0

我尝试使用 confd 从我的 kubernetes-etcd-cluster 中检索 kubernetes 端点以获取 haproxy。

执行 confd 时,它总是返回错误,找不到该键 '/registry':

$ ./confd-0.12.0-linux-amd64 -config-file confd.toml
...
INFO Backend nodes set to https://10.31.9.49:2379
DEBUG Loading template resources from confdir /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/
DEBUG Found template: /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/conf.d/haproxy.toml
DEBUG Loading template resource from /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/conf.d/haproxy.toml
DEBUG Retrieving keys from store
DEBUG Key prefix set to /
ERROR 100: Key not found (/registry) [2540]

但是使用 etcdctl 在“/registry”中/下方列出可以正常工作。

$ etcdctl \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=./admin1.pem \
--key=./admin1-key.pem \
--endpoints 10.31.9.49:2379 \
get / --keys-only=true --prefix \
| grep endpoints
/registry/services/endpoints/default/echoheaders-x
/registry/services/endpoints/default/echoheaders-y
/registry/services/endpoints/default/kubernetes
/registry/services/endpoints/kube-system/default-http-backend
/registry/services/endpoints/kube-system/kube-controller-manager
/registry/services/endpoints/kube-system/kube-dns
/registry/services/endpoints/kube-system/kube-scheduler
/registry/services/endpoints/kube-system/kubernetes-dashboard

单个端点也可以:

etcdctl \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=./admin1.pem \
--key=./admin1-key.pem \
--endpoints 10.31.9.49:2379 get /registry/services/endpoints/default/echoheaders-x
/registry/services/endpoints/default/echoheaders-x
k8s

v1  Endpoints�
�
echoheaders-xdefault"2/api/v1/namespaces/default/endpoints/echoheaders-x*$3bc4430d-ad97-11e7-8fe1-0022195f6b5b28B
                                                                                                                ������uZ
run
   echoheadersz�
z

10.244.1.66_
Poddefaultechoheaders-1076692255-rs1qm"$360a3956-ad97-11e7-8fe1-0022195f6b5b*22306754:worker05

�?TCP"

但是,使用 curl 列出与上面相同的端点会失败:

curl \
--cacert /etc/kubernetes/ssl/ca.pem \
--cert ./master01.pem \
--key ./master01-key.pem  \
-L 'https://10.31.9.49:2379/v2/keys/registry/services/endpoints/default/echoheaders-x'
{"errorCode":100,"message":"Key not found","cause":"/registry","index":2540}

为什么我不能用 curl 列出任何东西,而 etcdctl 有效?

任何人都可以对此有所了解吗?

4

1 回答 1

0

答案是 etcd3 使用 gRPC 并通过 API-Version 3 提供访问。Confd 和 curl 使用 API-Version 2 访问数据。

需要一个 gRPC <-> Json-Gateway:https ://github.com/coreos/etcd/blob/master/Documentation/dev-guide/api_grpc_gateway.md

答案来自https://github.com/coreos/etcd/issues/8682

于 2017-10-11T17:40:36.660 回答