我想在我的kubeadm setup kubernetes集群v1.26.1中添加如下TLS配置:
- --tls-min-version=VersionTLS13
- --tls-cipher-suites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
上面的配置在/etc/kubernetes/manifests/kube-apiserver.yaml文件中可以正常工作,但在/etc/kubernetes/manifests/etcd.yaml文件中不能正常工作,我在/var/log/pods/XXXX/etcd/X. log文件(/var/log/pods/kube-system_etcd-controlplane_542bf089335d7d542bd57ce0fc767a27/etcd/9.log)中的日志文件中得到以下错误:
2023-05-14T05:35:53.046461574Z stderr F flag provided but not defined: -tls-min-version
2023-05-14T05:35:53.04660994Z stderr F Usage:
2023-05-14T05:35:53.046636201Z stderr F
2023-05-14T05:35:53.046663998Z stderr F etcd [flags]
2023-05-14T05:35:53.046686594Z stderr F Start an etcd server.
2023-05-14T05:35:53.046700948Z stderr F
2023-05-14T05:35:53.046709639Z stderr F etcd --version
2023-05-14T05:35:53.046717521Z stderr F Show the version of etcd.
2023-05-14T05:35:53.04672437Z stderr F
2023-05-14T05:35:53.046731627Z stderr F etcd -h | --help
2023-05-14T05:35:53.046738678Z stderr F Show the help information about etcd.
2023-05-14T05:35:53.046757474Z stderr F
2023-05-14T05:35:53.046766886Z stderr F etcd --config-file
2023-05-14T05:35:53.046774551Z stderr F Path to the server configuration file. Note that if a configuration file is provided, other command line flags and environment variables will be ignored.
2023-05-14T05:35:53.0467848Z stderr F
2023-05-14T05:35:53.046791709Z stderr F etcd gateway
2023-05-14T05:35:53.046813103Z stderr F Run the stateless pass-through etcd TCP connection forwarding proxy.
2023-05-14T05:35:53.046831676Z stderr F
2023-05-14T05:35:53.046839404Z stderr F etcd grpc-proxy
2023-05-14T05:35:53.046845437Z stderr F Run the stateless etcd v3 gRPC L7 reverse proxy.
我尝试为API服务器和etcd服务器设置相同的配置,希望它能工作,但它没有。我甚至尝试看看是否可以在/var/lib/etcd/conf.yaml文件中容纳tls配置,但没有这样的文件:
controlplane $ ls /var/lib/etcd/
member
1条答案
按热度按时间jrcvhitl1#
尝试--tls-min-version=TLS1.3