我想在我的 v1.26.1 版本的 kubeadm 设置 kubernetes 集群中添加如下所示的 TLS 配置:
- --tls-min-version=VersionTLS13
- --tls-cipher-suites=TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
以上配置适用于 /etc/kubernetes/manifests/kube-apiserver.yaml 文件,但不适用于 /etc/kubernetes/manifests/etcd.yaml 文件,我在 /var/ 中的日志文件中出现以下错误日志/pods/XXXX/etcd/X.log 文件(/var/log/pods/kube-system_etcd-controlplane_542bf089335d7d542bd57ce0fc767a27/etcd/9.log):
2023-05-14T05:35:53.046461574Z stderr F flag provided but not defined: -tls-min-version
2023-05-14T05:35:53.04660994Z stderr F Usage:
2023-05-14T05:35:53.046636201Z stderr F
2023-05-14T05:35:53.046663998Z stderr F etcd [flags]
2023-05-14T05:35:53.046686594Z stderr F Start an etcd server.
2023-05-14T05:35:53.046700948Z stderr F
2023-05-14T05:35:53.046709639Z stderr F etcd --version
2023-05-14T05:35:53.046717521Z stderr F Show the version of etcd.
2023-05-14T05:35:53.04672437Z stderr F
2023-05-14T05:35:53.046731627Z stderr F etcd -h | --help
2023-05-14T05:35:53.046738678Z stderr F Show the help information about etcd.
2023-05-14T05:35:53.046757474Z stderr F
2023-05-14T05:35:53.046766886Z stderr F etcd --config-file
2023-05-14T05:35:53.046774551Z stderr F Path to the server configuration file. Note that if a configuration file is provided, other command line flags and environment variables will be ignored.
2023-05-14T05:35:53.0467848Z stderr F
2023-05-14T05:35:53.046791709Z stderr F etcd gateway
2023-05-14T05:35:53.046813103Z stderr F Run the stateless pass-through etcd TCP connection forwarding proxy.
2023-05-14T05:35:53.046831676Z stderr F
2023-05-14T05:35:53.046839404Z stderr F etcd grpc-proxy
2023-05-14T05:35:53.046845437Z stderr F Run the stateless etcd v3 gRPC L7 reverse proxy.
我尝试为 api 服务器和 etcd 服务器设置相同类型的配置,希望它能工作,但没有成功。 我什至尝试查看是否可以在 /var/lib/etcd/conf.yaml 文件中容纳 tls 配置,但没有这样的文件:
controlplane $ ls /var/lib/etcd/
member
- --tls-min-version=VersionTLS13