【发布时间】:2015-11-25 16:32:59
【问题描述】:
我已经使用以下命令设置了etcd 服务器:
etcd -name infra0 -initial-advertise-peer-urls http://192.168.99.240:2380 -listen-peer-urls http://192.168.99.240:2380 -listen-client-urls https://192.168.99.240:2379,https://127.0.0.1:2379 -advertise-client-urls https://192.168.99.240:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra0=http://192.168.99.240:2380 -initial-cluster-state new -client-cert-auth -trusted-ca-file=/home/docker/ssl/ca.crt -cert-file=/home/docker/ssl/server.crt -key-file=/home/docker/ssl/server.key
我可以使用curl从中获取数据:
curl --cacert /home/kubernetes/ssl/server.crt --cert /home/kubernetes/ssl/ca.crt --key /home/kubernetes/ssl/ca.key -L https://192.168.99.240:2379/v2/keys/coreos.com/network/config -XGET
上面的命令返回:
{"action":"get","node":{"key":"/coreos.com/network/config","value":"{\"Network\":\"10.0.0.0/8\"}","modifiedIndex":10,"createdIndex":10}}
但是当我使用etcdctl:
etcdctl --peers=https://192.168.99.240:2379 --ca-file=/home/kubernetes/ssl/server.crt --cert-file=/home/kubernetes/ssl/ca.crt --key-file=/home/kubernetes/ssl/ca.key ls
返回:
Error: client: etcd cluster is unavailable or misconfigured
error #0: x509: cannot validate certificate for 192.168.99.240 because it doesn't contain any IP SANs
我还以为是证书验证失败,那为什么etcdctl的--ca-file标志会生效呢?还是我的命令有问题?
我使用的etcd版本是:
etcdctl --version
etcdctl version 2.2.1
【问题讨论】:
标签: etcd