ETCD client connection to etcd servers from k8s api server issue

Question

We expect the following issue with etcd cluster. We generated certificate with the following configuration:

{
    "CN": "client",
    "hosts": [""],
    "key": {
        "algo": "ecdsa",
        "size": 256
    },
    "names": [
        {
            "C": "US",
            "L": "CA",
            "ST": "San Francisco"
        }
    ]
}

But receive this error:

error "tls: \"10.105.113.108\" does not match any of DNSNames [\"\"] (lookup : no such host)", ServerName "etcd-kube-cluster-3.test.com", IPAddresses [], DNSNames [""])

But lookup is working:

;; ANSWER SECTION:
108.113.105.10.in-addr.arpa. 54 IN  PTR ip-10-105-113-108.ec2.internal

How to fix this issue?

As the error says, a CN of `""` is bad news; in your case, you'd want `"hosts": ["ip-10-105-113-108.ec2.internal"]` or perhaps even `"hosts": ["*.ec2.internal"]` (although I have no idea what checks cfssl does, or whether you can switch them off since you actually don't need its "help" — mdaniel, Aug 09 '20 at 19:22
As far ar as I checked [here](http://play.etcd.io/install), is it's client certificate then you could try to delete 'hosts', if it's server or peer certificate then you should add your hosts as mentioned [here](https://medium.com/nirman-tech-blog/setting-up-etcd-cluster-with-tls-authentication-enabled-49c44e4151bb), that's already mentioned above by @mdaniel. — Jakub, Aug 11 '20 at 12:12

ETCD client connection to etcd servers from k8s api server issue

0 Answers0