search

coreos / etcd-operator

etcd operator creates/configures/manages etcd clusters atop Kubernetes
https://coreos.com/blog/introducing-the-etcd-operator.html
Apache License 2.0
1.75k stars 741 forks source link

failed to constructs tls config: tls: failed to find any PEM data in certificate input #2120

Closed zhangsimingshannonai closed 5 years ago

zhangsimingshannonai commented 5 years ago

What I use: Ubuntu 18.04 etcd-operator 0.9.4

The requests: I want to user etcd-operator's backup crd to backup my external etcd. my kubernetes's etcd is started in docker(not a pod, started by "docker run" and as a external docker against kubernetes).

The ERROR: I already have etcd-operator-backup pod running in my k8s cluster.

$ kubectl get pods -n etcd
NAME                                                              READY   STATUS    RESTARTS   AGE
etcd-operator-nx-etcd-operator-etcd-backup-operator-f65c8d7g2p2   1/1     Running   0          35m
etcd-operator-nx-etcd-operator-etcd-restore-operator-86b577hgmx   1/1     Running   0          35m

Now, I create a backup.yaml to trigger the backup, here is my backup.yml:

apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
  name: etcd-cluster-backup
  namespace: etcd
spec:
  etcdEndpoints: ["https://10.20.11.120:2379"]
  clientTLSSecret: etcd
  storageType: S3
  backupPolicy:
    backupIntervalInSecond: 30
    maxBackups: 6
  s3:
    path: xxxxxxxxxxxx/xxxxxxxxxxx/xxxxx
    awsSecret: aws-etcd

Then, I run:

$ kubectl apply -f backup.yml
#and I got 
$ kubectl describe etcdbackups.etcd.database.coreos.com -n etcd
...
Status:
  Reason:             failed to constructs tls config: tls: failed to find any PEM data in certificate input
  Last Success Date:  <nil>
  Succeeded:          false
...

my secret's name is "etcd", and create by:

$ kubectl create secret generic etcd --from-file=ca.crt --from-file=client.crt --from-file=client.key -n etcd

look into the secret and check:

$ apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCekNDQWUrZ0F3SUJBZ0lVSDRKZ1c5VzZncUNjRnhhenhtNlhaa2Z3eitJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0VqRVFNQTRHQTFVRUF3d0haWFJqWkMxallUQWdGdzB4T1RBNE1EWXdOVEEzTkROYUdBOHlNVEU1TURjeApNekExTURjME0xb3dFakVRTUE0R0ExVUVBd3dIWlhSalpDMWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBS0lSMXNRSFNrY3hzNVFBRDQrczFrQnJPS2IvYXdFMU1neENyY2l5QVMybWM2UHEKOU5VSmZWaDdNSVBjb1dsRUpnaDNydVJVbzZEczdxR3VQL01iNnMvbzJtWG1QdGpIM3NwSW9kc2o1V1RDakw4Swo4eGZkTEdHQTA0d1pKZUVuYU1pOGlzWjQvZkptY0F4MitXeHRrQzBjdkxndi83YU8vckFERDZHTkFldjF4U3FtCmF4YUV6Zk1yeDRsMXA0M2dqRDlXSkdYbVdKbWRtdy9teGdVQWVhOUFnM01seWtFVzBINHEydW5LMW90THRmemkKMG8zeXZhelFxY0pLREF2WWpQSVRRZENkVDhFT3NjalJRUWhRdUlSL1EvM3Z2UWdFbStiWUM1QTcvRWEvTGFZMgpFQnRFbUNVN2tzNVJONkF1cFRFV2Z0MlRKYi8wZ2lIVG8xeUZ0YWNDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFCkZKVkEyVUFIWkdCYXMwWUFPVmZkTGp6WmxZcjBNQjhHQTFVZEl3UVlNQmFBRkpWQTJVQUhaR0JhczBZQU9WZmQKTGp6WmxZcjBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQjRvdDkwTgpleDZFK2RQb3FJTEdoUWl0ZXNXdEc3TVBINkh2bGVEeTNBcEU0KzhkSzY1SHVMRjNFd3JsREtCNFhhTzlOWnpLCmZRNWZDSVNTTU0zUmlhNUdlNklmU01DQjlBNHh0U2JDeHduRE5MZ1l4dkJ6K3JDZDZSTmY0QlprQWw5TktxbTkKUS9RVU4zVnVqYTRySUhYbThMcE5xcndRVytzcjdvekxXd28xRHJaVFZLTnpSWDZiS3FDbkhLY0Z2dXdhaTJodwpBT1ZHVnY0Y0Vid2dLeFYwMVExM2VGUG50M3ZzM2lxZ3FXQlI1NDlsbFZoc05xdHoyZjVkcWlMRkdLYUptNms2CmpLS3BOR2ROOTBIbjMwUEZRSzZGcE9Nc2h4djliVDRxRXFSUDliOG9UY29yK0taNnl3VmlOZlBtWnN5YmRrZjMKNFFwTG40ek9ORUl5WGFzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  client.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVFVENDQXZtZ0F3SUJBZ0lVSjNLZEtZYkNFUTFpZUlxby82Mk5sWXhRbHA4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0VqRVFNQTRHQTFVRUF3d0haWFJqWkMxallUQWdGdzB4T1RBNE1EWXdOVEEzTkROYUdBOHlNVEU1TURjeApNekExTURjME0xb3dKREVpTUNBR0ExVUVBd3daWlhSalpDMXViMlJsTFdsd0xURXdMVEl3TFRFeExURXlNRENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTElsV0cyVklRRnluV2dCdDJSckNPSlIKT0R4UnRZcUVJdTZkK2MzK2JlaUJtWWR4aUN4UjlZVDVwbWFJVUxIQ0xPNkJMekRBQ25Hd0NmSXBLMURnNUkzSgp6MEhzWTJKSUFXTVlNV2ZGRGQxNDU1UXFTcDhPZ25TdGU3NTQ0SEo4QXNoN1dxVUovdHl4dDJBSEp0N2d5dXVzCnViWVhnVGk0aHNEdERGNGF4eXNzalgwTW9VUzhmQnVxK3dxdXo4NGpadFhVejZnRVFsOTJlOXVLYVBqUG9uYi8KQlE0ZWNsWXBOakEwUUVaN3p0c3NITVpoT0JMTWJCbXNEWkMyakV2eXpiS09XQy9yYUdnSmtvZGRtSWNYdWdBUQpBbnN4K0pLSUI3SFZRSGFNOXg4NFpUenpHZEd4aU5aMUVudFFoN2huTTljRW9WR3JzK3NTTHNxRHNyOWRhMTBDCkF3RUFBYU9DQVVrd2dnRkZNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBSkJnTlYKSFJNRUFqQUFNQjBHQTFVZERnUVdCQlF5cU9uWjlna2ZJeFVrYmNTOUxLWjFqbFlBV0RBZkJnTlZIU01FR0RBVwpnQlNWUU5sQUIyUmdXck5HQURsWDNTNDgyWldLOURDQjJBWURWUjBSQklIUU1JSE5nZ2xzYjJOaGJHaHZjM1NDCkQybHdMVEV3TFRJd0xURXhMVEV5TUlKTGJteGlMV3M0Y3kxMFpYTjBMV0Z3YVhObGNuWmxjaTB4WmpBM1pqSmwKTm1NeVl6SmlOREpqTG1Wc1lpNWpiaTF1YjNKMGFIZGxjM1F0TVM1aGJXRjZiMjVoZDNNdVkyOXRMbU51Z2lKbApkR05rTG10MVltVXRjM2x6ZEdWdExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doUmxkR05rTG10MVltVXRjM2x6CmRHVnRMbk4yWTRJUVpYUmpaQzVyZFdKbExYTjVjM1JsYllJRVpYUmpaSWNFQ2hRTGVJY0VDaFFMZUljRWZ3QUEKQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUtaNkI2eVFzL0x5eFpmT01uck1JK29VNTkvdjh0U3pvY0dIMgorZXYzMGkxMTE4UFRwTTdiNXpGVGNLVVZsTHQ1NTdWdkFBaWh3NjJiNUNER1Irb2tPdGFHbGRNWUNXVEwzVm9pCmg5U2pZVWxCdXN3MTZXMCtRK2N1ZzBtTWRwUS9oZi80OWd1aVAvUXVna2J0MnBXS09NMlBoYnN5dDNuc281NEMKcUNBcmQ1KzQvWW0zRnpPY2NIOXNtNEdoc2xmRVJPQ1h3QUhEbW5LZjNzZk5pYXBsV0ZlV3hoNnBHakJWYWF5cQpzNzh6VUJaUk5tZkNxRUo2MDRJR253MTBTUDVuZEloODlNK1dQTGxJM0dmU1pBWjRubVd2THBnMWcrV1ZGTnFICkFUYlFwRU45bmJHMDc4SzY3SWRpMDBDMDIzTmVFSjNaTVVTQ2NtOHJEQVJjOEZZZ1p3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  client.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc2lWWWJaVWhBWEtkYUFHM1pHc0k0bEU0UEZHMWlvUWk3cDM1emY1dDZJR1poM0dJCkxGSDFoUG1tWm9oUXNjSXM3b0V2TU1BS2NiQUo4aWtyVU9Ea2pjblBRZXhqWWtnQll4Z3haOFVOM1hqbmxDcEsKbnc2Q2RLMTd2bmpnY253Q3lIdGFwUW4rM0xHM1lBY20zdURLNjZ5NXRoZUJPTGlHd08wTVhockhLeXlOZlF5aApSTHg4RzZyN0NxN1B6aU5tMWRUUHFBUkNYM1o3MjRwbytNK2lkdjhGRGg1eVZpazJNRFJBUm52TzJ5d2N4bUU0CkVzeHNHYXdOa0xhTVMvTE5zbzVZTCt0b2FBbVNoMTJZaHhlNkFCQUNlekg0a29nSHNkVkFkb3ozSHpobFBQTVoKMGJHSTFuVVNlMUNIdUdjejF3U2hVYXV6NnhJdXlvT3l2MTFyWFFJREFRQUJBb0lCQVFDSDlBWkRRdjg0V3A4VQpBOU5RdUhyRU5SWEV1dHJnQmkyZWkwTmNXT0xLQVRZSTdyVHNsZlBZY3FueUwrL2RhUUhmVndtTG05T2NwYXRCCmV2Zkt0b2JXU29CNG9BM01zSVVXZWgwaVEzbHNYdHZrOEUyWWkzczF6anZVeGUwTWtlV1IyTW41aitKSHpQelUKTlVFTjhPSUw3L3Flbzl1RFRSZlIzbGFFN3N5Mi9mZXRGVEhzSzVHejJaZGxKbys3WkNOUTBCTTlXWkJuN0tHRgpDNHArM0VXY2R0Nk9iUGt2WFNkRGpYNzE2QStkbWNSdGh1MHpSMHdOSCtVd3dub0pRbHNBSCtjbWZvMk9mQWFuCkZrb2d1eDZHQ1FKbjZqeWlaeE1WQklLd2xJSDNOWFRBZ2VKRUFiVkc4QmZ5QmdNejc4bXlBTmJQS2M2NTZ1eVoKUDdxNVU4NWhBb0dCQU9QWVNRdkZrdDcxS0ViNE5JNXduQUpoRnFISjRLVThLeGdjclVJWjY0Y1hvNkt3eGpEMgpJTGErZEsybmljZEttQkk2SERQRkVhRmQ1dU9tTk1oQStBVkQ0WnA2YmV1aHluaW1veGxhZ0FMTTg3NGxMdEd0Ck1lY1dRdXE1Mis4bXdNbjVwZ2RTOEhqY2twQk5LNjd0dWxjbFJzdjV3OGMrN3c1aVdWQVBYODIxQW9HQkFNZ28KM2ZyWWQ0MnFPUFhmRVdPS3BNaTh1Mm80OVFCUGpHMTgxeXBqM3JSY0VEYmdhN2tPOXhqU0ZEMWdPK0JHODh3YgpOTDNTUW05R1MrdktOZ29HSFhXT2l2YUFXMTlnL1hOeC9hWmhxM3RaUVc5YUdVTEp4N1Z2MDRFejNteUxjN1luCnpua3F2ck9MSjdpUzFhY2VCTzFaMGFYZFQzb0thbjd0dnQzL0FIQUpBb0dBRDcwTjlxazBKd0NLUXJTOGRLWmsKc0dsaWRkU0xGdjdiL3pOajZHLy82L24vREtyblZkUjZtQVQ1N0ZEcFhJSFRsVmE4UWZzMzU0eWorVSt1ejdKbApMMy9yNG83WWJ2RmpHZ2h3dGJ5aG9RL2xPbG81TExTcEFNeHgzT0x2eFVwSkFPcWt4RmEvVTZudzJkVHEwbytMClVwKzVqemQyaFpuY1M0TVJwazBaa2cwQ2dZQlhCbDJ0Q0p6Q1BUWlN3RS9CSmJDTGpuTTF0ZG5mN3JZeGpFdkkKcEc5Wm40VjFOcEhmZmdBMURIRzhWYkR5ekNhSG9YU0c2M256QTI5Uzd6SWJuWmtGV1pwVm5tMGJ4UUd0UmV4dwpnSnFjSUt4d2k0M2NHZnI0aWN3OXFwMlVOL1Z4UjFGZ0lST1U0SFcrckNpMFpqcmlMMkVWYW1sNXVEbWhRaUR3ClNFU2FjUUtCZ1FEWVJaUmJRdDFtOUw5RlY1WUE2bjZVQzIvSjQ0QW9DSFU4eXlVQTdaQm1OS0JnTCtIUzhkNkoKWTRtWUpKaUtKQWdkQ3lHbFIvbXFCaVY0MDg5UndVQjRxOXQrWDRlZ0kzbVZrTTgzNGJuSExCSk1GcmJTU0R0bQp1eU1DeWNncTNZb3RrdXc5dVRCUlhWNHR4VFM0ZVZrNkZLSjU4SWNhTndBemhFelFjaTF4VlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  creationTimestamp: "2019-09-21T03:28:20Z"
  name: etcd
  namespace: etcd
  resourceVersion: "7559268"
  selfLink: /api/v1/namespaces/etcd/secrets/etcd
  uid: dc3dddea-dc1f-11e9-99e3-025e0c22fba8
type: Opaque

