文章目录
1.背景
参考链接:
- 1. [译]走进Kubernetes集群的大脑:Etcd
- 2. Kubernetes架构图
2.环境准备
- 操作系统
ubuntu 22
- k8s环境
minikube v1.26.1
- node节点信息
NAME | STATUS | ROLES | IP | VERSION |
---|---|---|---|---|
minikube | Ready | control-plane,master | 192.168.49.2 | v1.23.8 |
minikube-m02 | Ready | none | 192.168.49.3 | v1.23.8 |
minikube-m03 | Ready | none | 192.168.49.4 | v1.23.8 |
获取etcd根证书,服务器证书和私钥
# 先查看etcd证书路径
kubectl describe pods --namespace kube-system etcd-minikube | grep etcd-certs: -A 3
# etcd-certs:
# Type: HostPath (bare host directory volume)
# Path: /var/lib/minikube/certs/etcd
# HostPathType: DirectoryOrCreate
# 登录进控制节点机器拷贝证书出来
minikube ssh -n minikube
# docker@minikube:
cd /var/lib/minikube/certs/etcd
# 拷贝ca.crt server.crt server.key 到真实机器
scp ca.crt 用户名@本机IP
3. Go访问etcd代码
package main
import (
"context"
"crypto/tls"
"crypto/x509"
"flag"
"fmt"
"io/ioutil"
"strings"
"time"
clientv3 "go.etcd.io/etcd/client/v3"
)
func checkErr(err error) {
if err != nil {
panic(err)
}
}
func main() {
listName := flag.Bool("list-name", false, "查看所有存储键名")
prefix := flag.String("prefix", "", "列出给定字符开头的内容")
endPoint := flag.String("endpoint", "https://192.168.49.2:2379", "etcd服务地址")
flag.Parse()
// 使用etcd根证书认证
caCert, err := ioutil.ReadFile("ca.crt")
checkErr(err)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
serverCert, err := tls.LoadX509KeyPair("server.crt", "server.key")
checkErr(err)
client, err := clientv3.New(clientv3.Config{
Endpoints: []string{*endPoint},
DialTimeout: 5 * time.Second,
TLS: &tls.Config{
RootCAs: caCertPool,
Certificates: []tls.Certificate{serverCert},
},
})
checkErr(err)
defer client.Close()
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
resp, err := client.Get(ctx, "", clientv3.WithPrefix())
checkErr(err)
cancel()
for _, r := range resp.Kvs {
if *listName {
fmt.Println(string(r.Key))
continue
}
if strings.Contains(string(r.Key), *prefix) {
fmt.Println(string(r.Key))
fmt.Println("-------------------------------------------------------------------------------")
fmt.Println(string(r.Value))
fmt.Println("-------------------------------------------------------------------------------")
fmt.Println()
}
}
checkErr(err)
}
4. 访问结果
获取etcd
所有键名
过滤键名
TODO
优化对象数据展示