Merge "k8s_fedora: Explicitly set etcd authentication"
commit
445853cff1
|
@ -69,11 +69,15 @@ if [ "$TLS_DISABLED" = "False" ]; then
|
|||
|
||||
cat >> /etc/etcd/etcd.conf <<EOF
|
||||
ETCD_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_TRUSTED_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_CERT_FILE=$cert_dir/server.crt
|
||||
ETCD_KEY_FILE=$cert_dir/server.key
|
||||
ETCD_CLIENT_CERT_AUTH=true
|
||||
ETCD_PEER_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_PEER_TRUSTED_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_PEER_CERT_FILE=$cert_dir/server.crt
|
||||
ETCD_PEER_KEY_FILE=$cert_dir/server.key
|
||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable
|
||||
client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE,
|
||||
ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH,
|
||||
ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix.
|
Loading…
Reference in New Issue