forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
How to Use Etcdctl with K3s Embedded Etcd
Anna Blendermann edited this page Nov 17, 2021
·
11 revisions
These instructions are for using etcdctl to access cluster information, indexes, or data or debug K3s embedded etcd when running single Node Rancher in Docker.
- Run Rancher in Docker.
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher
- Drop into the docker container.
docker exec -it <container ID> /bin/sh
- Access embedded etcd on default port 2379. You must authenticate as a secure client using a TLS cert file and key. These are auto generated by K3s and can be found in /var/lib/rancher/k3s/server/db/etcd/config.
advertise-client-urls: https://172.17.0.2:2379
client-transport-security:
cert-file: /var/lib/rancher/k3s/server/tls/etcd/server-client.crt
client-cert-auth: true
key-file: /var/lib/rancher/k3s/server/tls/etcd/server-client.key
trusted-ca-file: /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
data-dir: /var/lib/rancher/k3s/server/db/etcd
election-timeout: 5000
heartbeat-interval: 500
initial-advertise-peer-urls: https://172.17.0.2:2380
initial-cluster: local-node-59cc8dcd=https://172.17.0.2:2380
initial-cluster-state: new
listen-client-urls: https://172.17.0.2:2379,https://127.0.0.1:2379
listen-metrics-urls: http://127.0.0.1:2381
listen-peer-urls: https://172.17.0.2:2380
log-outputs:
- stderr
logger: zap
name: local-node-59cc8dcd
peer-transport-security:
cert-file: /var/lib/rancher/k3s/server/tls/etcd/peer-server-client.crt
client-cert-auth: true
key-file: /var/lib/rancher/k3s/server/tls/etcd/peer-server-client.key
trusted-ca-file: /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt
Set --cert=<cert-file value>, --key=<key-file value>, and --cacert=<trusted-ca-file value>. Use the member list command to see all members of the cluster.
etcdctl --endpoints=https://<host IP>:2379 \
--cert=<cert-file value> \
--key=<key-file value> \
--cacert=<trusted-ca-file value> member list
Example:
$ etcdctl --endpoints=https://localhost:2379 \
--cert="/var/lib/rancher/k3s/server/tls/etcd/server-client.crt" \
--key="/var/lib/rancher/k3s/server/tls/etcd/server-client.key" \
--cacert="/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt" member list
b8e14bda2255bc24, started, local-node-59cc8dcd, https://172.17.0.2:2380, https://172.17.0.2:2379, false
Find other commands using etcdctl help.