1 Introduction
The manifests of all objects in k8s need to be saved somewhere so that their manifests will not be lost when the api server restarts or fails, so etcd is introduced. In k8s, only the api server and etcd interact directly, and other components interact with etcd indirectly through the api server. The benefits of this are as follows.
- Enhance the robustness of the optimistic locking system and verification system
- To facilitate subsequent storage replacement, you only need to modify the relevant interfaces of the api server component.
etcd is a fast-responsive, distributed, and consistent KV storage, and it is also the only place where k8s stores cluster status and metadata.
2 View the data stored in etcd in k8s
$ kubectl get pod -n kube-system |grep etcd
etcd-ops-master-1 1/1 Running 0 135m
$ kubectl exec -it -n kube-system etcd-ops-master-1 -- /bin/sh
sh-5.0#
sh-5.0# etcdctl member list --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key
97937da5f040d7bc, started, ops-master-1, https://10.220.43.203:2380, https://10.220.43.203:2379, falseetcd in k8s needs to use a certificate for authentication.
To view the data stored in etcd, you can manually install the etcdctl command on the master node.
sh-5.0# exittcdctl get --prefix "" --endpoints=10.220.43.203:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key--endpoints specifies the etcd node. In addition, the k8s certificate must be used. The certificate is usually in the /etc/kubernetes/pki/ directory. In the following output, you can see the k8s-related key value data stored in etcd.