'Can't connect to etcd via etcdctl
I have deployed etcd server(3.5.0) as a container on Kubernetes and am able to access the /version and /metrics endpoints via the fqdn in HttpProxy on my local machine as below:
https://etcd.apps.domain.net/version
https://etcd.apps.domain.net/metrics
I am on windows platform. I am using etcdctl (3.5.0) which I have downloaded from here: https://github.com/etcd-io/etcd/releases/tag/v3.5.0 , to connect to the server as below:
etcdctl.exe --endpoints=https://etcd.apps.domain.net:443 endpoint health
But the client is not able to connect to the server and gives the below error:
{"level":"warn","ts":1650617630.997635,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00072c380/#initially=[https://etcd.apps.domain.net:443]","attempt":0,"error":"rpc error: code = Unavailable desc = error reading from server: EOF"}
{"level":"warn","ts":1650617632.298635,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00072c380/#initially=[https://etcd.apps.domain.net:443]","attempt":1,"error":"rpc error: code = Unavailable desc = error reading from server: EOF"}
{"level":"warn","ts":1650617633.598635,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00072c380/#initially=[https://etcd.apps.domain.net:443]","attempt":2,"error":"rpc error: code = Unavailable desc = error reading from server: EOF"}
{"level":"warn","ts":1650617634.607135,"logger":"client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00072c380/#initially=[https://etcd.apps.domain.net:443]","attempt":3,"error":"rpc error: code = DeadlineExceeded desc = context deadline exceeded"}
https://etcd.apps.domain.net:443 is unhealthy: failed to commit proposal: context deadline exceeded
Error: unhealthy cluster
Now I know the cluster is not unhealthy because I can access the version endpoint on my local machine : https://etcd.apps.domain.net/version. The output is:
{"etcdserver":"3.5.0","etcdcluster":"3.5.0"}
My kube deployment file is as below:
apiVersion: apps/v1
kind: Deployment
metadata:
name: etcd
labels:
app: etcd
spec:
replicas: 1
selector:
matchLabels:
app: etcd
template:
metadata:
labels:
app: etcd
spec:
securityContext:
runAsUser: 999
fsGroup: 999
containers:
- name: etcd
image: <image path>
imagePullPolicy: Always
resources:
limits:
ephemeral-storage: 1000Mi
requests:
ephemeral-storage: 1000Mi
ports:
- containerPort: 2379
---
apiVersion: v1
kind: Service
metadata:
name: etcd
labels:
app: etcd
spec:
ports:
- name: https
port: 2379
targetPort: 2379
protocol: TCP
selector:
app: etcd
---
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: etcd
spec:
virtualhost:
fqdn: etcd.apps.domain.net
tls:
secretName: ingress-contour/ingress-contour-default-ssl-cert
routes:
- conditions:
- prefix: /
services:
- name: etcd
port: 2379
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: etcd.allow-ingress
spec:
podSelector:
matchLabels:
app: etcd
ingress:
- from:
- namespaceSelector:
matchLabels:
namespace: ingress-contour
ports:
- protocol: TCP
port: 2379
My docker image for etcd :
FROM artifactory/lrh:8.4-202109
RUN mkdir -p /app
RUN chown -R 999:999 /app
COPY tar /usr/bin/
COPY etcd-v3.5.0-linux-amd64.tar.gz /app/
RUN yum -y install gzip
RUN tar -xf /app/etcd-v3.5.0-linux-amd64.tar.gz -C /app --strip 1
ENV ETCD_DATA_DIR=/app
EXPOSE 2379
ENTRYPOINT ["/app/etcd", "-advertise-client-urls", "https://etcd.apps.domain.net:2379", "-listen-client-urls", "http://0.0.0.0:2379"]
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|