在执行命令时:
[root@k8s-master cfssl]# for ip in 192.168.56.104; do ETCDCTL_API=3 /usr/local/bin/etcdctl --endpoints=https://${ip}:2379 --cacert=/etc/etcd/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint health; done {"level":"warn","ts":1647938195.4080267,"logger":"client","caller":"v3/retry_interceptor.go:62", "msg":"retrying of unary invoker failed", "target":"etcd-endpoints://0xc0002d8c40/192.168.56.104:2379","attempt":0, "error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 192.168.56.101, 192.168.56.102, 192.168.56.103, not 192.168.56.104\""} https://192.168.56.104:2379 is unhealthy: failed to commit proposal: context deadline exceeded Error: unhealthy cluster
原因:
k8s现在使用的是etcd v3,必须提供ca、key、cert,否则会出现Error: context deadline exceeded
不加--endpoint参数时,默认访问的127.0.0.1:2379,而使用--endpoint参数时,必须提供ca,key,cert。
注意:使用etcd v3的版本时,需要设置环境变量ETCDCTL_API=3(写入/etc/profile或者.bash_profile文件中)
否则,默认使用的是ETCDCTL_API=3。或者,使用命令式显示声明ETCDCTL_API=3。
Ex:
ETCDCTL_API=3 etcdctl get /registry/namespaces --prefix -w=json|python -m json.tool
但是从命令我们看到,是增加了ca、key、cert等参数的。于是使用不带endpoint验证
[root@k8s-master cfssl]# etcdctl endpoint health 127.0.0.1:2379 is healthy: successfully committed proposal: took = 2.55327ms
发现是正常的。
因为这个证书我们是通过CFSSL生成的。原来在生成证书的时候没有增加上这个 192.168.56.104这个IP。
etcd-csr.json
{ "CN":"etcd", "hosts":[ "127.0.0.1", "192.168.56.101", "192.168.56.102", "192.168.56.103", "192.168.56.104" ], "key":{ "algo":"rsa", "size":2048 }, "names":[ { "C":"CN", "ST":"Zhejiang", "L":"Hangzhou", "O":"k8s", "OU":"system" } ] }
加上之后执行,重新配置下etcd证书和重启ETCD。
[root@k8s-master ~]# for ip in 192.168.56.104; do ETCDCTL_API=3 /usr/local/bin/etcdctl --endpoints=https://${ip}:2379 --cacert=/etc/etcd/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint health; done https://192.168.56.104:2379 is healthy: successfully committed proposal: took = 12.327363ms
文章评论