Kerbernetesのデータストアとして使われているetcdの中身を確認したい
etcdの中身を確認するまでに少し手間取ったのでまとめておく
QuickStart
下記のリポジトリからすぐに確認ができる
環境
kind v0.8.1
CentOS Linux 8
手順
kindを用いてマルチマスタkubernetesクラスタを構築する
こんな感じのクラスタ設定を用意することで、kindでマルチマスタなクラスタが構築できる
マスタが3台になることでetcdも3台動作する
Cluster.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: control-plane
- role: control-plane
クラスタ構築
kind create cluster --config Cluster.yaml
kind内でCRIOが用いられているので、crictlを用いてetcdコンテナを操作
kindで作成したクラスタ内では、コンテナランタイムとしてDockerの代わりにCRI-Oが使用されている
CRI-O: https://github.com/cri-o/cri-o
DockerのCLIと使用感はあまり変わらないので、同様にコンテナに接続する
CONTAINER_ID=$(crictl ps -a | grep etcd | cut -c1-13)
crictl exec -i $CONTAINER_ID sh
etcdの状態を確認する
etcdはクライアント認証が有効になっているため、証明書を用いた認証が必要となる
etcdctlのコマンドライン引数として渡すことも可能だが冗長になるため、環境変数として設定してみる
この設定は、etcdのgithubに記載されている
https://github.com/etcd-io/etcd/tree/master/etcdctl
export ETCDCTL_API=3
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
etcdctl member list -w table
+------------------+---------+---------------------+-------------------------+-------------------------+------------+
| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |
+------------------+---------+---------------------+-------------------------+-------------------------+------------+
| 14d73eed59184d80 | started | kind-control-plane2 | https://172.18.0.4:2380 | https://172.18.0.4:2379 | false |
| 23da9c3f2594532a | started | kind-control-plane | https://172.18.0.3:2380 | https://172.18.0.3:2379 | false |
| 484d19806ffad4bc | started | kind-control-plane3 | https://172.18.0.2:2380 | https://172.18.0.2:2379 | false |
+------------------+---------+---------------------+-------------------------+-------------------------+------------+
etcdctl endpoint --cluster health
https://172.18.0.3:2379 is healthy: successfully committed proposal: took = 12.603074ms
https://172.18.0.2:2379 is healthy: successfully committed proposal: took = 14.255086ms
https://172.18.0.4:2379 is healthy: successfully committed proposal: took = 14.634238ms
etcd内のkubernetes関連keyを確認
etcdはkey-value storeなので、まずはどんなkeyがあるかを確認してみる
/registryという後ろにk8sリソースが階層的に並んでいるのかな
このあたりの使用は調べてない
# etcdctl get --keys-only --prefix ""
/registry/apiregistration.k8s.io/apiservices/v1.
/registry/apiregistration.k8s.io/apiservices/v1.admissionregistration.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.apiextensions.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.apps
/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v1.batch
/registry/apiregistration.k8s.io/apiservices/v1.coordination.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.scheduling.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionregistration.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.apiextensions.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.authentication.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.batch
/registry/apiregistration.k8s.io/apiservices/v1beta1.certificates.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.coordination.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.discovery.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.events.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.extensions
/registry/apiregistration.k8s.io/apiservices/v1beta1.networking.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.node.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.policy
/registry/apiregistration.k8s.io/apiservices/v1beta1.rbac.authorization.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.scheduling.k8s.io
/registry/apiregistration.k8s.io/apiservices/v1beta1.storage.k8s.io
/registry/apiregistration.k8s.io/apiservices/v2beta1.autoscaling
/registry/apiregistration.k8s.io/apiservices/v2beta2.autoscaling
/registry/clusterrolebindings/cluster-admin
/registry/clusterrolebindings/kindnet
/registry/clusterrolebindings/kubeadm:get-nodes
/registry/clusterrolebindings/kubeadm:kubelet-bootstrap
/registry/clusterrolebindings/kubeadm:node-autoapprove-bootstrap
