kubectl plugin

[kvaps]

It would be nice to develop plugin to simplify etcd maintenance using kubectl, eg.:

kubectl etcdctl -n default svc/etcd member list
kubectl etcdctl -n default etcdcluster/etcd member list

kubectl etcdctl -n default pod/etcd-0 snapshot backup.db

should take into spec of this pod,

1. check if it has --client-cert-auth and --cert-file, --key-file specified:

   args:
   - --cert-file=/etc/etcd/pki/server/cert/tls.crt
   - --key-file=/etc/etcd/pki/server/cert/tls.key

2. check volumeMounts contains paths of these files

    volumeMounts:
    - mountPath: /etc/etcd/pki/client/ca
      name: client-trusted-ca-certificate

3. Find the volume:

  - name: client-trusted-ca-certificate
    secret:
      defaultMode: 420
      secretName: etcd-ca-tls

4. Download tls.crt and tls.key from a secret

5. Generate temporary client certificate out of CA

6. Enable port-forward to this pod or service

7. Create dynamic etcd client with correct endpoint and certificates

   etcdctl member list --endpoints=https://etcd-0.etcd-headless.tenant-leotolstoi.svc:2379 --cacert=/etc/etcd/tls/ca.crt  --cert=/etc/etcd/tls/tls.crt --key=/etc/etcd/tls/tls.key

Provide basic comands to maintain etcd:

Available Commands:
  alarm              Manage etcd alarms
  defrag             Defragment etcd database on the node
  forfeit-leadership Tell node to forfeit etcd cluster leadership
  leave              Tell nodes to leave etcd cluster
  members            Get the list of etcd cluster members
  remove-member      Remove the node from etcd cluster
  snapshot           Stream snapshot of the etcd node to the path.
  status             Get the status of etcd cluster member

[kvaps]

Some logic can be borrowed from talosctl (be aware MPL license is not compatible with Apache2) https://github.com/siderolabs/talos/blob/b86edc6776f77a65d3a254cf0f0d713ce7a9145e/cmd/talosctl/cmd/talos/etcd.go#L1

Or we can sub-license whole plugin under MPL