Retrieving endpoints from kubernetes-etcd for haproxy

1k views Asked by At

I trying to retrieve kubernetes endpoints from my kubernetes-etcd-cluster for haproxy using confd.

When executing confd it always returns an error, that key '/registry' cant be found:

$ ./confd-0.12.0-linux-amd64 -config-file confd.toml
...
INFO Backend nodes set to https://10.31.9.49:2379
DEBUG Loading template resources from confdir /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/
DEBUG Found template: /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/conf.d/haproxy.toml
DEBUG Loading template resource from /root/haproxy/kubernetes-endpoint-proxy/src/etc/confd/conf.d/haproxy.toml
DEBUG Retrieving keys from store
DEBUG Key prefix set to /
ERROR 100: Key not found (/registry) [2540]

But listing in/below '/registry' with etcdctl works fine.

$ etcdctl \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=./admin1.pem \
--key=./admin1-key.pem \
--endpoints 10.31.9.49:2379 \
get / --keys-only=true --prefix \
| grep endpoints
/registry/services/endpoints/default/echoheaders-x
/registry/services/endpoints/default/echoheaders-y
/registry/services/endpoints/default/kubernetes
/registry/services/endpoints/kube-system/default-http-backend
/registry/services/endpoints/kube-system/kube-controller-manager
/registry/services/endpoints/kube-system/kube-dns
/registry/services/endpoints/kube-system/kube-scheduler
/registry/services/endpoints/kube-system/kubernetes-dashboard

A single endpoints works as well:

etcdctl \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=./admin1.pem \
--key=./admin1-key.pem \
--endpoints 10.31.9.49:2379 get /registry/services/endpoints/default/echoheaders-x
/registry/services/endpoints/default/echoheaders-x
k8s

v1  Endpoints�
�
echoheaders-xdefault"2/api/v1/namespaces/default/endpoints/echoheaders-x*$3bc4430d-ad97-11e7-8fe1-0022195f6b5b28B
                                                                                                                ������uZ
run
   echoheadersz�
z

10.244.1.66_
Poddefaultechoheaders-1076692255-rs1qm"$360a3956-ad97-11e7-8fe1-0022195f6b5b*22306754:worker05

�?TCP"

Listing the same endpoint as above with curl fails though:

curl \
--cacert /etc/kubernetes/ssl/ca.pem \
--cert ./master01.pem \
--key ./master01-key.pem  \
-L 'https://10.31.9.49:2379/v2/keys/registry/services/endpoints/default/echoheaders-x'
{"errorCode":100,"message":"Key not found","cause":"/registry","index":2540}

Why cant i list anything with curl, while etcdctl works?

Could anyone shed some light on this?

1

There are 1 answers

0
Volker S. On

The answer to that is that etcd3 uses gRPC and provides access with API-Version 3. Confd and curl access the data using API-Version 2.

A gRPC <-> Json-Gateway is required: https://github.com/coreos/etcd/blob/master/Documentation/dev-guide/api_grpc_gateway.md

Answer comes froms https://github.com/coreos/etcd/issues/8682