Menu
I don't want to setup another etcd cluster.
How can I access the built-in etcd from kubernetes pod?
I suppose first I need create a service account and use this account to launch the pod.
Then how can the container in this pod discover the URI of built-in etcd?
Thank you
789
If you have access to the master node, just do a curl from there with the client certificate paths; the certificate is in: /etc/kubernetes/pki/etcd-manager-main/etcd-clients-ca. crt and the key /etc/kubernetes/pki/etcd-manager-main/etcd-clients-ca.
Kubernetes uses etcd as a key-value database store. It stores the configuration of the Kubernetes cluster in etcd. It also stores the actual state of the system and the desired state of the system in etcd. It then uses etcd's watch functionality to monitor changes to either of these two things.
From inside the pod, kubernetes api server can be accessible directly on "https://kubernetes.default". By default it uses the "default service account" for accessing the api server. So, we also need to pass a "ca cert" and "default service account token" to authenticate with the api server.
The etcd instance used by the Kubernetes apiserver is generally treated as an implementation detail of the apiserver and is not designed to be reused by user applications. By default it is installed to only listen for connections on localhost and run on a machine where no user applications are scheduled.
It isn't difficult to run a second etcd instance for your own use. For example, the DNS cluster add-on includes a private instance of etcd that is separate from the etcd used by the apiserver.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
