How to access kubernetes keys in etcd

Question

Question

How to get the Kubernetes related keys from etcd? Tried to list keys in etcd but could not see related keys. Also where is etcdctl installed?

$ etcdctl
bash: etcdctl: command not found..

$ sudo netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      386/etcd            
tcp        0      0 127.0.0.1:2380          0.0.0.0:*               LISTEN      386/etcd            

$ curl -s http://localhost:2379/v2/keys | python -m json.tool
{
    "action": "get",
    "node": {
        "dir": true
    }
}

Background

Installed Kubernetes 1.8.5 by following Using kubeadm to Create a Cluster on CentOS 7. When I looked at Getting started with etcd, v2/keys looks to be the end point.

Answer 1

Usually you need to get etcdctl by yourself. Just download the latest etcdctl archive from etcd releases page.

Also, starting from Kubernetes version 1.6 it uses etcd version 3, so to get a list of all keys is:

ETCDCTL_API=3 etcdctl --endpoints=<etcd_ip>:2379 get / --prefix --keys-only

You can find all etcdctl v3 actions using:

ETCDCTL_API=3 etcdctl --endpoints=<etcd_ip>:2379 --help

EDIT (thanks to @leodotcloud):

In case ETCD is configured with TLS certificates support:

ETCDCTL_API=3 etcdctl --endpoints <etcd_ip>:2379 --cacert <ca_cert_path> --cert <cert_path> --key <cert_key_path> get / --prefix --keys-only

Answer 2

Access the docker container, and run the following commmand:

ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key get / --prefix --keys-only