Allow talking to secure etcd (authentication through client certs) #245

dhawal55 · 2016-12-21T20:22:41Z

Fixes issue #244
We will need more work to support secure etcd for self-hosted etcd

peebs · 2016-12-21T21:08:32Z

ok to test

dhawal55 · 2016-12-29T07:06:41Z

Can someone look at my pull requests? Really simple ones

aaronlevy · 2016-12-30T19:46:56Z

Hi @dhawal55, sorry for the delay.

We are planning on migrating to self-hosted etcd cluster as the default very soon (#31) -- so the way each etcd node is launched (and where it sources TLS assets) will change almost completely. This is definitely something we need, but if we try to implement this functionality now, it will pretty much have to be thrown out / re-done differently very soon.

dhawal55 · 2017-01-03T21:10:06Z

@aaronlevy The experimental-self-hosted-etcd currently doesn't support TLS, nor does the etcd-operator. I'm okay closing this PR if issue #31 includes TLS support for etcd.

aaronlevy · 2017-01-03T23:13:00Z

#31 doesn't explicitly cover handling TLS support (and the initial implementation likely won't). I think we should keep #244 open to track this need.

Added service-cluster-ip-range as flag to bootkube start

ghost · 2017-04-10T23:04:09Z

Can one of the admins verify this patch?

ghost · 2017-04-10T23:05:06Z

Can one of the admins verify this patch?

aaronlevy · 2017-04-18T01:36:37Z

This has been added in #433

Allow talking to secure etcd (authentication through client certs)

de0fa8d

k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Dec 21, 2016

dhawal55 added 3 commits December 21, 2016 14:15

Fix build

17ccfa4

Correct apiserver flags for etcd

c642d2c

Added service-cluster-ip-range as flag to bootkube start

ca0fe97

dhawal55 added 4 commits January 13, 2017 12:06

Merge pull request #1 from dhawal55/service-cluster-ip-range

6336fbc

Added service-cluster-ip-range as flag to bootkube start

Added service-cluster-ip-range as flag to bootkube start

ae2a258

Allow talking to secure etcd (authentication through client certs)

eb261bd

Merge branch 'master' into etcd-auth

474c368

dghubble mentioned this pull request Feb 17, 2017

pkg,cmd: Add Kubernetes pod and service CIDR customziation #318

Merged

aaronlevy closed this Apr 18, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow talking to secure etcd (authentication through client certs) #245

Allow talking to secure etcd (authentication through client certs) #245

dhawal55 commented Dec 21, 2016

peebs commented Dec 21, 2016

dhawal55 commented Dec 29, 2016 •

edited

Loading

aaronlevy commented Dec 30, 2016

dhawal55 commented Jan 3, 2017

aaronlevy commented Jan 3, 2017

ghost commented Apr 10, 2017

ghost commented Apr 10, 2017

aaronlevy commented Apr 18, 2017

Allow talking to secure etcd (authentication through client certs) #245

Allow talking to secure etcd (authentication through client certs) #245

Conversation

dhawal55 commented Dec 21, 2016

peebs commented Dec 21, 2016

dhawal55 commented Dec 29, 2016 • edited Loading

aaronlevy commented Dec 30, 2016

dhawal55 commented Jan 3, 2017

aaronlevy commented Jan 3, 2017

ghost commented Apr 10, 2017

ghost commented Apr 10, 2017

aaronlevy commented Apr 18, 2017

dhawal55 commented Dec 29, 2016 •

edited

Loading