ETCD kubeadm getsockopt: connection refused

7/30/2018

I would like to use the etcdctl functionnalities of my etcd pod from my kurnetes cluster but I can't. I have install my kubernetes from kubeadm and I have 1 master and 1 node.

When I try commands etcdctl from inside of my etcd pod, I get those errors:

client: etcd cluster is unavailable or misconfigured;
error #0:malformed HTTP response "\x15\x03\x01\x00\x02\x02" ;
error #1: dial tcp 127.0.0.1:4001: getsockopt: connection refused

But when I check my etcd pod log, it seems healthy :

enter image description here

-- Yummel
etcd
kubeadm
kubernetes

2 Answers

8/3/2018

ETCDCTL_API=3 etcdctl --endpoints=localhost:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key=/etc/kubernetes/pki/etcd/healthcheck-client.key member list

-- Yummel
Source: StackOverflow

8/1/2018

It looks like you have etcd listening for client connections on https://127.0.0.1:2379 and you have client certificate authentication enabled as far as i can see. You should then be able to run the following command to connect to etcd:

ETCDCTL_API=3 etcdctl member list \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

Basically etcd expects you to authenticate using a client certificate.

Also, since you're running version 3.x of etcd you have to tell etcdctl that by providing the ETCDCTL_API environment variable.

EDIT:

For reference:

I was using kubeadm version 1.11.1 which installed version 3.2.18 of etcd on a server running Ubuntu 18.04 when testing the command above.

-- mikejoh
Source: StackOverflow