/registry/clusterrolebindings/kubeadm:node-autoapprove-certificate-rotation
/registry/clusterrolebindings/kubeadm:node-proxier
/registry/clusterrolebindings/local-path-provisioner-bind
/registry/clusterrolebindings/system:basic-user
/registry/clusterrolebindings/system:controller:attachdetach-controller
/registry/clusterrolebindings/system:controller:certificate-controller
/registry/clusterrolebindings/system:controller:clusterrole-aggregation-controller
/registry/clusterrolebindings/system:controller:cronjob-controller
/registry/clusterrolebindings/system:controller:daemon-set-controller
/registry/clusterrolebindings/system:controller:deployment-controller
/registry/clusterrolebindings/system:controller:disruption-controller
/registry/clusterrolebindings/system:controller:endpoint-controller
/registry/clusterrolebindings/system:controller:endpointslice-controller
/registry/clusterrolebindings/system:controller:expand-controller
/registry/clusterrolebindings/system:controller:generic-garbage-collector
/registry/clusterrolebindings/system:controller:horizontal-pod-autoscaler
/registry/clusterrolebindings/system:controller:job-controller
/registry/clusterrolebindings/system:controller:namespace-controller
/registry/clusterrolebindings/system:controller:node-controller
/registry/clusterrolebindings/system:controller:persistent-volume-binder
/registry/clusterrolebindings/system:controller:pod-garbage-collector
/registry/clusterrolebindings/system:controller:pv-protection-controller
/registry/clusterrolebindings/system:controller:pvc-protection-controller
/registry/clusterrolebindings/system:controller:replicaset-controller
/registry/clusterrolebindings/system:controller:replication-controller
/registry/clusterrolebindings/system:controller:resourcequota-controller
/registry/clusterrolebindings/system:controller:route-controller
/registry/clusterrolebindings/system:controller:service-account-controller
/registry/clusterrolebindings/system:controller:service-controller
/registry/clusterrolebindings/system:controller:statefulset-controller
/registry/clusterrolebindings/system:controller:ttl-controller
/registry/clusterrolebindings/system:coredns
/registry/clusterrolebindings/system:discovery
/registry/clusterrolebindings/system:kube-controller-manager
/registry/clusterrolebindings/system:kube-dns
/registry/clusterrolebindings/system:kube-scheduler
/registry/clusterrolebindings/system:node
/registry/clusterrolebindings/system:node-proxier
/registry/clusterrolebindings/system:public-info-viewer
/registry/clusterrolebindings/system:volume-scheduler
/registry/clusterroles/admin
/registry/clusterroles/cluster-admin
/registry/clusterroles/edit
/registry/clusterroles/kindnet
/registry/clusterroles/kubeadm:get-nodes
/registry/clusterroles/local-path-provisioner-role
/registry/clusterroles/system:aggregate-to-admin
/registry/clusterroles/system:aggregate-to-edit
/registry/clusterroles/system:aggregate-to-view
/registry/clusterroles/system:auth-delegator
/registry/clusterroles/system:basic-user
/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:nodeclient
/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient
/registry/clusterroles/system:certificates.k8s.io:kube-apiserver-client-approver
/registry/clusterroles/system:certificates.k8s.io:kube-apiserver-client-kubelet-approver
/registry/clusterroles/system:certificates.k8s.io:kubelet-serving-approver
/registry/clusterroles/system:certificates.k8s.io:legacy-unknown-approver
/registry/clusterroles/system:controller:attachdetach-controller
/registry/clusterroles/system:controller:certificate-controller
/registry/clusterroles/system:controller:clusterrole-aggregation-controller
/registry/clusterroles/system:controller:cronjob-controller
/registry/clusterroles/system:controller:daemon-set-controller
/registry/clusterroles/system:controller:deployment-controller
/registry/clusterroles/system:controller:disruption-controller
/registry/clusterroles/system:controller:endpoint-controller
