Having written: -
And there's more - munging base64 in JSON for etcd
I forgot to mention that base64 isn't the only way to write to / read from etcd ...
The encoding is required where we choose to use the gRPC route to etcd via its REST APIs : -
However, the etcdctl tool does NOT need to use base64 encoding.
Building upon my previous example, where I used the following command: -
jq -r '.[] |= @base64' dave.json > dave_encoded.json
to encode the key and value elements of a JSON document - dave.json - which looks like this: -
"key":"012345",
"value": {
"name":"Dave Hay",
"id":"davehay1969"
}
}
and produce an alternate version - dave_encoded.json - with the base64 encoded elements therein, and then fed etcd using that encoded document: -
curl -X POST --silent --cacert /root/ssl/ca-cert.pem --cert /root/ssl/client-cert.pem --key /root/ssl/client-key.pem https://localhost:2379/v3/kv/put -d @dave_encoded.json | jq
and then use the encoded key - MDEyMzQ1 - to query etcd and pull the data back out: -
curl -X POST --silent --cacert /root/ssl/ca-cert.pem --cert /root/ssl/client-cert.pem --key /root/ssl/client-key.pem https://localhost:2379/v3/kv/range -d '{"key":"MDEyMzQ1"}' | jq -r .kvs[].value | base64 -d | jq
"name": "Dave Hay",
"id": "davehay1969"
}
Well, there is an alternate approach, using etcdctl which is further described here: -
So, given that I know the key ID of 012345 I can quite simply ask etcd to provide the value: -
etcdctl --endpoints=localhost:2379 --cacert="/root/ssl/ca-cert.pem" --cert="/root/ssl/client-cert.pem" --key="/root/ssl/client-key.pem" get 012345 | jq
"name": "Dave Hay",
"id": "davehay1969"
}
which, I think you'll agree, is way simpler.
Bottom line, knowing that the gRPC APIs use base64 is crucial; knowing that etcdctl exists is also rather neat-o.