check the secret:

$ echo -n "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCekNDQWUrZ0F3SUJBZ0lVSDRKZ1c5VzZncUNjRnhhenhtNlhaa2Z3eitJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0VqRVFNQTRHQTFVRUF3d0haWFJqWkMxallUQWdGdzB4T1RBNE1EWXdOVEEzTkROYUdBOHlNVEU1TURjeApNekExTURjME0xb3dFakVRTUE0R0ExVUVBd3dIWlhSalpDMWpZVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBS0lSMXNRSFNrY3hzNVFBRDQrczFrQnJPS2IvYXdFMU1neENyY2l5QVMybWM2UHEKOU5VSmZWaDdNSVBjb1dsRUpnaDNydVJVbzZEczdxR3VQL01iNnMvbzJtWG1QdGpIM3NwSW9kc2o1V1RDakw4Swo4eGZkTEdHQTA0d1pKZUVuYU1pOGlzWjQvZkptY0F4MitXeHRrQzBjdkxndi83YU8vckFERDZHTkFldjF4U3FtCmF4YUV6Zk1yeDRsMXA0M2dqRDlXSkdYbVdKbWRtdy9teGdVQWVhOUFnM01seWtFVzBINHEydW5LMW90THRmemkKMG8zeXZhelFxY0pLREF2WWpQSVRRZENkVDhFT3NjalJRUWhRdUlSL1EvM3Z2UWdFbStiWUM1QTcvRWEvTGFZMgpFQnRFbUNVN2tzNVJONkF1cFRFV2Z0MlRKYi8wZ2lIVG8xeUZ0YWNDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFCkZKVkEyVUFIWkdCYXMwWUFPVmZkTGp6WmxZcjBNQjhHQTFVZEl3UVlNQmFBRkpWQTJVQUhaR0JhczBZQU9WZmQKTGp6WmxZcjBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQjRvdDkwTgpleDZFK2RQb3FJTEdoUWl0ZXNXdEc3TVBINkh2bGVEeTNBcEU0KzhkSzY1SHVMRjNFd3JsREtCNFhhTzlOWnpLCmZRNWZDSVNTTU0zUmlhNUdlNklmU01DQjlBNHh0U2JDeHduRE5MZ1l4dkJ6K3JDZDZSTmY0QlprQWw5TktxbTkKUS9RVU4zVnVqYTRySUhYbThMcE5xcndRVytzcjdvekxXd28xRHJaVFZLTnpSWDZiS3FDbkhLY0Z2dXdhaTJodwpBT1ZHVnY0Y0Vid2dLeFYwMVExM2VGUG50M3ZzM2lxZ3FXQlI1NDlsbFZoc05xdHoyZjVkcWlMRkdLYUptNms2CmpLS3BOR2ROOTBIbjMwUEZRSzZGcE9Nc2h4djliVDRxRXFSUDliOG9UY29yK0taNnl3VmlOZlBtWnN5YmRrZjMKNFFwTG40ek9ORUl5WGFzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | base64 -d
-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIUH4JgW9W6gqCcFxazxm6XZkfwz+IwDQYJKoZIhvcNAQEL
BQAwEjEQMA4GA1UEAwwHZXRjZC1jYTAgFw0xOTA4MDYwNTA3NDNaGA8yMTE5MDcx
MzA1MDc0M1owEjEQMA4GA1UEAwwHZXRjZC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKIR1sQHSkcxs5QAD4+s1kBrOKb/awE1MgxCrciyAS2mc6Pq
9NUJfVh7MIPcoWlEJgh3ruRUo6Ds7qGuP/Mb6s/o2mXmPtjH3spIodsj5WTCjL8K
8xfdLGGA04wZJeEnaMi8isZ4/fJmcAx2+WxtkC0cvLgv/7aO/rADD6GNAev1xSqm
axaEzfMrx4l1p43gjD9WJGXmWJmdmw/mxgUAea9Ag3MlykEW0H4q2unK1otLtfzi
0o3yvazQqcJKDAvYjPITQdCdT8EOscjRQQhQuIR/Q/3vvQgEm+bYC5A7/Ea/LaY2
EBtEmCU7ks5RN6AupTEWft2TJb/0giHTo1yFtacCAwEAAaNTMFEwHQYDVR0OBBYE
FJVA2UAHZGBas0YAOVfdLjzZlYr0MB8GA1UdIwQYMBaAFJVA2UAHZGBas0YAOVfd
LjzZlYr0MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAB4ot90N
ex6E+dPoqILGhQitesWtG7MPH6HvleDy3ApE4+8dK65HuLF3EwrlDKB4XaO9NZzK
fQ5fCISSMM3Ria5Ge6IfSMCB9A4xtSbCxwnDNLgYxvBz+rCd6RNf4BZkAl9NKqm9
Q/QUN3Vuja4rIHXm8LpNqrwQW+sr7ozLWwo1DrZTVKNzRX6bKqCnHKcFvuwai2hw
AOVGVv4cEbwgKxV01Q13eFPnt3vs3iqgqWBR549llVhsNqtz2f5dqiLFGKaJm6k6
jKKpNGdN90Hn30PFQK6FpOMshxv9bT4qEqRP9b8oTcor+KZ6ywViNfPmZsybdkf3
4QpLn4zONEIyXas=
-----END CERTIFICATE-----

