etcdctl 端点健康 --> 不健康?

etcdctl 端点健康 --> 不健康?

如果我运行etcdctl它就会挂起。如果我使用,--debug=true我会看到:

root@k8scp:~# kubectl exec -n kube-system -it etcd-k8scp sh


sh-5.1# ETCDCTL_API=3 etcdctl --debug=true endpoint health

{"level":"warn","ts":1643546720.7707205,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc0005681c0/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection closed"}
127.0.0.1:2379 is unhealthy: failed to commit proposal: context deadline exceeded
Error: unhealthy cluster

我知道 etcd 运行良好。

为什么这个命令会失败?

答案1

我通过查看日志找到了解决方案:

root@k8scp:~# kubectl logs -n kube-system etcd-k8scp 

{"level":"warn","ts":"2022-01-30T12:45:09.762Z","caller":"embed/config_logging.go:169",
"msg":"rejected connection","remote-addr":"127.0.0.1:36846","server-name":"",
"error":"tls: first record does not look like a TLS handshake"}

服务器需要 TLS,但是的默认端点etcdctl是通过http(不是https)的 localhost。

答案2

我由于 cli 中的空格而遇到了此错误,请参阅下面的区别:

kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key
etcdctl endpoint health"
# 127.0.0.1:2379 is unhealthy: failed to commit proposal
# Error: unhealthy cluster

kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key \
etcdctl endpoint health"
# 127.0.0.1:2379 is healthy: successfully committed proposal
# Success

kubectl -nkube-system exec -it etcd-k8s-cp -- sh -c "ETCDCTL_API=3 ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt ETCDCTL_CERT=/etc/kubernetes/pki/etcd/server.crt ETCDCTL_KEY=/etc/kubernetes/pki/etcd/server.key etcdctl endpoint health"
# 127.0.0.1:2379 is healthy: successfully committed proposal
# Success

相关内容