k8s_fedora: Explicitly set etcd authentication
Set client and peer auth to true and add trusted_ca configuration to enable authentication via certs for both clients and other etcd members. Change-Id: I1d0fbd6f89dc2e95e016299c5ce0c68eb4fe8e1a Closes-Bug: #1759813
This commit is contained in:
parent
c0f8db98ae
commit
a1fb448c3a
|
@ -69,11 +69,15 @@ if [ "$TLS_DISABLED" = "False" ]; then
|
|||
|
||||
cat >> /etc/etcd/etcd.conf <<EOF
|
||||
ETCD_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_TRUSTED_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_CERT_FILE=$cert_dir/server.crt
|
||||
ETCD_KEY_FILE=$cert_dir/server.key
|
||||
ETCD_CLIENT_CERT_AUTH=true
|
||||
ETCD_PEER_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_PEER_TRUSTED_CA_FILE=$cert_dir/ca.crt
|
||||
ETCD_PEER_CERT_FILE=$cert_dir/server.crt
|
||||
ETCD_PEER_KEY_FILE=$cert_dir/server.key
|
||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable
|
||||
client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE,
|
||||
ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH,
|
||||
ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix.
|
Loading…
Reference in New Issue