summaryrefslogtreecommitdiff
path: root/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
diff options
context:
space:
mode:
authoryatin <yatin.karel@nectechnologies.in>2016-12-05 21:36:47 +0530
committeryatin <yatin.karel@nectechnologies.in>2016-12-09 02:57:07 +0000
commite904a8af5c559e8fd09abea7053f1c7343c7d739 (patch)
tree14ee85e08dff1295e4c547c8fcf7f26f851bc32d /magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
parent874d81c1d91be301a20fdd403b60104b9adc1404 (diff)
[k8s_fedora_atomic] Enable TLS in Etcd cluster
With this patch following are done:- - Configure Etcd with TLS support Configure Following to commuicate with TLS enabled Etcd:- - Flannel Etcd also listens at http://127.0.0.1:2379, so on master nodes etcdctl and kube apiserver can communicate without using certificates. if TLS_DISABLED="True" then TLS is not enabled for etcd. Change-Id: I2147b67c4e346a4415e1f76c19ac68e94cb0a0fa Partially-Implements: blueprint secure-etcd-cluster-coe
Notes
Notes (review): Code-Review+2: Spyros Trigazis <strigazi@gmail.com> Code-Review+2: Adrian Otto <adrian.otto@rackspace.com> Workflow+1: Adrian Otto <adrian.otto@rackspace.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 15 Dec 2016 19:13:31 +0000 Reviewed-on: https://review.openstack.org/407374 Project: openstack/magnum Branch: refs/heads/master
Diffstat (limited to 'magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh')
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh10
1 files changed, 8 insertions, 2 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
index bc15c03..bf91246 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@@ -124,5 +124,11 @@ curl -k -X POST \
124 -d "$csr_req" \ 124 -d "$csr_req" \
125 $MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${SERVER_CERT} 125 $MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${SERVER_CERT}
126 126
127chmod 500 "${cert_dir}" 127# Common certs and key are created for both etcd and kubernetes services.
128chown -R kube:kube "${cert_dir}" 128# Both etcd and kube user should have permission to access the certs and key.
129groupadd kube_etcd
130usermod -a -G kube_etcd etcd
131usermod -a -G kube_etcd kube
132chmod 550 "${cert_dir}"
133chown -R kube:kube_etcd "${cert_dir}"
134chmod 440 $SERVER_KEY