Welcome to the Linux Foundation Forum!

why not use local "etcdctl"?

Hi,
I'm playing with lab 4.1. As usuall try to do things slightly different than copy from the script book (rocky linux instead of ubuntu... to make sure I process the content instead of pasting...)
One thing I've noted is that etcd listens on node IP. And etcd container is toolless.
My way to interact with it is to download matching version of etcd relase tar, extract etcdctl tool. Observe that ca and server certs are in /etc/kubernetes/pki/etcd - hostPath mount.
And then all commands from lab could be executed without kubectl exec layer.
Not sure if it is simpler or cleaner. Or maybe there are reasons not to do so?
Just courious about Your opinions.

regards
Jan

Best Answer

  • chrispokorni
    chrispokorni Posts: 2,301
    Answer ✓

    Hi @spljaa,

    Both approaches are valid, as they produce the same end result. However, as you mentioned yourself, using the external etcdctl client requires a separate installation. While it seems harmless, there are scenarios where the user does not have permissions to install such CLI tools. There may be cases when the user is restricted to a single (web)UI to interact/manage the Kubernetes cluster - that translates most kubectl commands into simple left or right click actions, or complex keyboard shortcuts. That is when the built-in etcdctl client may need to be invoked through an exec.

    Regards,
    -Chris

Categories

Upcoming Training