etcd 3rd pod not getting scheduled on master node due to peers expecting old certkubernetes + coreos cluster - replacing certificateskube-dns and kubernetes-dashboard pods status are CrashLoopBackOffkube-apiserver unable to communicate with TLS enabled etcdkubectl commands timeout without detailsScheduler is not scheduling Pod for DaemonSet in Master nodeConsul DNS and KubernetesnodeAffinity with preferredDuringSchedulingIgnoredDuringExecution set always schedules a pod on an incorrect nodeDisaster Recovery Kops Kubernetes Master Node on AWSstoring the configuration used in ConfigMap “kubeadm-config” in the “kube-system” NamespaceKubernetes cert-manager not updating certificates after issuer change
Is the book wrong about the Nyquist Sampling Criterion?
Is there precedent or are there procedures for a US president refusing to concede to an electoral defeat?
Clean sphere separation with a sphere created from a cube
Copy previous line to current line from text file
Undefined Control Sequence for my 0-norm
The origin of list data structure
What Kind of Wooden Beam is this
What was the first story to feature the plot "the monsters were human all along"?
My first C++ game (snake console game)
How can I get people to remember my character's gender?
How to preserve a rare version of a book?
Piano: quaver triplets in RH v dotted quaver and semiquaver in LH
What does にとり mean?
Understanding ties
GitLab account hacked and repo wiped
How do I allocate more memory to an app on Sheepshaver running Mac OS 9?
How to remove carriage bolts from a basketball backboard?
Motion-trail-like lines
In linear regression why does regularisation penalise the parameter values as well?
How to properly store the current value of int variable into a token list?
Is there a word for food that's gone 'bad', but is still edible?
Should I simplify my writing in a foreign country?
Is there a word that describes the unjustified use of a more complex word?
Hostile Divisor Numbers
etcd 3rd pod not getting scheduled on master node due to peers expecting old cert
kubernetes + coreos cluster - replacing certificateskube-dns and kubernetes-dashboard pods status are CrashLoopBackOffkube-apiserver unable to communicate with TLS enabled etcdkubectl commands timeout without detailsScheduler is not scheduling Pod for DaemonSet in Master nodeConsul DNS and KubernetesnodeAffinity with preferredDuringSchedulingIgnoredDuringExecution set always schedules a pod on an incorrect nodeDisaster Recovery Kops Kubernetes Master Node on AWSstoring the configuration used in ConfigMap “kubeadm-config” in the “kube-system” NamespaceKubernetes cert-manager not updating certificates after issuer change
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
needed hint to resolve etcd cert issue on two etcd server pods
I have 2(3) etcd server pods and these are reporting for 3rd pod that x.509 cert is valid for etc.test1.com and not for etc.test2.com
so, my assumption is, issue is etcd server pod 2 & 3 are somehow expecting old cert dns name and not new cert dns name value which is etc.test2.com>
this is causing the 3rd pod to never get accepted as a valid peer and pod never gets scheduled on node.
Any hint how can I reset the two PODS that are expecting old cert and start expecting new cert?
below is the error from etcd server pods that are running .
rafthttp: health check for peer 44ffe8e24fa23c10 could not connect: x509: certificate is valid for etcd-a.internal.test1.com, etcd-b.internal.test1.com, etcd-c.internal.test1.com, etcd-events-a.internal.test1.com, etcd-events-b.internal.test1.com, etcd-events-c.internal.test1.com, localhost, not etcd-b.internal.test2.com
Also, will cluster work on single etcd server pod or does it need to have 3?
kubernetes 
etcd3 asked Mar 23 at 2:56
fma abdfma abd
327
add a comment |
needed hint to resolve etcd cert issue on two etcd server pods
I have 2(3) etcd server pods and these are reporting for 3rd pod that x.509 cert is valid for etc.test1.com and not for etc.test2.com
so, my assumption is, issue is etcd server pod 2 & 3 are somehow expecting old cert dns name and not new cert dns name value which is etc.test2.com>
this is causing the 3rd pod to never get accepted as a valid peer and pod never gets scheduled on node.
