Added etcd-certfile and etcd-keyfile options #13

hahasheminejad · 2019-09-25T12:23:09Z

I think as etcd is configured to use CA and keys for authentication, we need to provide kube-apiserver with these two files.

Without them, I was getting the following errors after each systemctl reload kube-apiserver

I0925 22:21:51.570292    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:51.575195    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
I0925 22:21:52.575910    2528 client.go:361] parsed scheme: "endpoint"
I0925 22:21:52.577217    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:52.607232    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
W0925 22:21:52.609382    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...

I think as etcd is configured to use CA and keys for authentication, we need to provide kube-apiserver with these two files. Without them, I was getting the following errors after each `systemctl reload kube-apiserver` ``` I0925 22:21:51.570292 2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0 <nil>}] W0925 22:21:51.575195 2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting... I0925 22:21:52.575910 2528 client.go:361] parsed scheme: "endpoint" I0925 22:21:52.577217 2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0 <nil>}] W0925 22:21:52.607232 2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting... W0925 22:21:52.609382 2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting... ```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added etcd-certfile and etcd-keyfile options #13

Added etcd-certfile and etcd-keyfile options #13

hahasheminejad commented Sep 25, 2019

Added etcd-certfile and etcd-keyfile options #13

Are you sure you want to change the base?

Added etcd-certfile and etcd-keyfile options #13

Conversation

hahasheminejad commented Sep 25, 2019