When patching some Kubernetes control-plane nodes on which etcd
also happens to be running, you might want to gracefully transfer the leadership of the etcd cluster away before patching and eventually patching the node.
This can be achieved with the following script, provided you specify the adequate environment variables in /etc/profile.d/etcd-all
:
set -o pipefail && \
source /etc/profile.d/etcd-all && \
AM_LEADER=$(etcdctl endpoint status | grep $(hostname) | cut -d ',' -f 5 | tr -d ' ') && \
if [[ $AM_LEADER = "true" ]]
then
NEW_LEADER=$(etcdctl endpoint status | grep -v $(hostname) | cut -d ',' -f 2 | tr -d ' ' | tail -n '-1') && \
etcdctl move-leader $NEW_LEADER && sleep 15
fi
the /etc/profile.d/etcd-all
file should contain something similar to:
export ETCDCTL_API=3
export ETCDCTL_ENDPOINTS="https://node1.domain:2379,https://node2.domain:2379,https://node3.domain:2379"
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt