解一哈密:
[root@master ~]# echo "azhzAAoPCgJ2MRIJTmFtZXNwYWNlErIBCpcBCgdkZWZhdWx0EgAaACIAKiQ1ODlhYWQ1My00YTM4LTQ4OWMtODE0NS04ODA1ODc4MDhjZDIyADgAQggI7+OlmAYQAHoAigFPCg5rdWJlLWFwaXNlcnZlchIGVXBkYXRlGgJ2MSIICO/jpZgGEAAyCEZpZWxkc1YxOh0KG3siZjpzdGF0dXMiOnsiZjpwaGFzZSI6e319fRIMCgprdWJlcm5ldGVzGggKBkFjdGl2ZRoAIgA=" |base64 -d k8s v1 Namespace² default"*$589aad53-4a38-489c-8145-880587808cd22ࣥzO kube-apiserverUpdatevࣥFieldsV1: "f:status":{"f:phase":{}}} kubernetes
查询一哈kube-system这个命名空间内有哪些使用deployment方式部署的pod:
[root@master ~]# etcd_search get /registry/deployments/kube-system --prefix --keys-only /registry/deployments/kube-system/calico-kube-controllers /registry/deployments/kube-system/coredns
查询一哈kube-system这个命名空间内有哪些pods(总共有五个):
[root@master ~]# etcd_search get /registry/pods/kube-system --prefix --keys-only /registry/pods/kube-system/calico-kube-controllers-57546b46d6-6jwqp /registry/pods/kube-system/calico-node-88pxp /registry/pods/kube-system/calico-node-m5vnd /registry/pods/kube-system/calico-node-wlmk5 /registry/pods/kube-system/coredns-76648cbfc9-87fc7
以上的key和values都以base64编码了,如果想查看key的值可以执行如下命令。有些value的值包含二进制,不易解开。
插个题外话:
总的来说,etcd这么做也是为了一定的安全哈,虽然并没什么卵用。so,如果有人破解了你的kubernetes集群,进入了系统,通过etcd会非常快的搞定你的kubernetes集群,为什么呢?多少个节点,节点什么情况,有哪些pod,然后hacker可以把自己想安装的pod交由etcd注册然后就可以提权运行等等操作啦。
查询apiserver的详情,包括服务建立时间,服务状态等信息(很明显,我的kubernetes是8月27建立的,目前kube-apiserver 是正常的):
[root@master ~]# etcd_search get /registry/apiregistration.k8s.io/apiservices/v1.apiextensions.k8s.io /registry/apiregistration.k8s.io/apiservices/v1.apiextensions.k8s.io {"kind":"APIService","apiVersion":"apiregistration.k8s.io/v1beta1","metadata":{"name":"v1.apiextensions.k8s.io","uid":"2efbefbf-ee03-4512-bea5-382d365ac03e","creationTimestamp":"2022-08-27T01:22:53Z","labels":{"kube-aggregator.kubernetes.io/automanaged":"onstart"}},"spec":{"group":"apiextensions.k8s.io","version":"v1","groupPriorityMinimum":16700,"versionPriority":15},"status":{"conditions":[{"type":"Available","status":"True","lastTransitionTime":"2022-08-27T01:22:53Z","reason":"Local","message":"Local APIServices are always available"}]}}
OK,以上是查询,下面来个增删改。
二,etcd数据库增加:
[root@master ~]# etcd_search put wo "zsk_json" OK [root@master ~]# etcd_search get wo wo zsk_json [root@master ~]# etcd_search put web1 dev1 OK [root@master ~]# etcd_search put web2 dev2 OK [root@master ~]# etcd_search put web3 dev3 OK [root@master ~]# etcd_search get web --prefix web1 dev1 web2 dev2 web3 dev3
三,删除以上刚建立的哈(删除后,再次查询没有了哈):
[root@master ~]# etcd_search del web --prefix 3 [root@master ~]# etcd_search get web --prefix [root@master ~]# etcd_search del wo 1 [root@master ~]# etcd_search get wo
删除kubernetes集群的节点:
[root@master ~]# k get no NAME STATUS ROLES AGE VERSION k8s-master Ready <none> 32d v1.18.3 k8s-node1 Ready <none> 32d v1.18.3 k8s-node2 Ready <none> 32d v1.18.3 [root@master ~]# etcd_search del /registry/minions/k8s-node2 1 [root@master ~]# k get no NAME STATUS ROLES AGE VERSION k8s-master Ready <none> 32d v1.18.3 k8s-node1 Ready <none> 32d v1.18.3
OK,node节点看不到了,集群这就完蛋了,怎么办呢?我早有张良计:云原生|kubernetes|kubernetes的etcd集群备份策略_zsk_john的博客-CSDN博客
按照我上一篇的博客恢复哈etcd集群就好啦。
