You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having the following issues with Etcd certificate generated by Tack (cfssl).
make all fails on ❤ Curling apiserver external elb.
Cluster was started with Etcd version 3.2.9 which reports the following errors:
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.378578 I | etcdmain: etcd Version: 3.2.9
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.378592 I | etcdmain: Git SHA: f1d7dd8
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.378602 I | etcdmain: Go Version: go1.8.4
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.378611 I | etcdmain: Go OS/Arch: linux/amd64
...
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.378724 I | embed: peerTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = false
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.471926 I | embed: ClientTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = true
...
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.618877 I | etcdmain: rejected connection from "10.0.10.11:54576" (remote error: tls: bad certificate)
Jan 15 12:22:39 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1053]: 2018-01-15 12:22:39.628363 I | etcdmain: rejected connection from "10.0.10.12:50336" (remote error: tls: bad certificate)
After enforcing the Etcd latest version by adding the ETCD_IMAGE_TAG environment variable to modules/etcd/cloud-config.yml and modules/worker/cloud-config.yml:
Environment="ETCD_IMAGE_TAG=v3.3"
The error message changed slightly:
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.256196 I | etcdmain: etcd Version: 3.3.0-rc.2
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.256208 I | etcdmain: Git SHA: 9e079d8f0
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.256217 I | etcdmain: Go Version: go1.9.2
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.256225 I | etcdmain: Go OS/Arch: linux/amd64
...
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.256335 I | embed: peerTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = false, crl-file =
Jan 15 12:05:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:10.340613 I | embed: ClientTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = true, crl-file =
...
Jan 15 12:05:12 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:12.656516 I | embed: rejected connection from "10.0.10.11:42408" (error "remote error: tls: bad certificate", ServerName "test.kz8s")
Jan 15 12:05:12 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1045]: 2018-01-15 12:05:12.664169 I | embed: rejected connection from "10.0.10.12:51198" (error "remote error: tls: bad certificate", ServerName "test.kz8s")
but the problem persists :(
Etcd version 3.1.11 (ETCD_IMAGE_TAG=v3.1.11) is working fine and cluster is started successfully.
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.529288 I | etcdmain: etcd Version: 3.1.11
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.529299 I | etcdmain: Git SHA: 960f460
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.529307 I | etcdmain: Go Version: go1.8.5
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.529315 I | etcdmain: Go OS/Arch: linux/amd64
...
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.529389 I | embed: peerTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = false
Jan 15 11:40:05 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:05.617281 I | embed: ClientTLS: cert = /etc/ssl/certs/k8s-etcd.pem, key = /etc/ssl/certs/k8s-etcd-key.pem, ca = , trusted-ca = /etc/ssl/certs/ca.pem, client-cert-auth = true
...
Jan 15 11:40:10 ip-10-0-10-10.us-west-2.compute.internal etcd-wrapper[1074]: 2018-01-15 11:40:10.339317 I | embed: ready to serve client requests
Hi,
I'm having the following issues with Etcd certificate generated by Tack (cfssl).
make all
fails on ❤ Curling apiserver external elb.Cluster was started with Etcd version 3.2.9 which reports the following errors:
After enforcing the Etcd latest version by adding the ETCD_IMAGE_TAG environment variable to
modules/etcd/cloud-config.yml
andmodules/worker/cloud-config.yml
:Environment="ETCD_IMAGE_TAG=v3.3"
The error message changed slightly:
but the problem persists :(
Etcd version 3.1.11 (
ETCD_IMAGE_TAG=v3.1.11
) is working fine and cluster is started successfully.Versions used:
and Tack 10bc698.
Thanks for checking this issue.
The text was updated successfully, but these errors were encountered: