ETCD Scaleup failing in TLS mode enabled #17
Description
Name and Version
3.5.16-r1
What steps will reproduce the bug?
`
STS_NAME=etc-etcdtlson-869m27
NAMESPACE=dev
HOST=etc-etcdtlson-869m27-0
HOST_FQDN=etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local
MASTER_NODE=etc-etcdtlson-869m27-0
MASTER_FQDN=etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local
PORT=2379
ETCD_SCRIPTS=/opt/bitnami/scripts/etcd
ETCD_COMMON_SCRIPTS=/opt/bitnami/scripts
ETCD_HOME=/opt/bitnami
ETCD_DATA=/bitnami/etcd/data
APP_VERSION=3.5.16
BITNAMI_APP_NAME=etcd
ETCDCTL_API=3
ALLOW_NONE_AUTHENTICATION=yes
ETCD_CLUSTER_DOMAIN=
ETCD_START_FROM_SNAPSHOT=no
ETCD_DISASTER_RECOVERY=no
ETCD_ON_K8S=yes
ETCD_INIT_SNAPSHOT_FILENAME=
ETCD_LOG_LEVEL=info
ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2380
ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379
ETCD_ADVERTISE_CLIENT_URLS=https://etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2379
ETCD_CERT_FILE=/srv/test/certs/tls.crt
ETCD_KEY_FILE=/srv/test/certs/tls.key
ETCD_TRUSTED_CA_FILE=/srv/test/certs/ca.crt
ETCD_CLIENT_CERT_AUTH=true
ETCD_PEER_CERT_FILE=/srv/test/certs/tls.crt
ETCD_PEER_KEY_FILE=/srv/test/certs/tls.key
ETCD_PEER_TRUSTED_CA_FILE=/srv/test/certs/ca.crt
ETCD_PEER_CLIENT_CERT_AUTH=true
ETCD_AUTO_TLS=false
ETCD_PEER_AUTO_TLS=false
PROTOCOL=https
TLSPARAMS=--cacert=/srv/test/certs/ca.crt --cert=/srv/test/certs/tls.crt --key=/srv/test/certs/tls.key
ETCD_INITIAL_CLUSTER_STATE=existing
ETCD_INITIAL_CLUSTER=etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local=https://etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2380,etc-etcdtlson-869m27-1.etc-etcdtlson-869m27.dev.svc.cluster.local=https://etc-etcdtlson-869m27-1.etc-etcdtlson-869m27.dev.svc.cluster.local:2380,etc-etcdtlson-869m27-2.etc-etcdtlson-869m27.dev.svc.cluster.local=https://etc-etcdtlson-869m27-2.etc-etcdtlson-869m27.dev.svc.cluster.local:2380
ETCD_NAME=etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local
ETCD_INITIAL_CLUSTER_TOKEN=etc-etcdtlson-869m27`
What is the expected behavior?
I have configured etcd tls enabled with above configuration. I was trying to scale up from 3 to 5. From the binary script it is checking the endpoint health from the peer using ENV ETCD_INITIAL_CLUSTER.
but ENV has port 2380, which is a peer-peer communication port while etcdctl is a client and it fails to identify the endpoints. Expectation is it should use the 2379 port using etcdctl
As per etcd official docs, port 2380 won't work with etcdctl client.
What do you see instead?
etcdctl --user root --password xxx --endpoints https://etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2380 --cacert=/srv/test/certs/ca.crt --cert=/srv/test/certs/tls.crt --key=/srv/test/certs/tls.key endpoint health
{"level":"warn","ts":"2025-06-25T06:18:05.250570Z","logger":"client","caller":"v3@v3.5.16/retry_interceptor.go:63","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000222000/etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2380","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = "error reading server preface: EOF""}
https://etc-etcdtlson-869m27-0.etc-etcdtlson-869m27.dev.svc.cluster.local:2380 is unhealthy: failed to commit proposal: context deadline exceeded
Error: unhealthy cluster
Additional information
Can you please review this scaleup scenario with tls enabled is a working usecase? or anything i missed in configuration need help on this