How do we find apiserver sha512 hash that is currently running on the cluster? I tried in the cluster using ps -ef | grep kube-apiserver and then tried to find the binary path in /proc/process_id/ However was not successful. Please assist.
Without knowing what kind of cluster you’re doing this in, here’s a minikube example. The main trick is finding where the kube-apiserver binary is on the image:
$ minikube ssh
_ _
_ _ ( ) ( )
___ ___ (_) ___ (_)| |/') _ _ | |_ __
/' _ ` _ `\| |/' _ `\| || , < ( ) ( )| '_`\ /'__`\
| ( ) ( ) || || ( ) || || |\`\ | (_) || |_) )( ___/
(_) (_) (_)(_)(_) (_)(_)(_) (_)`\___/'(_,__/'`\____)
$ sudo bash
$ ps -aef | grep apiserver
root 1755 1689 17 Aug06 ? 22:36:51 kube-apiserver --advertise-address=192.168.105.2 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/var/lib/minikube/certs/ca.crt --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --enable-bootstrap-token-auth=true --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt --kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt --proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=8443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/var/lib/minikube/certs/sa.pub --service-account-signing-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/var/lib/minikube/certs/apiserver.crt --tls-private-key-file=/var/lib/minikube/certs/apiserver.key
root 1503929 1503876 0 18:24 pts/0 00:00:00 grep apiserver
$ cd /proc/1755/
$ ls -l
total 0
-r--r--r-- 1 root root 0 Aug 11 18:25 arch_status
dr-xr-xr-x 2 root root 0 Aug 11 18:25 attr
-r-------- 1 root root 0 Aug 11 18:25 auxv
-r--r--r-- 1 root root 0 Aug 5 01:21 cgroup
--w------- 1 root root 0 Aug 11 18:25 clear_refs
-r--r--r-- 1 root root 0 Aug 5 01:21 cmdline
-rw-r--r-- 1 root root 0 Aug 11 18:25 comm
-rw-r--r-- 1 root root 0 Aug 11 18:25 coredump_filter
-r--r--r-- 1 root root 0 Aug 11 18:25 cpuset
lrwxrwxrwx 1 root root 0 Aug 11 18:25 cwd -> /
-r-------- 1 root root 0 Aug 11 18:25 environ
lrwxrwxrwx 1 root root 0 Aug 5 01:21 exe -> /usr/local/bin/kube-apiserver
dr-x------ 2 root root 0 Aug 5 01:21 fd
dr-x------ 2 root root 0 Aug 11 18:25 fdinfo
-rw-r--r-- 1 root root 0 Aug 11 18:25 gid_map
-r-------- 1 root root 0 Aug 11 18:25 io
-r--r--r-- 1 root root 0 Aug 11 18:25 limits
-rw-r--r-- 1 root root 0 Aug 11 18:25 loginuid
dr-x------ 2 root root 0 Aug 11 18:25 map_files
-r--r--r-- 1 root root 0 Aug 11 18:25 maps
-rw------- 1 root root 0 Aug 11 18:25 mem
-r--r--r-- 1 root root 0 Aug 5 01:21 mountinfo
-r--r--r-- 1 root root 0 Aug 11 18:25 mounts
-r-------- 1 root root 0 Aug 11 18:25 mountstats
dr-xr-xr-x 58 root root 0 Aug 11 18:25 net
dr-x--x--x 2 root root 0 Aug 11 18:25 ns
-r--r--r-- 1 root root 0 Aug 11 18:25 numa_maps
-rw-r--r-- 1 root root 0 Aug 5 01:21 oom_adj
-r--r--r-- 1 root root 0 Aug 11 18:25 oom_score
-rw-r--r-- 1 root root 0 Aug 11 18:25 oom_score_adj
-r-------- 1 root root 0 Aug 11 18:25 pagemap
