Question about etcd cluster with kubeadm in 1.11


I’m trying to deploy an etcd cluster using this procedure:

The procedure appears to work, however, I notice that all the etcd nodes are only listening on localhost.

The procedure says to verify cluster health using the IP address of HOST0, which fails because it’s not listening on the public address. If I replace HOST0 with localhost the health check completes and shows the cluster is healthy.

So is this procedure bugged? How would a kubernetes cluster communicate with this etcd cluster only listening on localhost?


Same problem here, And since I’ve implemented the described procedure, the page: is gone missing(404 :frowning: )

Could it be because we should use a config file using “–enpoints” instead of “–advertise-client-urls”, “–listen-peer-urls”, etc, like in folowing exaple ?

kind: MasterConfiguration


Later edit: if you check the etcd.yaml file generated in /etc/kubernetes/manifests/ using the command: root@HOST0 kubeadm alpha phase etcd local --config=/tmp/{HOST0}/kubeadmcfg.yaml, it says nothing about ${HOST0} (a.k.a. in my case :wink: ). I am trying: editing the file and test it rebooting the machine (or deleting the etcd pod/docker containers (there are 2).

yup, it partially works if you add external IP everywhere in etcd.yaml except line 39

myname@etcd1:/etc/kubernetes/manifests$ sudo docker run --rm -it --net host -v /etc/kubernetes:/etc/kubernetes etcdctl --cert-file /etc/kubernetes/pki/etcd/peer.crt --key-file /etc/kubernetes/pki/etcd/peer.key --ca-file /etc/kubernetes/pki/etcd/ca.crt --endpoints cluster-health

cluster may be unhealthy: failed to list members
Error: client: etcd cluster is unavailable or misconfigured; error #0: x509: certificate is valid for, ::1, not

error #0: x509: certificate is valid for, ::1, not