Browse Source

Merge "k8s_fedora: Explicitly set etcd authentication"

changes/53/548753/7
Zuul 3 years ago
committed by Gerrit Code Review
parent
commit
445853cff1
2 changed files with 11 additions and 0 deletions
  1. +4
    -0
      magnum/drivers/common/templates/kubernetes/fragments/configure-etcd.sh
  2. +7
    -0
      releasenotes/notes/configure-etcd-auth-bug-1759813-baac5e0fe8a2e97f.yaml

+ 4
- 0
magnum/drivers/common/templates/kubernetes/fragments/configure-etcd.sh View File

@ -69,11 +69,15 @@ if [ "$TLS_DISABLED" = "False" ]; then
cat >> /etc/etcd/etcd.conf <<EOF
ETCD_CA_FILE=$cert_dir/ca.crt
ETCD_TRUSTED_CA_FILE=$cert_dir/ca.crt
ETCD_CERT_FILE=$cert_dir/server.crt
ETCD_KEY_FILE=$cert_dir/server.key
ETCD_CLIENT_CERT_AUTH=true
ETCD_PEER_CA_FILE=$cert_dir/ca.crt
ETCD_PEER_TRUSTED_CA_FILE=$cert_dir/ca.crt
ETCD_PEER_CERT_FILE=$cert_dir/server.crt
ETCD_PEER_KEY_FILE=$cert_dir/server.key
ETCD_PEER_CLIENT_CERT_AUTH=true
EOF
fi


+ 7
- 0
releasenotes/notes/configure-etcd-auth-bug-1759813-baac5e0fe8a2e97f.yaml View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable
client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE,
ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH,
ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix.

Loading…
Cancel
Save