如果我运行etcdctl它就会挂起。如果我使用,--debug=true我会看到:
root@k8scp:~# kubectl exec -n kube-system -it etcd-k8scp sh
sh-5.1# ETCDCTL_API=3 etcdctl --debug=true endpoint health
{"level":"warn","ts":1643546720.7707205,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc0005681c0/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection closed"}
127.0.0.1:2379 is unhealthy: failed to commit proposal: context deadline exceeded
Error: unhealthy cluster
我知道 etcd 运行良好。
为什么这个命令会失败?
答案1
我通过查看日志找到了解决方案:
root@k8scp:~# kubectl logs -n kube-system etcd-k8scp
{"level":"warn","ts":"2022-01-30T12:45:09.762Z","caller":"embed/config_logging.go:169",
"msg":"rejected connection","remote-addr":"127.0.0.1:36846","server-name":"",
"error":"tls: first record does not look like a TLS handshake"}
服务器需要 TLS,但是的默认端点etcdctl是通过http(不是https)的 localhost。
答案2
我由于 cli 中的空格而遇到了此错误,请参阅下面的区别:
kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
etcdctl endpoint health"
# 127.0.0.1:2379 is unhealthy: failed to commit proposal
# Error: unhealthy cluster
kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key \
etcdctl endpoint health"
# 127.0.0.1:2379 is healthy: successfully committed proposal
# Success
kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3 ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key etcdctl endpoint health"
# 127.0.0.1:2379 is healthy: successfully committed proposal
# Success