Watching etcd and Kubernetes

I’m still learning Kubernetes and want to share one of the interesting tidbits I pulled out.

Goal

Kubernetes — as a distributed container operating system or orchestrator — uses etcd as its distributed storage. It contains configuration, system state (resources), and much more. I wanted to see a raw view of what was stored in etcd, and this is not normally accessible.

Steps

Assumptions:

• minikube is installed and running locally with no vm driver (See here)
• etcd is installed (See here)

Command:

sudo ETCDCTL_API=3 /usr/local/bin/etcdctl \
  --endpoints=localhost:2379 \
  --cacert=”/var/lib/minikube/certs/etcd/ca.crt” \
  --key=”/var/lib/minikube/certs/etcd/peer.key” \
  --cert=”/var/lib/minikube/certs/etcd/peer.crt”
  watch \
  --prefix ‘’ \
  --write-out=fields

Explanation:

• Version of ETCD database is 3.
• Endpoint is host and port. When running with no VM driver it’s available directly on the local machine.
• Mutual TLS is used for authentication and the certificates are directly available in Kubernetes.
• Watch command is used to monitor changes, filtered by a key prefix (empty string = everything)

Conclusion

I hope this gave you a very brief bit of insight into the fascinating world of Kubernetes!