[cern] [k8s_fedora_atomic] Enable TLS in Etcd cluster (!3) · Merge requests · kubernetes / magnum

Merged Ricardo Rocha requested to merge cern-newton-kubtls into cern-newton Dec 19, 2016

Cherry-pick: https://review.openstack.org/#/c/407374/

With this patch following are done:-

Configure Etcd with TLS support

Configure Following to commuicate with TLS enabled Etcd:-

Flannel

Etcd also listens at http://127.0.0.1:2379, so on master nodes etcdctl and kube apiserver can communicate without using certificates.

if TLS_DISABLED="True" then TLS is not enabled for etcd.

Change-Id: I2147b67c4e346a4415e1f76c19ac68e94cb0a0fa Partially-Implements: blueprint secure-etcd-cluster-coe

Conflicts: magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh magnum/drivers/common/templates/kubernetes/fragments/network-config-service.sh

Admin message

[cern] [k8s_fedora_atomic] Enable TLS in Etcd cluster

Merge request reports