在遵循(https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/)对于HA外部ETCD的官方指导之后,我试图检查etcd集群的运行状况,但是,它抛出了一些我要解决的错误。请帮忙。
用于检查etcd集群运行状况是否引发错误的命令:
docker run --rm -it \
--net host \
-v /etc/kubernetes:/etc/kubernetes k8s.gcr.io/etcd:3.4.3-0 etcdctl \
--cert /etc/kubernetes/pki/etcd/peer.crt \
--key /etc/kubernetes/pki/etcd/peer.key \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--endpoints https://${HOST0}:2379 endpoint health --cluster
三个裸机主机,全部启用了ufw,并在整个主机上允许2379和2380端口。
错误:
Error: failed to fetch endpoints from etcd cluster member list: context deadline exceeded ```
**etcd docker image**:
``` k8s.gcr.io/etcd 3.4.3-0 303ce5db0e90 9 months ago 288MB ````
答案 0 :(得分:0)
Context deadline exceeded是grpc客户端无法建立连接时返回的不清楚的错误。您可以设置ETCDCTL_API=2,然后获得正确的错误消息。
另外,您可以在etcd中更改一些代码以调试此错误。
参见#10087
当我应用正确的证书/密钥对时,您可以解决此问题。
假设您正在使用kubeadm加速群集,则该文件夹下应该有几个证书/密钥对:
# ls -l /etc/kubernetes/pki/etcd/
total 32
-rw-r--r-- 1 root root 1017 Nov 12 15:32 ca.crt
-rw------- 1 root root 1679 Nov 12 15:32 ca.key
-rw-r--r-- 1 root root 1094 Nov 12 15:32 healthcheck-client.crt
-rw------- 1 root root 1675 Nov 12 15:32 healthcheck-client.key
-rw-r--r-- 1 root root 1180 Nov 12 15:32 peer.crt
-rw------- 1 root root 1675 Nov 12 15:32 peer.key
-rw-r--r-- 1 root root 1180 Nov 12 15:32 server.crt
-rw------- 1 root root 1679 Nov 12 15:32 server.key
# etcdctl --version
etcdctl version: 3.3.1
API version: 2
# ETCDCTL_API=3 etcdctl snapshot save snapshot.db \
--cacert /etc/kubernetes/pki/etcd/ca.crt \
--cert /etc/kubernetes/pki/etcd/server.crt \
--key /etc/kubernetes/pki/etcd/server.key
Snapshot saved at snapshot.db
# ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshot.db
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| b9d500f7 | 72966 | 1194 | 4.9 MB |
您也可以尝试遵循此说明error-context-deadline-exceeded-accessing。