/registry/clusterroles/system:controller:endpointslice-controller
/registry/clusterroles/system:controller:expand-controller
/registry/clusterroles/system:controller:generic-garbage-collector
/registry/clusterroles/system:controller:horizontal-pod-autoscaler
/registry/clusterroles/system:controller:job-controller
/registry/clusterroles/system:controller:namespace-controller
/registry/clusterroles/system:controller:node-controller
/registry/clusterroles/system:controller:persistent-volume-binder
/registry/clusterroles/system:controller:pod-garbage-collector
/registry/clusterroles/system:controller:pv-protection-controller
/registry/clusterroles/system:controller:pvc-protection-controller
/registry/clusterroles/system:controller:replicaset-controller
/registry/clusterroles/system:controller:replication-controller
/registry/clusterroles/system:controller:resourcequota-controller
/registry/clusterroles/system:controller:route-controller
/registry/clusterroles/system:controller:service-account-controller
/registry/clusterroles/system:controller:service-controller
/registry/clusterroles/system:controller:statefulset-controller
/registry/clusterroles/system:controller:ttl-controller
/registry/clusterroles/system:coredns
/registry/clusterroles/system:discovery
/registry/clusterroles/system:heapster
/registry/clusterroles/system:kube-aggregator
/registry/clusterroles/system:kube-controller-manager
/registry/clusterroles/system:kube-dns
/registry/clusterroles/system:kube-scheduler
/registry/clusterroles/system:kubelet-api-admin
/registry/clusterroles/system:node
/registry/clusterroles/system:node-bootstrapper
/registry/clusterroles/system:node-problem-detector
/registry/clusterroles/system:node-proxier
/registry/clusterroles/system:persistent-volume-provisioner
/registry/clusterroles/system:public-info-viewer
/registry/clusterroles/system:volume-scheduler
/registry/clusterroles/view
/registry/configmaps/kube-public/cluster-info
/registry/configmaps/kube-system/coredns
/registry/configmaps/kube-system/extension-apiserver-authentication
/registry/configmaps/kube-system/kube-proxy
/registry/configmaps/kube-system/kubeadm-config
/registry/configmaps/kube-system/kubelet-config-1.18
/registry/configmaps/local-path-storage/local-path-config
/registry/controllerrevisions/kube-system/kindnet-7968cb6854
/registry/controllerrevisions/kube-system/kube-proxy-5f7b7d4f89
/registry/csinodes/kind-control-plane
/registry/csinodes/kind-control-plane2
/registry/csinodes/kind-control-plane3
/registry/daemonsets/kube-system/kindnet
/registry/daemonsets/kube-system/kube-proxy
/registry/deployments/kube-system/coredns
/registry/deployments/local-path-storage/local-path-provisioner
/registry/endpointslices/default/kubernetes
/registry/endpointslices/kube-system/kube-dns-6k2qn
/registry/leases/kube-node-lease/kind-control-plane
/registry/leases/kube-node-lease/kind-control-plane2
/registry/leases/kube-node-lease/kind-control-plane3
/registry/leases/kube-system/kube-controller-manager
/registry/leases/kube-system/kube-scheduler
/registry/masterleases/172.18.0.2
/registry/masterleases/172.18.0.3
/registry/masterleases/172.18.0.4
/registry/minions/kind-control-plane
/registry/minions/kind-control-plane2
/registry/minions/kind-control-plane3
/registry/namespaces/default
/registry/namespaces/kube-node-lease
/registry/namespaces/kube-public
/registry/namespaces/kube-system
/registry/namespaces/local-path-storage
/registry/pods/kube-system/coredns-66bff467f8-2jgt4
/registry/pods/kube-system/coredns-66bff467f8-hdt74
/registry/pods/kube-system/etcd-kind-control-plane
/registry/pods/kube-system/etcd-kind-control-plane2
/registry/pods/kube-system/etcd-kind-control-plane3
/registry/pods/kube-system/kindnet-jttdx
/registry/pods/kube-system/kindnet-ltmcq
/registry/pods/kube-system/kindnet-wrg59
/registry/pods/kube-system/kube-apiserver-kind-control-plane
/registry/pods/kube-system/kube-apiserver-kind-control-plane2
/registry/pods/kube-system/kube-apiserver-kind-control-plane3
/registry/pods/kube-system/kube-controller-manager-kind-control-plane
/registry/pods/kube-system/kube-controller-manager-kind-control-plane2
/registry/pods/kube-system/kube-controller-manager-kind-control-plane3
/registry/pods/kube-system/kube-proxy-6cp6w
/registry/pods/kube-system/kube-proxy-dgwnl
/registry/pods/kube-system/kube-proxy-zzjv8
/registry/pods/kube-system/kube-scheduler-kind-control-plane
/registry/pods/kube-system/kube-scheduler-kind-control-plane2
/registry/pods/kube-system/kube-scheduler-kind-control-plane3
/registry/pods/local-path-storage/local-path-provisioner-bd4bb6b75-tdnhx
/registry/priorityclasses/system-cluster-critical
/registry/priorityclasses/system-node-critical
/registry/ranges/serviceips
/registry/ranges/servicenodeports
/registry/replicasets/kube-system/coredns-66bff467f8
/registry/replicasets/local-path-storage/local-path-provisioner-bd4bb6b75
/registry/rolebindings/kube-public/kubeadm:bootstrap-signer-clusterinfo
/registry/rolebindings/kube-public/system:controller:bootstrap-signer
/registry/rolebindings/kube-system/kube-proxy
/registry/rolebindings/kube-system/kubeadm:kubelet-config-1.18
/registry/rolebindings/kube-system/kubeadm:nodes-kubeadm-config
/registry/rolebindings/kube-system/system::extension-apiserver-authentication-reader
/registry/rolebindings/kube-system/system::leader-locking-kube-controller-manager
/registry/rolebindings/kube-system/system::leader-locking-kube-scheduler
/registry/rolebindings/kube-system/system:controller:bootstrap-signer
/registry/rolebindings/kube-system/system:controller:cloud-provider
/registry/rolebindings/kube-system/system:controller:token-cleaner
/registry/roles/kube-public/kubeadm:bootstrap-signer-clusterinfo
/registry/roles/kube-public/system:controller:bootstrap-signer
/registry/roles/kube-system/extension-apiserver-authentication-reader
/registry/roles/kube-system/kube-proxy
/registry/roles/kube-system/kubeadm:kubelet-config-1.18
/registry/roles/kube-system/kubeadm:nodes-kubeadm-config
/registry/roles/kube-system/system::leader-locking-kube-controller-manager
/registry/roles/kube-system/system::leader-locking-kube-scheduler
/registry/roles/kube-system/system:controller:bootstrap-signer
/registry/roles/kube-system/system:controller:cloud-provider
/registry/roles/kube-system/system:controller:token-cleaner
/registry/secrets/default/default-token-72hk8
/registry/secrets/kube-node-lease/default-token-lvv8n
/registry/secrets/kube-public/default-token-7npwh
/registry/secrets/kube-system/attachdetach-controller-token-qck8r
/registry/secrets/kube-system/bootstrap-signer-token-gb79r
/registry/secrets/kube-system/bootstrap-token-abcdef
/registry/secrets/kube-system/certificate-controller-token-545m4
/registry/secrets/kube-system/clusterrole-aggregation-controller-token-kbtjs
/registry/secrets/kube-system/coredns-token-r72pk
/registry/secrets/kube-system/cronjob-controller-token-f5j7t
/registry/secrets/kube-system/daemon-set-controller-token-25rjc
/registry/secrets/kube-system/default-token-mpt26
/registry/secrets/kube-system/deployment-controller-token-cpb7g
/registry/secrets/kube-system/disruption-controller-token-9k4nt
/registry/secrets/kube-system/endpoint-controller-token-4hm8v
/registry/secrets/kube-system/endpointslice-controller-token-27wrv
/registry/secrets/kube-system/expand-controller-token-vm9tx
/registry/secrets/kube-system/generic-garbage-collector-token-5p6f9
/registry/secrets/kube-system/horizontal-pod-autoscaler-token-zg2wb
/registry/secrets/kube-system/job-controller-token-kl6xl
/registry/secrets/kube-system/kindnet-token-qvk67
/registry/secrets/kube-system/kube-proxy-token-2z6lf
/registry/secrets/kube-system/namespace-controller-token-2l9ff
/registry/secrets/kube-system/node-controller-token-424hv
/registry/secrets/kube-system/persistent-volume-binder-token-wlj82
/registry/secrets/kube-system/pod-garbage-collector-token-g97zh