$ echo -n "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVFVENDQXZtZ0F3SUJBZ0lVSjNLZEtZYkNFUTFpZUlxby82Mk5sWXhRbHA4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0VqRVFNQTRHQTFVRUF3d0haWFJqWkMxallUQWdGdzB4T1RBNE1EWXdOVEEzTkROYUdBOHlNVEU1TURjeApNekExTURjME0xb3dKREVpTUNBR0ExVUVBd3daWlhSalpDMXViMlJsTFdsd0xURXdMVEl3TFRFeExURXlNRENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTElsV0cyVklRRnluV2dCdDJSckNPSlIKT0R4UnRZcUVJdTZkK2MzK2JlaUJtWWR4aUN4UjlZVDVwbWFJVUxIQ0xPNkJMekRBQ25Hd0NmSXBLMURnNUkzSgp6MEhzWTJKSUFXTVlNV2ZGRGQxNDU1UXFTcDhPZ25TdGU3NTQ0SEo4QXNoN1dxVUovdHl4dDJBSEp0N2d5dXVzCnViWVhnVGk0aHNEdERGNGF4eXNzalgwTW9VUzhmQnVxK3dxdXo4NGpadFhVejZnRVFsOTJlOXVLYVBqUG9uYi8KQlE0ZWNsWXBOakEwUUVaN3p0c3NITVpoT0JMTWJCbXNEWkMyakV2eXpiS09XQy9yYUdnSmtvZGRtSWNYdWdBUQpBbnN4K0pLSUI3SFZRSGFNOXg4NFpUenpHZEd4aU5aMUVudFFoN2huTTljRW9WR3JzK3NTTHNxRHNyOWRhMTBDCkF3RUFBYU9DQVVrd2dnRkZNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBSkJnTlYKSFJNRUFqQUFNQjBHQTFVZERnUVdCQlF5cU9uWjlna2ZJeFVrYmNTOUxLWjFqbFlBV0RBZkJnTlZIU01FR0RBVwpnQlNWUU5sQUIyUmdXck5HQURsWDNTNDgyWldLOURDQjJBWURWUjBSQklIUU1JSE5nZ2xzYjJOaGJHaHZjM1NDCkQybHdMVEV3TFRJd0xURXhMVEV5TUlKTGJteGlMV3M0Y3kxMFpYTjBMV0Z3YVhObGNuWmxjaTB4WmpBM1pqSmwKTm1NeVl6SmlOREpqTG1Wc1lpNWpiaTF1YjNKMGFIZGxjM1F0TVM1aGJXRjZiMjVoZDNNdVkyOXRMbU51Z2lKbApkR05rTG10MVltVXRjM2x6ZEdWdExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doUmxkR05rTG10MVltVXRjM2x6CmRHVnRMbk4yWTRJUVpYUmpaQzVyZFdKbExYTjVjM1JsYllJRVpYUmpaSWNFQ2hRTGVJY0VDaFFMZUljRWZ3QUEKQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUtaNkI2eVFzL0x5eFpmT01uck1JK29VNTkvdjh0U3pvY0dIMgorZXYzMGkxMTE4UFRwTTdiNXpGVGNLVVZsTHQ1NTdWdkFBaWh3NjJiNUNER1Irb2tPdGFHbGRNWUNXVEwzVm9pCmg5U2pZVWxCdXN3MTZXMCtRK2N1ZzBtTWRwUS9oZi80OWd1aVAvUXVna2J0MnBXS09NMlBoYnN5dDNuc281NEMKcUNBcmQ1KzQvWW0zRnpPY2NIOXNtNEdoc2xmRVJPQ1h3QUhEbW5LZjNzZk5pYXBsV0ZlV3hoNnBHakJWYWF5cQpzNzh6VUJaUk5tZkNxRUo2MDRJR253MTBTUDVuZEloODlNK1dQTGxJM0dmU1pBWjRubVd2THBnMWcrV1ZGTnFICkFUYlFwRU45bmJHMDc4SzY3SWRpMDBDMDIzTmVFSjNaTVVTQ2NtOHJEQVJjOEZZZ1p3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" | base64 -d
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIUJ3KdKYbCEQ1ieIqo/62NlYxQlp8wDQYJKoZIhvcNAQEL
BQAwEjEQMA4GA1UEAwwHZXRjZC1jYTAgFw0xOTA4MDYwNTA3NDNaGA8yMTE5MDcx
MzA1MDc0M1owJDEiMCAGA1UEAwwZZXRjZC1ub2RlLWlwLTEwLTIwLTExLTEyMDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIlWG2VIQFynWgBt2RrCOJR
ODxRtYqEIu6d+c3+beiBmYdxiCxR9YT5pmaIULHCLO6BLzDACnGwCfIpK1Dg5I3J
z0HsY2JIAWMYMWfFDd1455QqSp8OgnSte7544HJ8Ash7WqUJ/tyxt2AHJt7gyuus
ubYXgTi4hsDtDF4axyssjX0MoUS8fBuq+wquz84jZtXUz6gEQl92e9uKaPjPonb/
BQ4eclYpNjA0QEZ7ztssHMZhOBLMbBmsDZC2jEvyzbKOWC/raGgJkoddmIcXugAQ
Ansx+JKIB7HVQHaM9x84ZTzzGdGxiNZ1EntQh7hnM9cEoVGrs+sSLsqDsr9da10C
AwEAAaOCAUkwggFFMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAJBgNV
HRMEAjAAMB0GA1UdDgQWBBQyqOnZ9gkfIxUkbcS9LKZ1jlYAWDAfBgNVHSMEGDAW
gBSVQNlAB2RgWrNGADlX3S482ZWK9DCB2AYDVR0RBIHQMIHNgglsb2NhbGhvc3SC
D2lwLTEwLTIwLTExLTEyMIJLbmxiLWs4cy10ZXN0LWFwaXNlcnZlci0xZjA3ZjJl
NmMyYzJiNDJjLmVsYi5jbi1ub3J0aHdlc3QtMS5hbWF6b25hd3MuY29tLmNugiJl
dGNkLmt1YmUtc3lzdGVtLnN2Yy5jbHVzdGVyLmxvY2FsghRldGNkLmt1YmUtc3lz
dGVtLnN2Y4IQZXRjZC5rdWJlLXN5c3RlbYIEZXRjZIcEChQLeIcEChQLeIcEfwAA
ATANBgkqhkiG9w0BAQsFAAOCAQEAKZ6B6yQs/LyxZfOMnrMI+oU59/v8tSzocGH2
+ev30i1118PTpM7b5zFTcKUVlLt557VvAAihw62b5CDGR+okOtaGldMYCWTL3Voi
h9SjYUlBusw16W0+Q+cug0mMdpQ/hf/49guiP/Qugkbt2pWKOM2Phbsyt3nso54C
qCArd5+4/Ym3FzOccH9sm4GhslfEROCXwAHDmnKf3sfNiaplWFeWxh6pGjBVaayq
s78zUBZRNmfCqEJ604IGnw10SP5ndIh89M+WPLlI3GfSZAZ4nmWvLpg1g+WVFNqH
ATbQpEN9nbG078K67Idi00C023NeEJ3ZMUSCcm8rDARc8FYgZw==
-----END CERTIFICATE-----

