Rajya B:
New lab question 13 - I updated the command with certs - but it kept throwing error
Alistair Mackay:
Hi @Rajya B
This is because you are not using the correct path to the certs.
The certs are in /etc/etcd/pki not /etc/kubernetes/pki/etcd
You have too much muscle memory from doing the old lab!
Rajya B:
@Alistair Mackay I got the paths from kube-apiserver pod as shared in http://screenshot.It|screenshot.It has those paths.
Alistair Mackay:
You got them from the wrong kube apiserver.
Look at the solution in your screenshot.
You need to be logged into the etcd node whose IP address you got from an earlier question.
dexterous neo:
@Rajya B on external etcd server run >ps -ef | grep -i etcd
You will get file location --cacert, --cert, --key, --data-dir from here, use this information in ETCDCTL_API=3 command instead of using values you obtained from kube api server’s yaml,
Rajya B:
Sure @dexterous neo
Alistair Mackay:
Simpler command with less garbage (because we know it is external etcd and therefore an OS service)
systemctl cat etcd
and you will see as a comment at the top the location of this file (you’re going to need to edit it later), and the command line arguments including the certs.
Alistair Mackay:
What you’re seeing is the service unit file.
Remember that when you edit a unit file, the sequence to restart the service after the edit is
systemctl daemon-reload
systemctl restart service
where in this case, “service” is etcd