Hmm, just wondering. Why does Harvester not come with etcdctl? Would be useful to have, particularly on the control plane nodes 😛

Andy's right, but here's a script that defrags etcd:

#!/bin/bash

etcdnode=$(kubectl -n kube-system get pod -l component=etcd --no-headers -o custom-columns=NAME:.metadata.name | head -1)

echo "Getting etcd Status"

kubectl -n kube-system exec -it ${etcdnode} -- etcdctl --endpoints 127.0.0.1:2379 --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key endpoint status --cluster -w table

echo "Defragging the etcd in the current cluster via ${etcdnode}"

kubectl -n kube-system exec -it ${etcdnode} -- etcdctl --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt defrag --cluster

echo "Getting etcd Health"

kubectl -n kube-system exec -it ${etcdnode} -- etcdctl --endpoints 127.0.0.1:2379 --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key endpoint health --cluster -w table

echo "Getting etcd Status"

kubectl -n kube-system exec -it ${etcdnode} -- etcdctl --endpoints 127.0.0.1:2379 --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key endpoint status --cluster -w table

Aha, thank you! That would have been useful though my situation has the Kubernetes API not working so I also can't exec into the pod. Actually, rke2 is not working specifically because it's stuck on an etcd defrag loop 😜 Having etcdctl on the node would have made it very easy for me to recover from the etcd snapshots which rke2 makes automatically https://rancher-users.slack.com/archives/C01GKHKAG0K/p1755151101363379

There's some built in rke2 commands for etcd restores -fyi

Oh rke2 commands? Alright! I was looking at it from the perspective of the CKA. Will look into that, thank you!

/opt/rke2/bin/rke2 etcd-snapshot save

as an example.