Unable to find Kubernetes apiserver's data in etcd3

Question

I am using the ansible scripts from kargo to build my cluster. I am unable to find where the data is stored in etcd3, despite looking over the verbose logs from the apiserver.

Here is what I see the hyperkube apiserver logs:

$ docker logs k8s_kube-apiserver.fd19548d_kube-apiserver-kube-master-01_kube-system_2f6ad6b0bf81ca6a0e2b4d499a25fc89_aa25196e
[[ SNIP ]]
I0127 23:31:55.871267       1 storage_factory.go:242] storing { podtemplates} in v1, reading as __internal from { /registry [https://10.60.68.11:2379 https://10.60.68.39:2379 https://10.60.68.35:2379] /etc/ssl/etcd/ssl/node-kube-master-01-key.pem /etc/ssl/etcd/ssl/node-kube-master-01.pem /etc/ssl/etcd/ssl/ca.pem true 1000 <nil>}
I0127 23:31:55.875975       1 storage_factory.go:242] storing { events} in v1, reading as __internal from { /registry [https://10.60.68.11:2379 https://10.60.68.39:2379 https://10.60.68.35:2379] /etc/ssl/etcd/ssl/node-kube-master-01-key.pem /etc/ssl/etcd/ssl/node-kube-master-01.pem /etc/ssl/etcd/ssl/ca.pem true 1000 <nil>}
I0127 23:31:55.876169       1 reflector.go:234] Listing and watching *api.PodTemplate from k8s.io/kubernetes/pkg/storage/cacher.go:215
I0127 23:31:55.877950       1 compact.go:55] compactor already exists for endpoints [https://10.60.68.11:2379 https://10.60.68.39:2379 https://10.60.68.35:2379]
I0127 23:31:55.878148       1 storage_factory.go:242] storing { limitranges} in v1, reading as __internal from { /registry [https://10.60.68.11:2379 https://10.60.68.39:2379 https://10.60.68.35:2379] /etc/ssl/etcd/ssl/node-kube-master-01-key.pem /etc/ssl/etcd/ssl/node-kube-master-01.pem /etc/ssl/etcd/ssl/ca.pem true 1000 <nil>}
I0127 23:31:55.879372       1 compact.go:55] compactor already exists for endpoints [https://10.60.68.11:2379 https://10.60.68.39:2379 https://10.60.68.35:2379]

the hyperkube apiserver is started with these arguments:

$ docker inspect k8s_kube-apiserver.b6395694_kube-apiserver-kube-master-01_kube-system_2f6ad6b0bf81ca6a0e2b4d499a25fc89_4338b366
[
    {
        "Id": "33c76fa64bbd5d5a656e329cf87ed3707077659c69dc281127751f594460242b",
        "Created": "2017-01-27T23:35:10.691147667Z",
        "Path": "/hyperkube",
        "Args": [
            "apiserver",
            "--advertise-address=10.60.68.23",
            "--etcd-servers=https://10.60.68.11:2379,https://10.60.68.39:2379,https://10.60.68.35:2379",
            "--etcd-quorum-read=true",
            "--etcd-cafile=/etc/ssl/etcd/ssl/ca.pem",
            "--etcd-certfile=/etc/ssl/etcd/ssl/node-kube-master-01.pem",
            "--etcd-keyfile=/etc/ssl/etcd/ssl/node-kube-master-01-key.pem",
            "--insecure-bind-address=127.0.0.1",
            "--apiserver-count=3",
            "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota",
            "--service-cluster-ip-range=10.233.0.0/18",
            "--service-node-port-range=30000-32767",
            "--client-ca-file=/etc/kubernetes/ssl/ca.pem",
            "--basic-auth-file=/etc/kubernetes/users/known_users.csv",
            "--tls-cert-file=/etc/kubernetes/ssl/apiserver.pem",
            "--tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem",
            "--token-auth-file=/etc/kubernetes/tokens/known_tokens.csv",
            "--service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem",
            "--secure-port=443",
            "--insecure-port=8080",
            "--v=4",
            "--allow-privileged=true",
            "--cloud-provider=openstack",
            "--cloud-config=/etc/kubernetes/cloud_config",
            "--anonymous-auth=False"
        ],

No where does it override the default etcd prefix of /registry. I have no idea where apiserver is storing data.

$ docker exec -it etcd3 etcdctl --peers https://10.60.68.11:2379 ls /registry
Error:  100: Key not found (/registry) [163]

It looks like your etcd has not been initialized at all. That is usually caused by an incorrectly configured api server. Can you check your api server logs to see if it is telling you anything on this issue? — Norbert, Jan 28 '17 at 22:05
Please see the following answer: [link](https://stackoverflow.com/questions/43978998/kubernetes-flannel-etcd-not-upading/43983388#43983388) — Ottovsky, Jun 20 '17 at 20:46

score 2 · Answer 1 · answered Jun 20 '17 at 11:13

To get keys and values stored in etcd v3 by kubernetes:

ETCDCTL_API=3 etcdctl --endpoints=http://localhost:2379 get --prefix /registry

To get 1 specified key and value from etcd v3, e.g.:

ETCDCTL_API=3 etcdctl --endpoints=http://localhost:2379 get /registry/services/specs/default/kubernetes

Based on: https://github.com/coreos/etcd/blob/master/Documentation/dev-guide/interacting_v3.md

score 1 · Answer 2 · answered Jan 29 '17 at 00:54

If your system is set up correctly be aware that there are some changes from etcd2 to etcd3. For example the key space in etcd3 is now flat so unlike etcd2 there are no longer any directories. Instead of using the etcdctl 'ls' command as shown above use the 'get' command instead (and make sure the etcdctl command is using the v3 api by having the ETCDCTL_API=3 environment variable set).

score 0 · Answer 3 · answered Sep 16 '17 at 00:56

0

ETCDCTL_API=3 etcdctl --endpoints=http://localhost:2379 get / --prefix --keys-only

answered Sep 16 '17 at 00:56

田咖啡

728
8
10

Unable to find Kubernetes apiserver's data in etcd3

3 Answers3