/registry/secrets/kube-system/pv-protection-controller-token-6szsb
/registry/secrets/kube-system/pvc-protection-controller-token-bzs8x
/registry/secrets/kube-system/replicaset-controller-token-mdbth
/registry/secrets/kube-system/replication-controller-token-zrl9n
/registry/secrets/kube-system/resourcequota-controller-token-9p7xw
/registry/secrets/kube-system/service-account-controller-token-9s8lf
/registry/secrets/kube-system/service-controller-token-vtpvj
/registry/secrets/kube-system/statefulset-controller-token-vqt57
/registry/secrets/kube-system/token-cleaner-token-sq85x
/registry/secrets/kube-system/ttl-controller-token-jcfsm
/registry/secrets/local-path-storage/default-token-pvcn5
/registry/secrets/local-path-storage/local-path-provisioner-service-account-token-zs8g4
/registry/serviceaccounts/default/default
/registry/serviceaccounts/kube-node-lease/default
/registry/serviceaccounts/kube-public/default
/registry/serviceaccounts/kube-system/attachdetach-controller
/registry/serviceaccounts/kube-system/bootstrap-signer
/registry/serviceaccounts/kube-system/certificate-controller
/registry/serviceaccounts/kube-system/clusterrole-aggregation-controller
/registry/serviceaccounts/kube-system/coredns
/registry/serviceaccounts/kube-system/cronjob-controller
/registry/serviceaccounts/kube-system/daemon-set-controller
/registry/serviceaccounts/kube-system/default
/registry/serviceaccounts/kube-system/deployment-controller
/registry/serviceaccounts/kube-system/disruption-controller
/registry/serviceaccounts/kube-system/endpoint-controller
/registry/serviceaccounts/kube-system/endpointslice-controller
/registry/serviceaccounts/kube-system/expand-controller
/registry/serviceaccounts/kube-system/generic-garbage-collector
/registry/serviceaccounts/kube-system/horizontal-pod-autoscaler
/registry/serviceaccounts/kube-system/job-controller
/registry/serviceaccounts/kube-system/kindnet
/registry/serviceaccounts/kube-system/kube-proxy
/registry/serviceaccounts/kube-system/namespace-controller
/registry/serviceaccounts/kube-system/node-controller
/registry/serviceaccounts/kube-system/persistent-volume-binder
/registry/serviceaccounts/kube-system/pod-garbage-collector
/registry/serviceaccounts/kube-system/pv-protection-controller
/registry/serviceaccounts/kube-system/pvc-protection-controller
/registry/serviceaccounts/kube-system/replicaset-controller
/registry/serviceaccounts/kube-system/replication-controller
/registry/serviceaccounts/kube-system/resourcequota-controller
/registry/serviceaccounts/kube-system/service-account-controller
/registry/serviceaccounts/kube-system/service-controller
/registry/serviceaccounts/kube-system/statefulset-controller
/registry/serviceaccounts/kube-system/token-cleaner
/registry/serviceaccounts/kube-system/ttl-controller
/registry/serviceaccounts/local-path-storage/default
/registry/serviceaccounts/local-path-storage/local-path-provisioner-service-account
/registry/services/endpoints/default/kubernetes
/registry/services/endpoints/kube-system/kube-controller-manager
/registry/services/endpoints/kube-system/kube-dns
/registry/services/endpoints/kube-system/kube-scheduler
/registry/services/endpoints/local-path-storage/rancher.io-local-path
/registry/services/specs/default/kubernetes
/registry/services/specs/kube-system/kube-dns
/registry/storageclasses/standard
compact_rev_key
etcdの中身を確認
試しにkube-apiserver podに関する値を確認してみる
etcdctl get '/registry/pods/kube-system/kube-apiserver-kind-control-plane'
なんか文字化けするのと、とても読める状態じゃない
何か可視化するUI等を使用するのが無難かもしれない
/registry/pods/kube-system/kube-apiserver-kind-control-plane
k8s^@
^Bv1^R^CPod^R~P0
~E^[
!kube-apiserver-kind-control-plane^R^@^Z^Kkube-system"^@*$1768a7ff-a12d-47db-ac1c-cd4e0ef8e4702^@8^@B^H^H�~W��^E^P^@Z^[
component^R^Nkube-apiserverZ^U
^Dtier^R^Mcontrol-planebR
?kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint^R^O172.18.0.3:6443b=
^Ykubernetes.io/config.hash^R c16d5cabd6fc4bcb0e0fb7a7e93fb3f6b?
