Skip to content

Added etcd-certfile and etcd-keyfile options #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hahasheminejad wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added etcd-certfile and etcd-keyfile options #13

hahasheminejad wants to merge 1 commit into from

Conversation

@hahasheminejad
Copy link

@hahasheminejad hahasheminejad commented Sep 25, 2019

I think as etcd is configured to use CA and keys for authentication, we need to provide kube-apiserver with these two files.

Without them, I was getting the following errors after each systemctl reload kube-apiserver

I0925 22:21:51.570292    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:51.575195    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
I0925 22:21:52.575910    2528 client.go:361] parsed scheme: "endpoint"
I0925 22:21:52.577217    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:52.607232    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
W0925 22:21:52.609382    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...

@hahasheminejad
Added etcd-certfile and etcd-keyfile options
8e27086 
I think as etcd is configured to use CA and keys for authentication, we need to provide kube-apiserver with these two files.

Without them, I was getting the following errors after each `systemctl reload kube-apiserver`

```
I0925 22:21:51.570292    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:51.575195    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
I0925 22:21:52.575910    2528 client.go:361] parsed scheme: "endpoint"
I0925 22:21:52.577217    2528 endpoint.go:66] ccResolverWrapper: sending new addresses to cc: [{https://etcd1.example.com:2379 0  <nil>}]
W0925 22:21:52.607232    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...
W0925 22:21:52.609382    2528 clientconn.go:1120] grpc: addrConn.createTransport failed to connect to {https://etcd1.example.com:2379 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: remote error: tls: bad certificate". Reconnecting...

```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hahasheminejad