Certificate Warnings And Connection Resets in Etcd Logs

Problem

Etcd container logs has multiple entries of below warnings:

{"level":"warn","ts":"2022-07-21T12:34:07.217Z","caller":"embed/config_logging.go:279","msg":"rejected connection","remote-addr":"127.0.0.1:36204","server-name":"","error":"tls: failed to verify client's certificate: x509: certificate specifies an incompatible key usage"}
{"level":"warn","ts":"2022-07-21T12:34:07.217Z","caller":"grpclog/grpclog.go:60","msg":"grpc: addrConn.createTransport failed to connect to {0.0.0.0:4001  <nil> 0 <nil>}. Err :connection error: desc = \"transport: authentication handshake failed: remote error: tls: bad certificate\". Reconnecting..."}

{"level":"warn","ts":"2022-07-21T12:35:02.343Z","caller":"grpclog/grpclog.go:60","msg":"transport: http2Server.HandleStreams failed to read frame: read tcp 127.0.0.1:2379->127.0.0.1:36810: read: connection reset by peer"}

Environment

Platform9 Managed Kubernetes - v5.2 and Higher
Etcd

Cause

The is a known upstream bugs with etcd. Refer: https://github.com/etcd-io/etcd/issues//9398 and https://github.com/etcd-io/etcd/issues/13618

Resolution

For now these can be ignored as they are just warning and Platform9 Engineering team has plans to integrate the fix via PMK-3955 in the upcoming PMK releases. Please reach out to Platform9 Support to check the status of the fix.

PreviousTuning Kubelet Garbage Collection & Eviction Thresholds for Devicemapper NextMultiple Addons Enabled With pf9-kube Upgrade

Last updated 4 months ago

Good evening

hashtagProblem

hashtagEnvironment

hashtagCause

hashtagResolution

Problem

Environment

Cause

Resolution