External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-10 02:47:38 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1948 from sgmitchell/secured-etcd

Browse Source 
Enable etcd secure client to prevent etcdctl access without cert and key
This commit is contained in:
Chad Swenson
2018-01-25 09:35:51 -06:00
committed by GitHub
parent 5d014d986b e45b30d033
commit c6e0fcea31
13 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/etcd/tasks/configure.yml
View File

@@ -8,6 +8,9 @@
when: is_etcd_master
tags:
- facts
environment:
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
- name: Install etcd launch script
template:

6
roles/etcd/tasks/join_member.yml
View File

@@ -6,6 +6,9 @@
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when: target_node == inventory_hostname
environment:
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
- include: refresh_config.yml
vars:
@@ -39,3 +42,6 @@
tags:
- facts
when: target_node == inventory_hostname
environment:
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

3
roles/etcd/tasks/set_cluster_health.yml
View File

@@ -8,3 +8,6 @@
when: is_etcd_master
tags:
- facts
environment:
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"