I would like to use the etcdctl functionnalities of my etcd pod from my kurnetes cluster but I can't. I have install my kubernetes from kubeadm and I have 1 master and 1 node.
When I try commands etcdctl from inside of my etcd pod, I get those errors:
client: etcd cluster is unavailable or misconfigured;
error #0:malformed HTTP response "\x15\x03\x01\x00\x02\x02" ;
error #1: dial tcp 127.0.0.1:4001: getsockopt: connection refused
But when I check my etcd pod log, it seems healthy :
ETCDCTL_API=3 etcdctl --endpoints=localhost:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key member list
It looks like you have etcd
listening for client connections on https://127.0.0.1:2379
and you have client certificate authentication enabled as far as i can see. You should then be able to run the following command to connect to etcd
:
ETCDCTL_API=3 etcdctl member list \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key
Basically etcd
expects you to authenticate using a client certificate.
Also, since you're running version 3.x of etcd
you have to tell etcdctl
that by providing the ETCDCTL_API
environment variable.
EDIT:
For reference:
I was using kubeadm
version 1.11.1 which installed version 3.2.18 of etcd
on a server running Ubuntu 18.04 when testing the command above.