{"slug": "k3s-etcd-commands", "title": "k3s etcd commands", "summary": "This article provides instructions for setting up and using `etcdctl` commands with a k3s cluster that uses embedded etcd. It details how to download the correct etcd binary version, configure TLS certificates for authentication, and run administrative commands such as checking performance, endpoint status, health, alarms, compaction, defragmentation, and key retrieval. The article also notes that the etcd metrics HTTP port changed to 2382 starting from specific k3s versions.", "body_md": "Setup etcdctl using the instructions at https://github.com/etcd-io/etcd/releases/tag/v3.4.13 (changed path to /usr/local/bin\n):\nNote: if you want to match th etcdctl binaries with the embedded k3s etcd version, please run the curl command for getting the version first and adjust ETCD_VER\nbelow accordingly:\ncurl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version\nETCD_VER=v3.4.13\n# choose either URL\nGOOGLE_URL=https://storage.googleapis.com/etcd\nGITHUB_URL=https://github.com/etcd-io/etcd/releases/download\nDOWNLOAD_URL=${GOOGLE_URL}\nrm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz\nrm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test\ncurl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz\ntar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /usr/local/bin --strip-components=1\nrm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz\netcd --version\netcdctl version\netcdctl check perf\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl check perf\netcdctl endpoint status\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl endpoint status --cluster --write-out=table\netcdctl endpoint health\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl endpoint health --cluster --write-out=table\netcdctl alarm list\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl alarm list\netcdctl compact\nrev=$(ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl endpoint status --write-out fields | grep Revision | cut -d: -f2)\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl compact $rev\netcdctl defrag\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl defrag --cluster\netcdctl get\nETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl get / --prefix --keys-only\n- curl metrics\nNOTE Since the following k3s versions, the HTTP port moved to 2382 (the example below uses port 2379):\n- v1.25.15+k3s1\n- v1.26.10+k3s1\n- v1.27.7+k3s1\n- v1.28.3+k3s1\n- v1.29.0+k3s1\ncurl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/metrics\n- curl version\nNOTE Since the following k3s versions, the HTTP port moved to 2382 (the example below uses port 2379):\n- v1.25.15+k3s1\n- v1.26.10+k3s1\n- v1.27.7+k3s1\n- v1.28.3+k3s1\n- v1.29.0+k3s1\ncurl -L --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/k3s/server/tls/etcd/server-client.crt --key /var/lib/rancher/k3s/server/tls/etcd/server-client.key https://127.0.0.1:2379/version\n- export all environment variables (thanks to @clementnuss)\nexport ETCDCTL_ENDPOINTS='https://127.0.0.1:2379'\nexport ETCDCTL_CACERT='/var/lib/rancher/k3s/server/tls/etcd/server-ca.crt'\nexport ETCDCTL_CERT='/var/lib/rancher/k3s/server/tls/etcd/server-client.crt'\nexport ETCDCTL_KEY='/var/lib/rancher/k3s/server/tls/etcd/server-client.key'\nexport ETCDCTL_API=3", "url": "https://wpnews.pro/news/k3s-etcd-commands", "canonical_source": "https://gist.github.com/superseb/0c06164eef5a097c66e810fe91a9d408", "published_at": "2020-10-27 08:48:23+00:00", "updated_at": "2026-05-22 15:43:25.849660+00:00", "lang": "en", "topics": ["developer-tools", "cloud-computing", "open-source"], "entities": ["k3s", "etcd", "etcdctl", "Rancher", "Google", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/k3s-etcd-commands", "markdown": "https://wpnews.pro/news/k3s-etcd-commands.md", "text": "https://wpnews.pro/news/k3s-etcd-commands.txt", "jsonld": "https://wpnews.pro/news/k3s-etcd-commands.jsonld"}}