Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubectl plugin #212

Closed
kvaps opened this issue May 15, 2024 · 1 comment · Fixed by #220
Closed

kubectl plugin #212

kvaps opened this issue May 15, 2024 · 1 comment · Fixed by #220
Assignees
@kvaps
Milestone
v0.3.0

Comments

@kvaps
Copy link
Member

kvaps commented May 15, 2024
edited
Loading

It would be nice to develop plugin to simplify etcd maintenance using kubectl, eg.:

kubectl etcdctl -n default svc/etcd member list
kubectl etcdctl -n default etcdcluster/etcd member list

kubectl etcdctl -n default pod/etcd-0 snapshot backup.db

should take into spec of this pod,

  1. check if it has --client-cert-auth and --cert-file, --key-file specified:
args:
    - --cert-file=/etc/etcd/pki/server/cert/tls.crt
    - --key-file=/etc/etcd/pki/server/cert/tls.key
  1. check volumeMounts contains paths of these files
    volumeMounts:
    - mountPath: /etc/etcd/pki/client/ca
      name: client-trusted-ca-certificate
  1. Find the volume:
  - name: client-trusted-ca-certificate
    secret:
      defaultMode: 420
      secretName: etcd-ca-tls

  1. Download tls.crt and tls.key from a secret

  2. Generate temporary client certificate out of CA

  3. Enable port-forward to this pod or service

  4. Create dynamic etcd client with correct endpoint and certificates

etcdctl member list --endpoints=https://etcd-0.etcd-headless.tenant-leotolstoi.svc:2379 --cacert=/etc/etcd/tls/ca.crt  --cert=/etc/etcd/tls/tls.crt --key=/etc/etcd/tls/tls.key

Provide basic comands to maintain etcd:

Available Commands:
  alarm              Manage etcd alarms
  defrag             Defragment etcd database on the node
  forfeit-leadership Tell node to forfeit etcd cluster leadership
  leave              Tell nodes to leave etcd cluster
  members            Get the list of etcd cluster members
  remove-member      Remove the node from etcd cluster
  snapshot           Stream snapshot of the etcd node to the path.
  status             Get the status of etcd cluster member
@sircthulhu sircthulhu self-assigned this May 15, 2024
@kvaps
Copy link
Member Author

kvaps commented May 15, 2024

Some logic can be borrowed from talosctl (be aware MPL license is not compatible with Apache2)
https://github.com/siderolabs/talos/blob/b86edc6776f77a65d3a254cf0f0d713ce7a9145e/cmd/talosctl/cmd/talos/etcd.go#L1

Or we can sub-license whole plugin under MPL

@kvaps kvaps assigned kvaps and unassigned sircthulhu May 20, 2024
@kvaps kvaps mentioned this issue May 20, 2024
Merged
@kvaps kvaps added this to the v0.3.0 milestone May 20, 2024
@kvaps kvaps closed this as completed in df56b4d Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kvaps kvaps

Labels
None yet
Projects
etcd-operator
Status: Done
Milestone
v0.3.0
Development

Successfully merging a pull request may close this issue.

Add kubectl-etcd plugin aenix-io/etcd-operator
2 participants
@sircthulhu @kvaps