$ echo -n "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc2lWWWJaVWhBWEtkYUFHM1pHc0k0bEU0UEZHMWlvUWk3cDM1emY1dDZJR1poM0dJCkxGSDFoUG1tWm9oUXNjSXM3b0V2TU1BS2NiQUo4aWtyVU9Ea2pjblBRZXhqWWtnQll4Z3haOFVOM1hqbmxDcEsKbnc2Q2RLMTd2bmpnY253Q3lIdGFwUW4rM0xHM1lBY20zdURLNjZ5NXRoZUJPTGlHd08wTVhockhLeXlOZlF5aApSTHg4RzZyN0NxN1B6aU5tMWRUUHFBUkNYM1o3MjRwbytNK2lkdjhGRGg1eVZpazJNRFJBUm52TzJ5d2N4bUU0CkVzeHNHYXdOa0xhTVMvTE5zbzVZTCt0b2FBbVNoMTJZaHhlNkFCQUNlekg0a29nSHNkVkFkb3ozSHpobFBQTVoKMGJHSTFuVVNlMUNIdUdjejF3U2hVYXV6NnhJdXlvT3l2MTFyWFFJREFRQUJBb0lCQVFDSDlBWkRRdjg0V3A4VQpBOU5RdUhyRU5SWEV1dHJnQmkyZWkwTmNXT0xLQVRZSTdyVHNsZlBZY3FueUwrL2RhUUhmVndtTG05T2NwYXRCCmV2Zkt0b2JXU29CNG9BM01zSVVXZWgwaVEzbHNYdHZrOEUyWWkzczF6anZVeGUwTWtlV1IyTW41aitKSHpQelUKTlVFTjhPSUw3L3Flbzl1RFRSZlIzbGFFN3N5Mi9mZXRGVEhzSzVHejJaZGxKbys3WkNOUTBCTTlXWkJuN0tHRgpDNHArM0VXY2R0Nk9iUGt2WFNkRGpYNzE2QStkbWNSdGh1MHpSMHdOSCtVd3dub0pRbHNBSCtjbWZvMk9mQWFuCkZrb2d1eDZHQ1FKbjZqeWlaeE1WQklLd2xJSDNOWFRBZ2VKRUFiVkc4QmZ5QmdNejc4bXlBTmJQS2M2NTZ1eVoKUDdxNVU4NWhBb0dCQU9QWVNRdkZrdDcxS0ViNE5JNXduQUpoRnFISjRLVThLeGdjclVJWjY0Y1hvNkt3eGpEMgpJTGErZEsybmljZEttQkk2SERQRkVhRmQ1dU9tTk1oQStBVkQ0WnA2YmV1aHluaW1veGxhZ0FMTTg3NGxMdEd0Ck1lY1dRdXE1Mis4bXdNbjVwZ2RTOEhqY2twQk5LNjd0dWxjbFJzdjV3OGMrN3c1aVdWQVBYODIxQW9HQkFNZ28KM2ZyWWQ0MnFPUFhmRVdPS3BNaTh1Mm80OVFCUGpHMTgxeXBqM3JSY0VEYmdhN2tPOXhqU0ZEMWdPK0JHODh3YgpOTDNTUW05R1MrdktOZ29HSFhXT2l2YUFXMTlnL1hOeC9hWmhxM3RaUVc5YUdVTEp4N1Z2MDRFejNteUxjN1luCnpua3F2ck9MSjdpUzFhY2VCTzFaMGFYZFQzb0thbjd0dnQzL0FIQUpBb0dBRDcwTjlxazBKd0NLUXJTOGRLWmsKc0dsaWRkU0xGdjdiL3pOajZHLy82L24vREtyblZkUjZtQVQ1N0ZEcFhJSFRsVmE4UWZzMzU0eWorVSt1ejdKbApMMy9yNG83WWJ2RmpHZ2h3dGJ5aG9RL2xPbG81TExTcEFNeHgzT0x2eFVwSkFPcWt4RmEvVTZudzJkVHEwbytMClVwKzVqemQyaFpuY1M0TVJwazBaa2cwQ2dZQlhCbDJ0Q0p6Q1BUWlN3RS9CSmJDTGpuTTF0ZG5mN3JZeGpFdkkKcEc5Wm40VjFOcEhmZmdBMURIRzhWYkR5ekNhSG9YU0c2M256QTI5Uzd6SWJuWmtGV1pwVm5tMGJ4UUd0UmV4dwpnSnFjSUt4d2k0M2NHZnI0aWN3OXFwMlVOL1Z4UjFGZ0lST1U0SFcrckNpMFpqcmlMMkVWYW1sNXVEbWhRaUR3ClNFU2FjUUtCZ1FEWVJaUmJRdDFtOUw5RlY1WUE2bjZVQzIvSjQ0QW9DSFU4eXlVQTdaQm1OS0JnTCtIUzhkNkoKWTRtWUpKaUtKQWdkQ3lHbFIvbXFCaVY0MDg5UndVQjRxOXQrWDRlZ0kzbVZrTTgzNGJuSExCSk1GcmJTU0R0bQp1eU1DeWNncTNZb3RrdXc5dVRCUlhWNHR4VFM0ZVZrNkZLSjU4SWNhTndBemhFelFjaTF4VlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" | base64 -d
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsiVYbZUhAXKdaAG3ZGsI4lE4PFG1ioQi7p35zf5t6IGZh3GI
