Etcd群集不可用或配置错误;无法验证证书;因为它不包含任何IP SAN

时间:2017-08-23 23:46:16

标签: amazon-web-services proxy kubernetes

所以我正在尝试在Kubernetes集群上创建一个pod。这是我正在创建pod的yml文件。 

kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod2
spec:
  containers:
    - name: task-pv-container2
      image: <<image_name>>

pod在容器创建时挂起。这是kubectl describe pod的输出。 

Events:
  FirstSeen LastSeen    Count   From                    SubObjectPath   Type        Reason      Message
  --------- --------    -----   ----                    -------------   --------    ------      -------
  10s       10s     1   default-scheduler                   Normal      Scheduled   Successfully assigned task-pv-pod2 to ip-10-205-234-170.ec2.internal
  8s        8s      1   kubelet, ip-10-205-234-170.ec2.internal         Warning     FailedSync  Error syncing pod, skipping: failed to "SetupNetwork" for "task-pv-pod2_default" with SetupNetworkError: "NetworkPlugin cni failed to set up pod \"task-pv-pod2_default\" network: client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 10.205.234.170 because it doesn't contain any IP SANs\n; error #1: x509: cannot validate certificate for 10.205.235.160 because it doesn't contain any IP SANs\n; error #2: x509: cannot validate certificate for 10.205.234.162 because it doesn't contain any IP SANs\n"

  7s    6s  2   kubelet, ip-10-205-234-170.ec2.internal     Warning FailedSync  Error syncing pod, skipping: failed to "TeardownNetwork" for "task-pv-pod2_default" with TeardownNetworkError: "NetworkPlugin cni failed to teardown pod \"task-pv-pod2_default\" network: client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 10.205.234.170 because it doesn't contain any IP SANs\n; error #1: x509: cannot validate certificate for 10.205.235.160 because it doesn't contain any IP SANs\n; error #2: x509: cannot validate certificate for 10.205.234.162 because it doesn't contain any IP SANs\n"

有谁知道可能导致这种情况的原因。为了让Kubernetes与aws一起工作,我必须在hyperkube容器中设置一个代理变量。共

1 个答案:

答案 0 :(得分:0)

您的ETCD证书似乎不受您所访问的名称(或IP)的信任。我建议您使用kubectl get cs检查群集运行状况,并根据需要修改k8s与ETCD对话的方式。

相关问题
最新问题