Description
/kind bug
1. What kops version are you running? The command kops version, will display
this information.
Client version: 1.30.4 (git-v1.30.4)
3. What cloud provider are you using?
AWS
4. What commands did you run? What is the simplest way to reproduce this issue?
I just followed the documents to get connect the cilium's cluster , just using port 4003 that is being used by cilium
ETCD_VERSION=3.5.13
ETCDDIR=/opt/etcd-v$ETCD_VERSION
CERTDIR=/rootfs/srv/kubernetes/kube-apiserver/
alias etcdctl="ETCDCTL_API=3 $ETCDDIR/etcdctl --cacert=$CERTDIR/etcd-ca.crt --cert=$CERTDIR/etcd-client.crt --key=$CERTDIR/etcd-client.key --endpoints=https://127.0.0.1:4003"
5. What happened after the commands executed?
getting this error when running any command over etcd's cilium like ( etcdctl member list )
{"level":"warn","ts":"2025-04-04T10:27:27.860553Z","logger":"etcd-client","caller":"[email protected]/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000022000/127.0.0.1:4003","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority\""}
Unlike the well-documented main Kubernetes etcd, the Cilium instance uses different certificates, ports, yet these details aren't comprehensively documented anywhere.
6. What did you expect to happen?
Get connect to cilium's cluster to run defrag command .