LFH1hPmmZohQscIs7oEvMMAKcbAJ8ikrUODkjcnPQexjYkgBYxgxZ8UN3XjnlCpK
nw6CdK17vnjgcnwCyHtapQn+3LG3YAcm3uDK66y5theBOLiGwO0MXhrHKyyNfQyh
RLx8G6r7Cq7PziNm1dTPqARCX3Z724po+M+idv8FDh5yVik2MDRARnvO2ywcxmE4
EsxsGawNkLaMS/LNso5YL+toaAmSh12Yhxe6ABACezH4kogHsdVAdoz3HzhlPPMZ
0bGI1nUSe1CHuGcz1wShUauz6xIuyoOyv11rXQIDAQABAoIBAQCH9AZDQv84Wp8U
A9NQuHrENRXEutrgBi2ei0NcWOLKATYI7rTslfPYcqnyL+/daQHfVwmLm9OcpatB
evfKtobWSoB4oA3MsIUWeh0iQ3lsXtvk8E2Yi3s1zjvUxe0MkeWR2Mn5j+JHzPzU
NUEN8OIL7/qeo9uDTRfR3laE7sy2/fetFTHsK5Gz2ZdlJo+7ZCNQ0BM9WZBn7KGF
C4p+3EWcdt6ObPkvXSdDjX716A+dmcRthu0zR0wNH+UwwnoJQlsAH+cmfo2OfAan
Fkogux6GCQJn6jyiZxMVBIKwlIH3NXTAgeJEAbVG8BfyBgMz78myANbPKc656uyZ
P7q5U85hAoGBAOPYSQvFkt71KEb4NI5wnAJhFqHJ4KU8KxgcrUIZ64cXo6KwxjD2
ILa+dK2nicdKmBI6HDPFEaFd5uOmNMhA+AVD4Zp6beuhynimoxlagALM874lLtGt
MecWQuq52+8mwMn5pgdS8HjckpBNK67tulclRsv5w8c+7w5iWVAPX821AoGBAMgo
3frYd42qOPXfEWOKpMi8u2o49QBPjG181ypj3rRcEDbga7kO9xjSFD1gO+BG88wb
NL3SQm9GS+vKNgoGHXWOivaAW19g/XNx/aZhq3tZQW9aGULJx7Vv04Ez3myLc7Yn
znkqvrOLJ7iS1aceBO1Z0aXdT3oKan7tvt3/AHAJAoGAD70N9qk0JwCKQrS8dKZk
sGliddSLFv7b/zNj6G//6/n/DKrnVdR6mAT57FDpXIHTlVa8Qfs354yj+U+uz7Jl
L3/r4o7YbvFjGghwtbyhoQ/lOlo5LLSpAMxx3OLvxUpJAOqkxFa/U6nw2dTq0o+L
Up+5jzd2hZncS4MRpk0Zkg0CgYBXBl2tCJzCPTZSwE/BJbCLjnM1tdnf7rYxjEvI
pG9Zn4V1NpHffgA1DHG8VbDyzCaHoXSG63nzA29S7zIbnZkFWZpVnm0bxQGtRexw
gJqcIKxwi43cGfr4icw9qp2UN/VxR1FgIROU4HW+rCi0ZjriL2EVaml5uDmhQiDw
SESacQKBgQDYRZRbQt1m9L9FV5YA6n6UC2/J44AoCHU8yyUA7ZBmNKBgL+HS8d6J
Y4mYJJiKJAgdCyGlR/mqBiV4089RwUB4q9t+X4egI3mVkM834bnHLBJMFrbSSDtm
uyMCycgq3Yotkuw9uTBRXV4txTS4eVk6FKJ58IcaNwAzhEzQci1xVQ==
-----END RSA PRIVATE KEY-----

The Question: It seem that the problem is cannot find cert in my secret, but everything I check is absolutely right, did I miss something? I'm trying to use tls to connect to my external etcd. Hope for any reply!

zhangsimingshannonai commented 5 years ago

Finally got the reason, See:https://github.com/coreos/etcd-operator/blob/aeb3e3e0835ec5135cfe50340f59853b5b6fc407/pkg/apis/etcd/v1beta2/backup_types.go#L74-L80

In the secret, data name must set to:

    // data:
    //    "etcd-client.crt": <pem-encoded-cert>
    //    "etcd-client.key": <pem-encoded-key>
    //    "etcd-client-ca.crt": <pem-encoded-ca-cert>

And the order must be same as above... I'm going to close the issue.