From 3bcd5157ec517af62e2ee1330efc8ac4e70c36dd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 3 Jun 2026 16:22:42 +0000 Subject: [PATCH] Add k0s distribution support to wrapper script and README --- Readme.md | 2 ++ etcdctl-wrapper.sh | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/Readme.md b/Readme.md index 9347af4..8c795d0 100644 --- a/Readme.md +++ b/Readme.md @@ -23,6 +23,7 @@ Run the debug container on a node that **runs etcd** and has etcd TLS material o |---|---|---| | Vanilla Kubernetes (kubeadm, etc.) | **Control plane** nodes | Worker nodes | | k3s | **Server** nodes | Agent-only nodes | +| k0s | **Controller** nodes | Worker nodes | | HA control plane | Any control plane / server node that runs etcd | — | **Why:** etcd is part of the control plane, not the data plane. It stores cluster state and listens on the node (typically `127.0.0.1:2379`). Worker nodes do not run etcd and do not have `/etc/kubernetes/pki/etcd` (or the k3s equivalent). The image entrypoint reads those certs from the host mount at `/host/...` and connects to local etcd; on a worker, those paths are missing and auto-configuration does not apply. @@ -57,6 +58,7 @@ The entrypoint detects k3s vs vanilla Kubernetes from cert directories under `/h | Distribution | Cert directory on host | cacert | cert | key | |---|---|---|---|---| | k3s | `/host/var/lib/rancher/k3s/server/tls/etcd/` | `server-ca.crt` | `client.crt` | `client.key` | +| k0s | `/host/var/lib/k0s/pki/etcd/` | `ca.crt` | `server.crt` | `server.key` | | vanilla k8s | `/host/etc/kubernetes/pki/etcd/` | `ca.crt` | `server.crt` | `server.key` | If neither directory exists (e.g. you attached to a worker), the wrapper runs `etcdctl` with your arguments only—supply endpoints and TLS flags yourself, and ensure the debug container can reach etcd on the network. diff --git a/etcdctl-wrapper.sh b/etcdctl-wrapper.sh index 4dae258..ee7da44 100644 --- a/etcdctl-wrapper.sh +++ b/etcdctl-wrapper.sh @@ -2,12 +2,17 @@ set -e K3S_CERT_DIR="/host/var/lib/rancher/k3s/server/tls/etcd" +K0S_CERT_DIR="/host/var/lib/k0s/pki/etcd" K8S_CERT_DIR="/host/etc/kubernetes/pki/etcd" if [ -d "$K3S_CERT_DIR" ]; then CACERT="$K3S_CERT_DIR/server-ca.crt" CERT="$K3S_CERT_DIR/client.crt" KEY="$K3S_CERT_DIR/client.key" +elif [ -d "$K0S_CERT_DIR" ]; then + CACERT="$K0S_CERT_DIR/ca.crt" + CERT="$K0S_CERT_DIR/server.crt" + KEY="$K0S_CERT_DIR/server.key" elif [ -d "$K8S_CERT_DIR" ]; then CACERT="$K8S_CERT_DIR/ca.crt" CERT="$K8S_CERT_DIR/server.crt"