path: root/magnum/drivers/common/templates/kubernetes/fragments/
diff options
authoryatin <>2016-12-05 21:36:47 +0530
committeryatin <>2016-12-09 02:57:07 +0000
commite904a8af5c559e8fd09abea7053f1c7343c7d739 (patch)
tree14ee85e08dff1295e4c547c8fcf7f26f851bc32d /magnum/drivers/common/templates/kubernetes/fragments/
parent874d81c1d91be301a20fdd403b60104b9adc1404 (diff)
[k8s_fedora_atomic] Enable TLS in Etcd cluster
With this patch following are done:- - Configure Etcd with TLS support Configure Following to commuicate with TLS enabled Etcd:- - Flannel Etcd also listens at, so on master nodes etcdctl and kube apiserver can communicate without using certificates. if TLS_DISABLED="True" then TLS is not enabled for etcd. Change-Id: I2147b67c4e346a4415e1f76c19ac68e94cb0a0fa Partially-Implements: blueprint secure-etcd-cluster-coe
Notes (review): Code-Review+2: Spyros Trigazis <> Code-Review+2: Adrian Otto <> Workflow+1: Adrian Otto <> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 15 Dec 2016 19:13:31 +0000 Reviewed-on: Project: openstack/magnum Branch: refs/heads/master
Diffstat (limited to 'magnum/drivers/common/templates/kubernetes/fragments/')
1 files changed, 8 insertions, 2 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/ b/magnum/drivers/common/templates/kubernetes/fragments/
index bc15c03..bf91246 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/
+++ b/magnum/drivers/common/templates/kubernetes/fragments/
@@ -124,5 +124,11 @@ curl -k -X POST \
124 -d "$csr_req" \ 124 -d "$csr_req" \
125 $MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${SERVER_CERT} 125 $MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${SERVER_CERT}
126 126
127chmod 500 "${cert_dir}" 127# Common certs and key are created for both etcd and kubernetes services.
128chown -R kube:kube "${cert_dir}" 128# Both etcd and kube user should have permission to access the certs and key.
129groupadd kube_etcd
130usermod -a -G kube_etcd etcd
131usermod -a -G kube_etcd kube
132chmod 550 "${cert_dir}"
133chown -R kube:kube_etcd "${cert_dir}"
134chmod 440 $SERVER_KEY