k8s-path-check.sh¶
File:
ex_blog/k8s-path-check.sh
#!/bin/bash
# k8s-path-check.sh
# Checks expected K8s paths exist AND cross-references against what processes actually read
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
GREY='\033[0;90m'
NC='\033[0m'
ok() { echo -e "${GREEN}[OK]${NC} $1"; }
fail() { echo -e "${RED}[MISS]${NC} $1"; }
info() { echo -e "${YELLOW}[INFO]${NC} $1"; }
sep() { echo -e "${GREY}───────────────────────────────────────────${NC}"; }
echo ""
echo "K8s Path Checker"
sep
# ── 1. STATIC PATHS — do they exist? ──────────────────────────────────────────
echo ""
info "Static path existence"
sep
PATHS=(
"/etc/kubernetes/manifests"
"/etc/kubernetes/pki"
"/etc/kubernetes/admin.conf"
"/etc/kubernetes/kubelet.conf"
"/etc/kubernetes/scheduler.conf"
"/etc/kubernetes/controller-manager.conf"
"/var/lib/kubelet/config.yaml"
"/var/lib/etcd"
"/etc/cni/net.d"
"/opt/cni/bin"
"/run/containerd/containerd.sock"
"/var/lib/containerd"
"/var/log/pods"
"$HOME/.kube/config"
)
for path in "${PATHS[@]}"; do
if [ -e "$path" ]; then
ok "$path"
else
fail "$path"
fi
done
# ── 2. CROSS-CHECK: what is kubelet actually reading? ─────────────────────────
echo ""
info "Kubelet process — actual flags"
sep
KUBELET_CMD=$(ps aux | grep '[k]ubelet' | awk '{for(i=11;i<=NF;i++) printf $i" "; print ""}')
if [ -z "$KUBELET_CMD" ]; then
fail "kubelet process not found"
else
# extract key flags
CONFIG=$(echo "$KUBELET_CMD" | grep -oP '(?<=--config=)\S+')
KUBECONFIG=$(echo "$KUBELET_CMD" | grep -oP '(?<=--kubeconfig=)\S+')
RUNTIME=$(echo "$KUBELET_CMD" | grep -oP '(?<=--container-runtime-endpoint=)\S+')
[ -n "$CONFIG" ] && ok "kubelet --config=$CONFIG" \
&& [ -f "$CONFIG" ] \
&& echo -e " ${GREY}↳ file exists${NC}" \
|| echo -e " ${RED}↳ FILE MISSING${NC}"
[ -n "$KUBECONFIG" ] && ok "kubelet --kubeconfig=$KUBECONFIG" \
&& [ -f "$KUBECONFIG" ] \
&& echo -e " ${GREY}↳ file exists${NC}" \
|| echo -e " ${RED}↳ FILE MISSING${NC}"
[ -n "$RUNTIME" ] && ok "kubelet --container-runtime-endpoint=$RUNTIME"
fi
# ── 3. CROSS-CHECK: kube-apiserver manifest flags ────────────────────────────
echo ""
info "kube-apiserver manifest — cert paths"
sep
APISERVER_MANIFEST="/etc/kubernetes/manifests/kube-apiserver.yaml"
if [ -f "$APISERVER_MANIFEST" ]; then
grep -E '\-\-(tls-cert|tls-private|client-ca|etcd-ca|etcd-cert|etcd-key|kubelet-client-cert|kubelet-client-key)' \
"$APISERVER_MANIFEST" | while read -r line; do
path=$(echo "$line" | grep -oP '(?<==)/\S+')
flag=$(echo "$line" | grep -oP '\-\-\S+(?==)')
if [ -n "$path" ]; then
if [ -f "$path" ]; then
ok "$flag=$path"
else
fail "$flag=$path ← FILE MISSING"
fi
fi
done
else
fail "$APISERVER_MANIFEST not found"
fi
# ── 4. CROSS-CHECK: etcd manifest data-dir ───────────────────────────────────
echo ""
info "etcd manifest — data dir"
sep
ETCD_MANIFEST="/etc/kubernetes/manifests/etcd.yaml"
if [ -f "$ETCD_MANIFEST" ]; then
ETCD_DATA=$(grep -oP '(?<=--data-dir=)\S+' "$ETCD_MANIFEST")
if [ -n "$ETCD_DATA" ]; then
if [ -d "$ETCD_DATA" ]; then
ok "etcd --data-dir=$ETCD_DATA"
else
fail "etcd --data-dir=$ETCD_DATA ← DIR MISSING"
fi
fi
else
fail "$ETCD_MANIFEST not found"
fi
# ── 5. CROSS-CHECK: containerd socket ────────────────────────────────────────
echo ""
info "containerd — socket"
sep
CONTAINERD_CMD=$(ps aux | grep '[c]ontainerd' | grep -v shim | awk '{for(i=11;i<=NF;i++) printf $i" "; print ""}')
if [ -z "$CONTAINERD_CMD" ]; then
fail "containerd process not found"
else
SOCK=$(echo "$CONTAINERD_CMD" | grep -oP '(?<=--address=)\S+')
if [ -n "$SOCK" ]; then
[ -S "$SOCK" ] && ok "containerd --address=$SOCK" || fail "containerd --address=$SOCK ← SOCKET MISSING"
else
# default socket
[ -S "/run/containerd/containerd.sock" ] \
&& ok "containerd socket at default /run/containerd/containerd.sock" \
|| fail "containerd socket not found"
fi
fi
# ── 6. kubeconfig server address ─────────────────────────────────────────────
echo ""
info "~/.kube/config — server address"
sep
KUBECONFIG_FILE="$HOME/.kube/config"
if [ -f "$KUBECONFIG_FILE" ]; then
SERVER=$(grep 'server:' "$KUBECONFIG_FILE" | awk '{print $2}')
info "server: $SERVER"
# extract port
PORT=$(echo "$SERVER" | grep -oP '(?<=:)\d+$')
if [ "$PORT" -ge 1 ] && [ "$PORT" -le 65535 ] 2>/dev/null; then
ok "port $PORT is valid"
else
fail "port '$PORT' looks wrong — typo?"
fi
else
fail "$KUBECONFIG_FILE not found"
fi
echo ""
sep
echo "done"
echo ""