Merge pull request #1948 from sgmitchell/secured-etcd

Enable etcd secure client to prevent etcdctl access without cert and key
2026-05-07 17:37:39 -02:30 · 2018-01-25 09:35:51 -06:00
parent 5d014d986b e45b30d033
commit c6e0fcea31
13 changed files with 39 additions and 0 deletions
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -37,3 +37,6 @@ etcd_node_cert_hosts: "{{ groups['k8s-cluster'] | union(groups.get('calico-rr',
 etcd_compaction_retention: "8"

 etcd_vault_mount_path: etcd
+
+# Force clients like etcdctl to use TLS certs (different than peer security)
+etcd_secure_client: true