0
我已成立了一個etcd
服務器與下面的命令:etcdctl的'-ca-file'標誌是沒用的?
etcd -name infra0 -initial-advertise-peer-urls http://192.168.99.240:2380 -listen-peer-urls http://192.168.99.240:2380 -listen-client-urls https://192.168.99.240:2379,https://127.0.0.1:2379 -advertise-client-urls https://192.168.99.240:2379 -initial-cluster-token etcd-cluster-1 -initial-cluster infra0=http://192.168.99.240:2380 -initial-cluster-state new -client-cert-auth -trusted-ca-file=/home/docker/ssl/ca.crt -cert-file=/home/docker/ssl/server.crt -key-file=/home/docker/ssl/server.key
而且我可以從它與curl
獲取數據:
curl --cacert /home/kubernetes/ssl/server.crt --cert /home/kubernetes/ssl/ca.crt --key /home/kubernetes/ssl/ca.key -L https://192.168.99.240:2379/v2/keys/coreos.com/network/config -XGET
上面的命令返回:
{"action":"get","node":{"key":"/coreos.com/network/config","value":"{\"Network\":\"10.0.0.0/8\"}","modifiedIndex":10,"createdIndex":10}}
但是當我使用etcdctl
:
etcdctl --peers=https://192.168.99.240:2379 --ca-file=/home/kubernetes/ssl/server.crt --cert-file=/home/kubernetes/ssl/ca.crt --key-file=/home/kubernetes/ssl/ca.key ls
它返回:
Error: client: etcd cluster is unavailable or misconfigured
error #0: x509: cannot validate certificate for 192.168.99.240 because it doesn't contain any IP SANs
我認爲這是因爲證書的驗證失敗,那麼爲什麼的etcdctl
的--ca-file
標誌生效?或者我的命令有問題嗎?
我使用的ETCD版本是:
etcdctl --version
etcdctl version 2.2.1