kubernetes etcd服务器的TLS配置(TLS密码套件和TLS版本)

h7appiyu  于 2023-05-16  发布在  Kubernetes
关注(0)|答案(1)|浏览(382)

我想在我的kubeadm setup kubernetes集群v1.26.1中添加如下TLS配置:

- --tls-min-version=VersionTLS13
- --tls-cipher-suites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256

上面的配置在/etc/kubernetes/manifests/kube-apiserver.yaml文件中可以正常工作,但在/etc/kubernetes/manifests/etcd.yaml文件中不能正常工作,我在/var/log/pods/XXXX/etcd/X. log文件(/var/log/pods/kube-system_etcd-controlplane_542bf089335d7d542bd57ce0fc767a27/etcd/9.log)中的日志文件中得到以下错误:

2023-05-14T05:35:53.046461574Z stderr F flag provided but not defined: -tls-min-version
2023-05-14T05:35:53.04660994Z stderr F Usage:
2023-05-14T05:35:53.046636201Z stderr F 
2023-05-14T05:35:53.046663998Z stderr F   etcd [flags]
2023-05-14T05:35:53.046686594Z stderr F     Start an etcd server.
2023-05-14T05:35:53.046700948Z stderr F 
2023-05-14T05:35:53.046709639Z stderr F   etcd --version
2023-05-14T05:35:53.046717521Z stderr F     Show the version of etcd.
2023-05-14T05:35:53.04672437Z stderr F 
2023-05-14T05:35:53.046731627Z stderr F   etcd -h | --help
2023-05-14T05:35:53.046738678Z stderr F     Show the help information about etcd.
2023-05-14T05:35:53.046757474Z stderr F 
2023-05-14T05:35:53.046766886Z stderr F   etcd --config-file
2023-05-14T05:35:53.046774551Z stderr F     Path to the server configuration file. Note that if a configuration file is provided, other command line flags and environment variables will be ignored.
2023-05-14T05:35:53.0467848Z stderr F 
2023-05-14T05:35:53.046791709Z stderr F   etcd gateway
2023-05-14T05:35:53.046813103Z stderr F     Run the stateless pass-through etcd TCP connection forwarding proxy.
2023-05-14T05:35:53.046831676Z stderr F 
2023-05-14T05:35:53.046839404Z stderr F   etcd grpc-proxy
2023-05-14T05:35:53.046845437Z stderr F     Run the stateless etcd v3 gRPC L7 reverse proxy.

我尝试为API服务器和etcd服务器设置相同的配置,希望它能工作,但它没有。我甚至尝试看看是否可以在/var/lib/etcd/conf.yaml文件中容纳tls配置,但没有这样的文件:

controlplane $ ls /var/lib/etcd/
member
jrcvhitl

jrcvhitl1#

  • --tls-min-version=版本TLS 13
    尝试--tls-min-version=TLS1.3

相关问题