Skip to content
This repository has been archived by the owner on Jun 29, 2022. It is now read-only.

Commit

Permalink
docs/concepts/aws.md: document TLS handshake errors in kube-apiserver
Browse files Browse the repository at this point in the history
Closes #438.

Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>
  • Loading branch information
invidian committed Jun 15, 2020
1 parent aee816d commit d2ea6a7
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions docs/concepts/aws.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,17 @@ spec:
- ipBlock:
cidr: 0.0.0.0/0
```
## TLS handshake errors in kube-apiserver logs
On the AWS platform, you may see the following logs coming from `kube-apiserver` pods:

```
I0408 05:35:02.865305 1 log.go:172] http: TLS handshake error from 127.0.0.1:45332: read tcp 127.53.210.227:7443->127.0.0.1:45332: read: connection reset by peer
I0408 05:35:12.865457 1 log.go:172] http: TLS handshake error from 127.0.0.1:45424: read tcp 127.53.210.227:7443->127.0.0.1:45424: read: connection reset by peer
I0408 05:35:22.865279 1 log.go:172] http: TLS handshake error from 127.0.0.1:45516: read tcp 127.53.210.227:7443->127.0.0.1:45516: read: connection reset by peer
```
Those logs are harmless and are caused by AWS ELB, opening TCP connections to `kube-apiserver` to probe for availability, without performing full TLS handshake. Unfortunately, AWS ELB does not support TLS for probe requests at the time of writing.
There is ongoing [upstream](https://github.com/kubernetes/kubernetes/pull/91277) work to resolve this issue.

0 comments on commit d2ea6a7

Please sign in to comment.