Access to etcd API within a GKE cluster
4,151 views
Skip to first unread message
Michael Strickland
May 2, 2017, 12:54:56 PM5/2/17
to Kubernetes user discussion and Q&A
Hello, I'm wondering if it's possible to access the etcd API from within a container running on Google Kubernetes Engine.
We're using DataDog's docker-dd-agent image to monitor metrics in the cluster, and one feature is automatic service discovery of containers deployed in the cluster. The agent does this by querying the etcd API for a cluster to discover containers matching certain names.
On our previous self-managed Kubernetes cluster, we could access this API by querying localhost:4001 on our worker nodes. However, there doesn't appear to be a direct equivalent to that on GKE, as the etcd cluster is a managed service.
Is there any way to interact with etcd within a cluster, or is the API intentionally closed off?
Thanks!
Michael
EJ Campbell
May 2, 2017, 2:37:24 PM5/2/17
to kubernet...@googlegroups.com
I'm surprised there isn't more native Kubernetes integration. Their documentation mentions this:
KUBERNETESenables the kubernetes check if set (KUBERNETES=yesworks).KUBERNETES_COLLECT_EVENTSenables event collection from the kubernetes API, given thatKUBERNETESis also set. Note: only one agent should haveKUBERNETES_COLLECT_EVENTSset per cluster.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
Daniel Smith
May 2, 2017, 4:27:33 PM5/2/17
to kubernet...@googlegroups.com
Sorry, but the backend storage used by Kubernetes in GKE is not exposed, and there are no plans to expose it in the future.
Even if you do have direct access to etcd, I'd strongly recommend using the Kubernetes API for acquiring information like this. The API has various backwards compatibility guarantees, which do not apply to the storage layer. E.g., we just switched to etcd3, and soon we'll be doing a flag flip and start writing a binary data format.
The other concern of course is that access to etcd == root on the cluster.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Strickland, Michael
May 2, 2017, 5:53:15 PM5/2/17
to kubernet...@googlegroups.com
Thanks Daniel, that makes perfect sense - glad to have clarification!
Michael
--
You received this message because you are subscribed to a topic in the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kubernetes-users/6BLcAQAvPCU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kubernetes-users+unsubscribe@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
Brandon Philips
May 2, 2017, 5:54:48 PM5/2/17
to kubernet...@googlegroups.com
If you want to deploy etcd _on top_ of an existing Kubernetes cluster checkout the etcd operator: https://github.com/coreos/etcd-operator#etcd-operator
On Tue, May 2, 2017 at 2:53 PM Strickland, Michael <michael.s...@nytimes.com> wrote:
Thanks Daniel, that makes perfect sense - glad to have clarification!MichaelOn Tue, May 2, 2017 at 4:27 PM, 'Daniel Smith' via Kubernetes user discussion and Q&A <kubernet...@googlegroups.com> wrote:
Sorry, but the backend storage used by Kubernetes in GKE is not exposed, and there are no plans to expose it in the future.Even if you do have direct access to etcd, I'd strongly recommend using the Kubernetes API for acquiring information like this. The API has various backwards compatibility guarantees, which do not apply to the storage layer. E.g., we just switched to etcd3, and soon we'll be doing a flag flip and start writing a binary data format.The other concern of course is that access to etcd == root on the cluster.
On Tue, May 2, 2017 at 9:54 AM, Michael Strickland <michael.s...@nytimes.com> wrote:
Hello, I'm wondering if it's possible to access the etcd API from within a container running on Google Kubernetes Engine.We're using DataDog's docker-dd-agent image to monitor metrics in the cluster, and one feature is automatic service discovery of containers deployed in the cluster. The agent does this by querying the etcd API for a cluster to discover containers matching certain names.On our previous self-managed Kubernetes cluster, we could access this API by querying localhost:4001 on our worker nodes. However, there doesn't appear to be a direct equivalent to that on GKE, as the etcd cluster is a managed service.Is there any way to interact with etcd within a cluster, or is the API intentionally closed off?Thanks!Michael
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kubernetes-users/6BLcAQAvPCU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-use...@googlegroups.com.
To post to this group, send email to kubernet...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages