Merge pull request #1948 from sgmitchell/secured-etcd

Enable etcd secure client to prevent etcdctl access without cert and key
2026-05-16 22:07:39 -02:30 · 2018-01-25 09:35:51 -06:00
parent 5d014d986b e45b30d033
commit c6e0fcea31
13 changed files with 39 additions and 0 deletions
--- a/roles/kubernetes/master/tasks/pre-upgrade.yml
+++ b/roles/kubernetes/master/tasks/pre-upgrade.yml
@@ -3,6 +3,8 @@
  command: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} ls /registry/minions"
  environment:
    ETCDCTL_API: 2
+    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
  register: old_data_exists
  delegate_to: "{{groups['etcd'][0]}}"
  changed_when: false