etcd-operator
etcd-operator copied to clipboard
aenix-io
kubectl plugin
It would be nice to develop plugin to simplify etcd maintenance using kubectl, eg.:
kubectl etcdctl -n default svc/etcd member list
kubectl etcdctl -n default etcdcluster/etcd member list
kubectl etcdctl -n default pod/etcd-0 snapshot backup.db
should take into spec of this pod,
- check if it has
--client-cert-authand--cert-file,--key-filespecified:
args:
- --cert-file=/etc/etcd/pki/server/cert/tls.crt
- --key-file=/etc/etcd/pki/server/cert/tls.key
- check volumeMounts contains paths of these files
volumeMounts:
- mountPath: /etc/etcd/pki/client/ca
name: client-trusted-ca-certificate
- Find the volume:
- name: client-trusted-ca-certificate
secret:
defaultMode: 420
secretName: etcd-ca-tls
-
Download
tls.crtandtls.keyfrom a secret -
Generate temporary client certificate out of CA
-
Enable port-forward to this pod or service
-
Create dynamic etcd client with correct endpoint and certificates
etcdctl member list --endpoints=https://etcd-0.etcd-headless.tenant-leotolstoi.svc:2379 --cacert=/etc/etcd/tls/ca.crt --cert=/etc/etcd/tls/tls.crt --key=/etc/etcd/tls/tls.key
Provide basic comands to maintain etcd:
Available Commands:
alarm Manage etcd alarms
defrag Defragment etcd database on the node
forfeit-leadership Tell node to forfeit etcd cluster leadership
leave Tell nodes to leave etcd cluster
members Get the list of etcd cluster members
remove-member Remove the node from etcd cluster
snapshot Stream snapshot of the etcd node to the path.
status Get the status of etcd cluster member
Some logic can be borrowed from talosctl (be aware MPL license is not compatible with Apache2) https://github.com/siderolabs/talos/blob/b86edc6776f77a65d3a254cf0f0d713ce7a9145e/cmd/talosctl/cmd/talos/etcd.go#L1
Or we can sub-license whole plugin under MPL