[GitHub] [apisix-helm-chart] ajistyle commented on issue #173: helm install apisix 连接外部etcd https方式失败

Tue, 09 Nov 2021 17:52:15 -0800 


ajistyle commented on issue #173:
URL: 
https://github.com/apache/apisix-helm-chart/issues/173#issuecomment-964707207


   `cp etcd.pem etcd.crt
   cp etcd-key.pem etcd-key.key
   
   kubectl create secret tls etcd-ssl-s -n ops \
       --cert=/opt/zhuji/helm/apisix/cert/etcd.crt \
       --key=/opt/zhuji/helm/apisix/cert/etcd-key.key \
       --dry-run -o yaml > etcd-ssl-s.yaml
   
   [root@node201 apisix]# kubectl describe secret/etcd-ssl-s -n ops
   Name:         etcd-ssl-s
   Namespace:    ops
   Labels:       <none>
   Annotations:
   Type:         kubernetes.io/tls
   
   Data
   ====
   tls.crt:  1403 bytes
   tls.key:  1675 bytes
   
   helm install apisix apisix-072/ --namespace ops \
       --set etcd.enabled=false \
       --set etcd.host={https://192.168.2.202:2379} \
       --set etcd.auth.tls.enabled=true \
       --set etcd.auth.tls.existingSecret=etcd-ssl-s \
       --set etcd.auth.tls.certFilename=etcd.crt \
       --set etcd.auth.tls.certKeyFilename=etcd-key.key
   
   [root@node201 apisix]# kubectl -n ops logs pod/apisix-f9fbcd99c-lzvfq
   /usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init
   
   WARNING: using fixed Admin API token has security risk.
   Please modify "admin_key" in conf/config.yaml .
   
   
   /usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init_etcd
   Warning! Request etcd endpoint 'https://192.168.2.202:2379/version' error, 
error loading private key (No such file or directory), retry time=1
   request etcd endpoint 'https://192.168.2.202:2379/version' error, error 
loading private key (system lib)
   Warning! Request etcd endpoint 'https://192.168.2.202:2379/version' error, 
error loading private key (system lib), retry time=2
   
   
   
   helm install apisix apisix-072/ --namespace ops \
       --set etcd.enabled=false \
       --set etcd.host={https://192.168.2.202:2379} \
       --set etcd.auth.tls.enabled=true \
       --set etcd.auth.tls.existingSecret=etcd-ssl-s \
       **--set etcd.auth.tls.certFilename=tls.crt \
       --set etcd.auth.tls.certKeyFilename=tls.key**
   
   
   [root@node201 apisix]# kubectl logs pod/apisix-f44c8b9d-kbtqv -n ops
   /usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init
   
   WARNING: using fixed Admin API token has security risk.
   Please modify "admin_key" in conf/config.yaml .
   
   
   /usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init_etcd
   Warning! Request etcd endpoint 'https://192.168.2.202:2379/version' error, 
certificate verify failed, retry time=1
   request etcd endpoint 'https://192.168.2.202:2379/version' error, 
certificate verify failed
   Warning! Request etcd endpoint 'https://192.168.2.202:2379/version' error, 
certificate verify failed, retry time=2
   [root@node201 apisix]#
   `


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to