Is there a way that I can access the etcd endpoints from kubernetes master node without actually getting into etcd cluster?
For a example, can I do a health curl (using ssh) to etcd endpoints or see endpoints and get the return status from the kubernetes master node? (i.e. without really getting inside the etcd master)
You can run the commands into a pod without actually getting inside the pod for example if I have to run ls -l inside the etcd pod, what I would is
kubectl exec -it -n kube-system etcd-kanister-control-plane -- ls -lSimilarly you can run any command instead of ls -l
it really depends on how you configured the cluster. Actually, etcd cluster could work outside of k8s cluster at all. Also etcd could be configurred with TLS auth, so you will need to provide cert files to be able make any request via curl. etcdctl does everything you need. Something like:
~# export ETCDCTL_API=3
~# export ETCDCTL_ENDPOINTS=https://kub01.msk.test.ru:2379,https://kub02.msk.test.ru:2379,https://avi-kub05.msk.test.ru:2379
~# etcdctl endpoint status
https://kub01.msk.test.ru:2379, e9bc9d307c96fd08, 3.3.13, 10 MB, true, 1745, 17368976
https://kub02.msk.test.ru:2379, 885ed66440d63a79, 3.3.13, 10 MB, false, 1745, 17368976
https://kub03.msk.test.ru:2379, 8c5c20ece034a652, 3.3.13, 10 MB, false, 1745, 17368976or with the TLS:
~# etcdctl endpoint health
client: etcd cluster is unavailable or misconfigured; error #0: remote error: tls: bad certificate
; error #1: remote error: tls: bad certificate
; error #2: remote error: tls: bad certificate
# need to export environment vars
~# export ETCDCTL_CACERT=<PATH_TO_FILE>
~# export ETCDCTL_CERT=<PATH_TO_FILE>
~# export ETCDCTL_KEY=<PATH_TO_FILE>
~# etcdctl endpoint health
https://kub01.msk.test.ru:2379 is healthy: successfully committed proposal: took = 2.946423ms
https://kub02.msk.test.ru:2379 is healthy: successfully committed proposal: took = 1.5883ms
https://kub03.msk.test.ru:2379 is healthy: successfully committed proposal: took = 1.745591ms