k8s安装基础-etcd https://xxx:2379 is unhealthy failed to commit proposal context deadline exceeded

2022年3月22日 2748点热度 0人点赞 0条评论

在执行命令时:

 [root@k8s-master cfssl]# for ip in 192.168.56.104; do ETCDCTL_API=3 /usr/local/bin/etcdctl --endpoints=https://${ip}:2379 
--cacert=/etc/etcd/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint health; done
{"level":"warn","ts":1647938195.4080267,"logger":"client","caller":"v3/retry_interceptor.go:62",
"msg":"retrying of unary invoker failed",
"target":"etcd-endpoints://0xc0002d8c40/192.168.56.104:2379","attempt":0,
"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: 
last connection error: connection error: desc = \"transport: authentication handshake failed: x509: 
certificate is valid for 127.0.0.1, 192.168.56.101, 192.168.56.102, 192.168.56.103, not 192.168.56.104\""}
https://192.168.56.104:2379 is unhealthy: failed to commit proposal: context deadline exceeded
Error: unhealthy cluster

原因:

k8s现在使用的是etcd v3,必须提供ca、key、cert,否则会出现Error: context deadline exceeded

不加--endpoint参数时,默认访问的127.0.0.1:2379,而使用--endpoint参数时,必须提供ca,key,cert。

注意:使用etcd v3的版本时,需要设置环境变量ETCDCTL_API=3(写入/etc/profile或者.bash_profile文件中)

否则,默认使用的是ETCDCTL_API=3。或者,使用命令式显示声明ETCDCTL_API=3。

Ex:

ETCDCTL_API=3 etcdctl get /registry/namespaces --prefix -w=json|python -m json.tool

 

但是从命令我们看到,是增加了ca、key、cert等参数的。于是使用不带endpoint验证

[root@k8s-master cfssl]# etcdctl endpoint health

127.0.0.1:2379 is healthy: successfully committed proposal: took = 2.55327ms

发现是正常的。

因为这个证书我们是通过CFSSL生成的。原来在生成证书的时候没有增加上这个 192.168.56.104这个IP。

etcd-csr.json

{
    "CN":"etcd",
    "hosts":[
        "127.0.0.1",
        "192.168.56.101",
        "192.168.56.102",
        "192.168.56.103",
        "192.168.56.104"
    ],
    "key":{
        "algo":"rsa",
        "size":2048
    },
    "names":[
        {
            "C":"CN",
            "ST":"Zhejiang",
            "L":"Hangzhou",
            "O":"k8s",
            "OU":"system"
        }
    ]
}

加上之后执行,重新配置下etcd证书和重启ETCD。

[root@k8s-master ~]# for ip in 192.168.56.104; do ETCDCTL_API=3 /usr/local/bin/etcdctl 
--endpoints=https://${ip}:2379  --cacert=/etc/etcd/ssl/ca.pem 
--cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint health; done

https://192.168.56.104:2379 is healthy: successfully committed proposal: took = 12.327363ms

 

管理员

这个人很懒,什么都没留下

文章评论