lalyos/etcd-list-keys.md

## etcd-list-keys.md

      
    Raw
  

              etcd-list-keys.md
            
          
    You can demostrate how kubernetes stores everything in etcd (v3):
One-liner

You can exec etcdctl rigth in the etc pod:
kubectl exec -it \
  -n kube-system etcd-minikube \
  -- sh -c 'ETCDCTL_CACERT=/var/lib/localkube/certs/etcd/ca.crt \
    ETCDCTL_CERT=/var/lib/localkube/certs/etcd/peer.crt \
    ETCDCTL_KEY=/var/lib/localkube/certs/etcd/peer.key \
    ETCDCTL_API=3  \
    etcdctl \
      get \
      --keys-only \
      --prefix=true \
      "/registry/namespaces/" '

Proxy to etcd

Or if you have etcdctl installed on your host. You can run etcdctl command on your localhost.
Copy certificate and key from container to localhost:
kubectl cp kube-system/etcd-minikube:/var/lib/localkube/certs/etcd/peer.key .
kubectl cp kube-system/etcd-minikube:/var/lib/localkube/certs/etcd/peer.crt . 

Set ETCDCTL_ environment variables
export \
  ETCDCTL_API=3 \
  ETCDCTL_INSECURE_SKIP_TLS_VERIFY=true  \
  ETCDCTL_CERT=peer.crt \
  ETCDCTL_KEY=peer.key

Start a proxy (in a separate terminal) to be able to connect to etcd on localhost:
kubectl port-forward -n kube-system etcd-minikube 2379:2379

etcdctl  get --keys-only --prefix=true "/registry/namespaces/"