-r-------- 1 root root 0 Aug 11 18:25 personality
-rw-r--r-- 1 root root 0 Aug 11 18:25 projid_map
lrwxrwxrwx 1 root root 0 Aug 11 18:25 root -> /
-r--r--r-- 1 root root 0 Aug 11 18:25 schedstat
-r--r--r-- 1 root root 0 Aug 11 18:25 sessionid
-rw-r--r-- 1 root root 0 Aug 11 18:25 setgroups
-r--r--r-- 1 root root 0 Aug 11 18:25 smaps
-r--r--r-- 1 root root 0 Aug 11 18:25 smaps_rollup
-r-------- 1 root root 0 Aug 11 18:25 stack
-r--r--r-- 1 root root 0 Aug 5 01:21 stat
-r--r--r-- 1 root root 0 Aug 11 18:25 statm
-r--r--r-- 1 root root 0 Aug 5 01:21 status
-r-------- 1 root root 0 Aug 11 18:25 syscall
dr-xr-xr-x 12 root root 0 Aug 11 18:25 task
-rw-r--r-- 1 root root 0 Aug 11 18:25 timens_offsets
-rw-rw-rw- 1 root root 0 Aug 11 18:25 timerslack_ns
-rw-r--r-- 1 root root 0 Aug 5 01:21 uid_map
-r--r--r-- 1 root root 0 Aug 11 18:25 wchan
$ cd root
$ ls
bin boot dev etc go-runner home lib proc root run sbin sys tmp usr var
$ ls -l usr/local/bin/kube-apiserver
-rwxr-xr-x 1 root root 112877720 Apr 17 17:48 usr/local/bin/kube-apiserver
$ sha2
sha224sum sha256sum
$ sha512sum usr/local/bin/kube-apiserver
b9515a3513871b7ce46ef06fa25c996631895acf7d2617631bc1bbfdb02704748a95500f47d60b5e41f12ca9bab077871d8f1bed98f91c2f9bd15e4198eab898 usr/local/bin/kube-apiserver
$
Hiya, this is the kubeckoud playground latest multinode cluster.
The same procedure works:
controlplane ~ ➜ k get node
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 116m v1.30.0
node01 Ready <none> 115m v1.30.0
node02 Ready <none> 115m v1.30.0
controlplane ~ ➜ ps -aef | grep kube-apiser
root 3833 3300 3 01:17 ? 00:04:23 kube-apiserver --advertise-address=192.2.158.8 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
root 41795 41449 0 03:14 pts/0 00:00:00 grep --color=auto kube-apiser
controlplane ~ ➜ ls -l /proc/3833/root/
total 1700
drwxr-xr-x 2 root root 4096 Jan 28 2024 bin
drwxr-xr-x 2 root root 4096 Jan 28 2024 boot
drwxr-xr-x 5 root root 360 Aug 12 01:17 dev
drwxr-xr-x 1 root root 4096 Aug 12 01:17 etc
-rwxr-xr-x 1 root root 1687687 Apr 4 16:36 go-runner
drwxr-xr-x 1 65532 65532 4096 Jan 1 1970 home
drwxr-xr-x 2 root root 4096 Jan 28 2024 lib
dr-xr-xr-x 1095 root root 0 Aug 12 01:17 proc
drwx------ 1 root root 4096 Jan 1 1970 root
drwxr-xr-x 2 root root 4096 Jan 28 2024 run
drwxr-xr-x 2 root root 4096 Jan 28 2024 sbin
dr-xr-xr-x 13 nobody nogroup 0 Aug 12 01:17 sys
drwxrwxrwt 1 root root 4096 Aug 3 2017 tmp
drwxr-xr-x 1 root root 4096 Apr 17 17:48 usr
drwxr-xr-x 1 root root 4096 Feb 3 2024 var
controlplane ~ ➜ ls -l /proc/3833/root/usr/local/bin/kube-apiserver
-rwxr-xr-x 1 root root 112877720 Apr 17 17:48 /proc/3833/root/usr/local/bin/kube-apiserver
controlplane ~ ➜ shasum -a 512 /proc/3833/root/usr/local/bin/kube-apiserver
b9515a3513871b7ce46ef06fa25c996631895acf7d2617631bc1bbfdb02704748a95500f47d60b5e41f12ca9bab077871d8f1bed98f91c2f9bd15e4198eab898 /proc/3833/root/usr/local/bin/kube-apiserver