Breadcrumbs

ETCD Server Administration in RKE2


This document gives a brief intro into administration of ETCD server in rke2 env.


Run this command to identify the ETCD Version running locally to interact with the rke2 ETCD server, as the default rke2 deployment doesn't contain any utility to interact with the ETCD server.

curl -L --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key https://127.0.0.1:2379/version


Note the version and change the ETCD_VER in below 

ETCD_VER=v3.5.2

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version

 cp /tmp/etcd-download-test/etcdutl/{etcd,etcdctl,etcdutl} /usr/local/bin/

Export all the required variables for ETCD

export ETCDCTL_ENDPOINTS='https://127.0.0.1:2379'
export ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt'
export ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt'
export ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key'
export ETCDCTL_API=3

 Check ETCD Performance: ( don't run on a busy production ) 

etcdctl check perf

 
 Check Endpoint Status 

etcdctl endpoint status --cluster --write-out=table

 
 Check ETCD Health Status 

etcdctl endpoint health --cluster --write-out=table

 
 Alarm list for ETCD  

etcdctl alarm list

  ETCD compact  

rev=$(etcdctl endpoint status --write-out fields | grep Revision | cut -d: -f2)
etcdctl compact $rev

etcd defrag ( dont run in degraded cluster mode ) 

etcdctl defrag --cluster

etcd get cluster keys ( don't run on a busy production env ) 

etcdctl get / --prefix --keys-only