^[kubernetes.io/config.mirror^R c16d5cabd6fc4bcb0e0fb7a7e93fb3f6b;
^Ykubernetes.io/config.seen^R^^2020-05-06T14:37:43.566902112Zb#
^[kubernetes.io/config.source^R^DfilejF
^DNode^Z^Rkind-control-plane"$dc793458-540c-4e02-b36e-876927d44eaf*^Bv10^Az^@~J^A�^V
^Gkubelet^R^FUpdate^Z^Bv1"^H^H�~W��^E^P^@2^HFieldsV1:�^V
�^V{"f:metadata":{"f:annotations":{".":{},"f:kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint":{},"f:kubernetes.io/config.hash":{},"f:kubernetes.io/config.
mirror":{},"f:kubernetes.io/config.seen":{},"f:kubernetes.io/config.source":{}},"f:labels":{".":{},"f:component":{},"f:tier":{}},"f:ownerReferences":{".":{},"k:{\"uid\":\
"dc793458-540c-4e02-b36e-876927d44eaf\"}":{".":{},"f:apiVersion":{},"f:controller":{},"f:kind":{},"f:name":{},"f:uid":{}}}},"f:spec":{"f:containers":{"k:{\"name\":\"kube-
apiserver\"}":{".":{},"f:command":{},"f:image":{},"f:imagePullPolicy":{},"f:livenessProbe":{".":{},"f:failureThreshold":{},"f:httpGet":{".":{},"f:host":{},"f:path":{},"f:
port":{},"f:scheme":{}},"f:initialDelaySeconds":{},"f:periodSeconds":{},"f:successThreshold":{},"f:timeoutSeconds":{}},"f:name":{},"f:resources":{".":{},"f:requests":{"."
:{},"f:cpu":{}}},"f:terminationMessagePath":{},"f:terminationMessagePolicy":{},"f:volumeMounts":{".":{},"k:{\"mountPath\":\"/etc/ca-certificates\"}":{".":{},"f:mountPath"
:{},"f:name":{},"f:readOnly":{}},"k:{\"mountPath\":\"/etc/kubernetes/pki\"}":{".":{},"f:mountPath":{},"f:name":{},"f:readOnly":{}},"k:{\"mountPath\":\"/etc/ssl/certs\"}":
{".":{},"f:mountPath":{},"f:name":{},"f:readOnly":{}},"k:{\"mountPath\":\"/usr/local/share/ca-certificates\"}":{".":{},"f:mountPath":{},"f:name":{},"f:readOnly":{}},"k:{\
"mountPath\":\"/usr/share/ca-certificates\"}":{".":{},"f:mountPath":{},"f:name":{},"f:readOnly":{}}}}},"f:dnsPolicy":{},"f:enableServiceLinks":{},"f:hostNetwork":{},"f:no
deName":{},"f:priorityClassName":{},"f:restartPolicy":{},"f:schedulerName":{},"f:securityContext":{},"f:terminationGracePeriodSeconds":{},"f:tolerations":{},"f:volumes":{
".":{},"k:{\"name\":\"ca-certs\"}":{".":{},"f:hostPath":{".":{},"f:path":{},"f:type":{}},"f:name":{}},"k:{\"name\":\"etc-ca-certificates\"}":{".":{},"f:hostPath":{".":{},
"f:path":{},"f:type":{}},"f:name":{}},"k:{\"name\":\"k8s-certs\"}":{".":{},"f:hostPath":{".":{},"f:path":{},"f:type":{}},"f:name":{}},"k:{\"name\":\"usr-local-share-ca-ce
rtificates\"}":{".":{},"f:hostPath":{".":{},"f:path":{},"f:type":{}},"f:name":{}},"k:{\"name\":\"usr-share-ca-certificates\"}":{".":{},"f:hostPath":{".":{},"f:path":{},"f
:type":{}},"f:name":{}}}},"f:status":{"f:conditions":{".":{},"k:{\"type\":\"ContainersReady\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:ty
pe":{}},"k:{\"type\":\"Initialized\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"PodScheduled\"}":{".":{},"f:lastPr
obeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Ready\"}":{".":{},"f:lastProbeTime":{},"f:lastTransitionTime":{},"f:status":{},"f:type":{}
}},"f:containerStatuses":{},"f:hostIP":{},"f:phase":{},"f:podIP":{},"f:podIPs":{".":{},"k:{\"ip\":\"172.18.0.3\"}":{".":{},"f:ip":{}}},"f:startTime":{}}}^R�^Q
1
^Hca-certs^R%
#
^N/etc/ssl/certs^R^QDirectoryOrCreate
B
^Setc-ca-certificates^R+