Code Monkey home page Code Monkey logo

Comments (9)

ringtail avatar ringtail commented on August 19, 2024

@sealandsigh 一般etcd的admin client证书只会在master上面存在

# nodeSelector:
# node-role.kubernetes.io/master: ''
# tolerations:
# - key: node-role.kubernetes.io/master
# operator: Exists

这段代码的作用是容忍taint,然后部署在master上。

from lucas.

sealandsigh avatar sealandsigh commented on August 19, 2024

env:

  • name: CA_FILE
    value: /etc/kubernetes/pki/etcd/ca.pem
  • name: CERT_FILE
    value: /etc/kubernetes/pki/etcd/etcd.pem
  • name: KEY_FILE
    value: /etc/kubernetes/pki/etcd/etcd-key.pem
  • name: ENDPOINTS
    value: "https://etcd-leader-ip:2379"
    volumeMounts:
  • mountPath: /etc/kubernetes/pki/etcd
    name: etcd-certs-0
    readOnly: true
    volumes:
  • hostPath:
    path: /opt/etcd-v3.3.10-linux-amd64
    type: DirectoryOrCreate
    name: etcd-certs-0
    type: DirectoryOrCreate
    name: etcd-certs-0
    @ringtail 感谢大佬回复,昨天一忙忘记回复了,我了解这段哈,因为证书没在master上,所以我注释了,上面这段我理解挂载目录是为了挂载证书吧,我把证书放到path: /opt/etcd-v3.3.10-linux-amd64 这个下面了,然后不是挂载到了/etc/kubernetes/pki/etcd 这个目录么,和环境变量设置的路径一致,并且我的证书名称检查也是正确的,并且我也验证过这个证书可用,通过docker方式是可以使用的,所以有点疑惑了额。。。

from lucas.

ringtail avatar ringtail commented on August 19, 2024

@sealandsigh 另外etcd-leader-ip在Pod中是可以解析的吗,这个麻烦验证下?另外我也捕获下这个panic,更好的提示报错。

from lucas.

sealandsigh avatar sealandsigh commented on August 19, 2024

@ringtail 登录进pod ping了一下etcd-leader-ip,是可以ping通的,并且这里其实就是ip地址哈

from lucas.

ringtail avatar ringtail commented on August 19, 2024

@sealandsigh 如果按照报错的位置来看,应该就是从etcd获取key的时候没回来,重点检查下证书在Pod中是否存在,以及下发的Yaml是否存在格式问题,导致某些字段没有被解析

from lucas.

huangjiasingle avatar huangjiasingle commented on August 19, 2024

@sealandsigh 这段代码有问题导致了panic:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
	cfgtls := &transport.TLSInfo{}
	cfgtls.CAFile = ca
	cfgtls.KeyFile = key
	cfgtls.CertFile = cert
	clientTLS, err := cfgtls.ClientConfig()
	//add default InsecureSkipVerify
	clientTLS.InsecureSkipVerify = true
	if err != nil {
		return nil, err
	}
	return clientTLS, nil
}

应该先判断错误,在进行 true的赋值:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
	cfgtls := &transport.TLSInfo{}
	cfgtls.CAFile = ca
	cfgtls.KeyFile = key
	cfgtls.CertFile = cert
	clientTLS, err := cfgtls.ClientConfig()
	if err != nil {
		return nil, err
	}
	//add default InsecureSkipVerify
        clientTLS.InsecureSkipVerify = true
	return clientTLS, nil
}

这样就能避免panic的出现.

from lucas.

sealandsigh avatar sealandsigh commented on August 19, 2024

@sealandsigh 这段代码有问题导致了panic:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
	cfgtls := &transport.TLSInfo{}
	cfgtls.CAFile = ca
	cfgtls.KeyFile = key
	cfgtls.CertFile = cert
	clientTLS, err := cfgtls.ClientConfig()
	//add default InsecureSkipVerify
	clientTLS.InsecureSkipVerify = true
	if err != nil {
		return nil, err
	}
	return clientTLS, nil
}

应该先判断错误,在进行 true的赋值:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
	cfgtls := &transport.TLSInfo{}
	cfgtls.CAFile = ca
	cfgtls.KeyFile = key
	cfgtls.CertFile = cert
	clientTLS, err := cfgtls.ClientConfig()
	if err != nil {
		return nil, err
	}
	//add default InsecureSkipVerify
        clientTLS.InsecureSkipVerify = true
	return clientTLS, nil
}

这样就能避免panic的出现.

@huangjiasingle 我只是简单使用了下哈,这个得owner @ringtail 看看了,之前有事最后也没再查了,理论上能创建yaml格式肯定没问题,也挂载了证书额。

from lucas.

ringtail avatar ringtail commented on August 19, 2024

麻烦提交一个PR,我尽快合并

from lucas.

huangjiasingle avatar huangjiasingle commented on August 19, 2024

@ringtail 好的.

from lucas.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.