Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

Commit

Permalink
update generateproxycertscript.sh to use secure etcd endpoint/certs (#…
Browse files Browse the repository at this point in the history 
…2252)
  • Loading branch information
@pidah @jackfrancis
pidah authored and jackfrancis committed Feb 12, 2018
1 parent 0a44bb7 commit 72fcd1f
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion parts/k8s/kubernetesmastergenerateproxycertscript.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ K8S_PROXY_CA_CRT_FILEPATH="${K8S_PROXY_CA_CRT_FILEPATH:=/etc/kubernetes/certs/pr
K8S_PROXY_KEY_FILEPATH="${K8S_PROXY_KEY_FILEPATH:=/etc/kubernetes/certs/proxy.key}"
K8S_PROXY_CRT_FILEPATH="${K8S_PROXY_CRT_FILEPATH:=/etc/kubernetes/certs/proxy.crt}"

export ETCDCTL_ENDPOINTS="${ETCDCTL_ENDPOINTS:=https://127.0.0.1:2379}"
export ETCDCTL_CA_FILE="${ETCDCTL_CA_FILE:=/etc/kubernetes/certs/ca.crt}"
export ETCDCTL_KEY_FILE="${ETCDCTL_KEY_FILE:=/etc/kubernetes/certs/etcdclient.key}"
export ETCDCTL_CERT_FILE="${ETCDCTL_CERT_FILE:=/etc/kubernetes/certs/etcdclient.crt}"
export RANDFILE=$(mktemp)

# generate root CA
openssl genrsa -out $PROXY_CA_KEY 2048
openssl req -new -x509 -days 1826 -key $PROXY_CA_KEY -out $PROXY_CRT -subj '/CN=proxyClientCA'
Expand Down Expand Up @@ -50,4 +56,4 @@ if etcdctl mk $ETCD_REQUESTHEADER_CLIENT_CA " $(cat ${PROXY_CRT})"; then
else
sleep 5
write_certs_to_disk_with_retry
fi
fi

0 comments on commit 72fcd1f

Please sign in to comment.