Is there a good way to access the etcd datastore of a minikube cluster? I'm trying to create a watcher for events on kubernetes pods, but I need to look at the etcd changelog. So far, I have run kubectl exec -it --namespace kube-system etcd-minikube sh
, which ssh-s me into the minikube host machine, but from there, I can't access etcd
, etcdctl
times out, and I can't even run python
. Is there a clean way to do this? The links seem outdated.
https://github.com/kubernetes/minikube/blob/master/docs/accessing_etcd.md is outdated, as well as any other sources that reference localkube.
I was able to check minikube v1.2.0 etcd v3 connection channel through gRPC messaging protocol and it works fine.
I've check connection in two ways: directly within etcd-minikube
Pod and externally from my minikube hosting machine via etcdctl binary injected there.
Minikube ETCD certificates inventory located here: /var/lib/minikube/certs/etcd/
and I've used some of these certs to authenticate to etcd storage.
You can use below query string for connection from within etcd-minikube
Pod, but first you have to distribute etcd certs into this Pod; this can be done via kubectl cp
command:
sudo kubectl cp /var/lib/minikube/certs/etcd/ etcd-minikube:/SOME_PATH -n kube-system
ETCDCTL_API=3 etcdctl --cacert=/PATH/TO/ETCD/CERTS/ca.crt --key=/PATH/TO/ETCD/CERTS/server.key --cert=/PATH/TO/ETCD/CERTS/server.crt get / --prefix --keys-only
Query string from my minikube host machine accessing etcd endpoint:
ETCDCTL_API=3 etcdctl --cacert=/PATH/TO/ETCD/CERTS/ca.crt --key=/PATH/TO/ETCD/CERTS/server.key --cert=/PATH/TO/ETCD/CERTS/server.crt --endpoints "https://$(minikube ip):2379" get / --prefix --keys-only