From 72fcd1f1b0dbff56c5b151c7f3103273f80de783 Mon Sep 17 00:00:00 2001
From: pidah <Peter.idah@gmail.com>
Date: Mon, 12 Feb 2018 20:54:22 +0000
Subject: [PATCH] update generateproxycertscript.sh to use secure etcd
 endpoint/certs (#2252)

---
 parts/k8s/kubernetesmastergenerateproxycertscript.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/parts/k8s/kubernetesmastergenerateproxycertscript.sh b/parts/k8s/kubernetesmastergenerateproxycertscript.sh
index 4539ce6b88..f313e38d51 100644
--- a/parts/k8s/kubernetesmastergenerateproxycertscript.sh
+++ b/parts/k8s/kubernetesmastergenerateproxycertscript.sh
@@ -12,6 +12,12 @@ K8S_PROXY_CA_CRT_FILEPATH="${K8S_PROXY_CA_CRT_FILEPATH:=/etc/kubernetes/certs/pr
 K8S_PROXY_KEY_FILEPATH="${K8S_PROXY_KEY_FILEPATH:=/etc/kubernetes/certs/proxy.key}"
 K8S_PROXY_CRT_FILEPATH="${K8S_PROXY_CRT_FILEPATH:=/etc/kubernetes/certs/proxy.crt}"
 
+export ETCDCTL_ENDPOINTS="${ETCDCTL_ENDPOINTS:=https://127.0.0.1:2379}"
+export ETCDCTL_CA_FILE="${ETCDCTL_CA_FILE:=/etc/kubernetes/certs/ca.crt}"
+export ETCDCTL_KEY_FILE="${ETCDCTL_KEY_FILE:=/etc/kubernetes/certs/etcdclient.key}"
+export ETCDCTL_CERT_FILE="${ETCDCTL_CERT_FILE:=/etc/kubernetes/certs/etcdclient.crt}"
+export RANDFILE=$(mktemp)
+
 # generate root CA
 openssl genrsa -out $PROXY_CA_KEY 2048
 openssl req -new -x509 -days 1826 -key $PROXY_CA_KEY -out $PROXY_CRT -subj '/CN=proxyClientCA'
@@ -50,4 +56,4 @@ if etcdctl mk $ETCD_REQUESTHEADER_CLIENT_CA " $(cat ${PROXY_CRT})"; then
 else
     sleep 5
     write_certs_to_disk_with_retry
-fi
\ No newline at end of file
+fi