![]() Currently grpc-proxy doesn't config keep alive related options, so it will use the default values provided by the underlay gprc library. If clients uses a keep alive ping interval smaller than server's default minTime, connections between server and clients will be closed and reopened frequently. |
||
---|---|---|
.. | ||
config | ||
Makefile | ||
Procfile | ||
README.md |
README.md
This demonstrates using Cloudflare's cfssl to easily generate certificates for an etcd cluster.
Defaults generate an ECDSA-384 root and leaf certificates for localhost
. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.
Instructions
- Install git, go, and make
- Amend https://github.com/etcd-io/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
Example:
{
"CN": "etcd",
"hosts": [
"3.8.121.201",
"46.4.19.20",
"127.0.0.1"
],
"key": {
"algo": "ecdsa",
"size": 384
},
"names": [
{
"O": "autogenerated",
"OU": "etcd cluster",
"L": "the internet"
}
]
}
- Run
make
to generate the certs