Any hint how can I reset the two PODS that are expecting old cert and start expecting new cert?
below is the error from etcd server pods that are running .
rafthttp: health check for peer 44ffe8e24fa23c10 could not connect: x509: certificate is valid for etcd-a.internal.test1.com, etcd-b.internal.test1.com, etcd-c.internal.test1.com, etcd-events-a.internal.test1.com, etcd-events-b.internal.test1.com, etcd-events-c.internal.test1.com, localhost, not etcd-b.internal.test2.com
Also, will cluster work on single etcd server pod or does it need to have 3?
kubernetes etcd3 asked Mar 23 at 2:56
fma abdfma abd
327
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20
add a comment |
needed hint to resolve etcd cert issue on two etcd server pods
I have 2(3) etcd server pods and these are reporting for 3rd pod that x.509 cert is valid for etc.test1.com and not for etc.test2.com
so, my assumption is, issue is etcd server pod 2 & 3 are somehow expecting old cert dns name and not new cert dns name value which is etc.test2.com>
this is causing the 3rd pod to never get accepted as a valid peer and pod never gets scheduled on node.
Any hint how can I reset the two PODS that are expecting old cert and start expecting new cert?
below is the error from etcd server pods that are running .
rafthttp: health check for peer 44ffe8e24fa23c10 could not connect: x509: certificate is valid for etcd-a.internal.test1.com, etcd-b.internal.test1.com, etcd-c.internal.test1.com, etcd-events-a.internal.test1.com, etcd-events-b.internal.test1.com, etcd-events-c.internal.test1.com, localhost, not etcd-b.internal.test2.com
Also, will cluster work on single etcd server pod or does it need to have 3?
kubernetes etcd3 asked Mar 23 at 2:56
fma abdfma abd
327
needed hint to resolve etcd cert issue on two etcd server pods
I have 2(3) etcd server pods and these are reporting for 3rd pod that x.509 cert is valid for etc.test1.com and not for etc.test2.com
so, my assumption is, issue is etcd server pod 2 & 3 are somehow expecting old cert dns name and not new cert dns name value which is etc.test2.com>
this is causing the 3rd pod to never get accepted as a valid peer and pod never gets scheduled on node.
Any hint how can I reset the two PODS that are expecting old cert and start expecting new cert?
below is the error from etcd server pods that are running .
rafthttp: health check for peer 44ffe8e24fa23c10 could not connect: x509: certificate is valid for etcd-a.internal.test1.com, etcd-b.internal.test1.com, etcd-c.internal.test1.com, etcd-events-a.internal.test1.com, etcd-events-b.internal.test1.com, etcd-events-c.internal.test1.com, localhost, not etcd-b.internal.test2.com
Also, will cluster work on single etcd server pod or does it need to have 3?
kubernetes etcd3 kubernetes etcd3 asked Mar 23 at 2:56
fma abdfma abd
327
asked Mar 23 at 2:56
fma abdfma abd
327
edited Mar 23 at 3:52
fma abd
asked Mar 23 at 2:56
fma abdfma abd
327
asked Mar 23 at 2:56
fma abdfma abd
327
asked Mar 23 at 2:56
fma abdfma abd
327
327
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20
add a comment |
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55310182%2fetcd-3rd-pod-not-getting-scheduled-on-master-node-due-to-peers-expecting-old-cer%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55310182%2fetcd-3rd-pod-not-getting-scheduled-on-master-node-due-to-peers-expecting-old-cer%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You have created the cluster manually or you are running under a ready cluster provided by the cloud provider ?
– Investigator
Mar 23 at 23:17
Connect to one controller node and issue the following command: sudo ETCDCTL_API=3 etcdctl member list --endpoints=127.0.0.1:2379 --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
– Investigator
Mar 23 at 23:19
I created it using kops tool and issue was that DNS records were somehow wrongly updated to wrong IP addresses. So, i switched them to right ones and then ETCDs starting talking to right peers and no TLS cert issue was observed. I also had to start the etcd pod using docker run. so this solved my issue. we can close question.
– fma abd
Apr 16 at 16:20