s-master -n kube-system|grep Image
Image: k8s.gcr.io/etcd:3.5.0-0
Image ID: docker://sha256:0048118155842e4c91f0498dd298b8e93dc3aecc7052d9882b76f48e311a76ba
这里是3.5, 则下载3.5的客户端
wget https://github.com/etcd-io/etcd/releases/download/v3.5.1/etcd-v3.5.1-linux-amd64.tar.gz
解压并 将 etcdctl copy 到 /usr/bin下
tar -xzvf etcd-v3.5.1-linux-amd64.tar.gz
cd etcd-v3.5.1-linux-amd64
cp etcdctl /usr/bin/
[root@k8s-master etcd-v3.5.1-linux-amd64]# ls /usr/bin/|grep etcd
etcdctl
证书信息
Containers:
etcd:
Container ID: docker://ca45f745eea10a7f018e1a01bb20fb827da934e43ad97c7464565d12f597897b
Image: k8s.gcr.io/etcd:3.5.0-0
Image ID: docker://sha256:0048118155842e4c91f0498dd298b8e93dc3aecc7052d9882b76f48e311a76ba
Port: <none>
Host Port: <none>
Command:
etcd
--advertise-client-urls=https://192.168.226.19:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt
--client-cert-auth=true
--data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://192.168.226.19:2380
--initial-cluster=k8s-master=https://192.168.226.19:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://192.168.226.19:2379
--listen-metrics-urls=http://127.0.0.1:2381
--listen-peer-urls=https://192.168.226.19:2380
--name=k8s-master
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
其中:
- –cert: 即–peer-cert-file
- –key : 即 --peer-key-file
查看etcd 所有的key
–insecure-skip-tls-verify: 跳过证书
etcdctl --cert /etc/kubernetes/pki/etcd/peer.crt --key /etc/kubernetes/pki/etcd/peer.key \n
--insecure-skip-tls-verify --endpoints=localhost:2379 get / --prefix --keys-only