vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
etcd/hack/tls-setup
History
mlmhl 0461b3fa51
grpcproxy: make grpc keep alive related options configurable (#11711) 
Currently grpc-proxy doesn't config keep alive related options, so it
will use the default values provided by the underlay gprc library. If
clients uses a keep alive ping interval smaller than server's default
minTime, connections between server and clients will be closed and
reopened frequently.
 		2020-04-17 21:20:03 -07:00
..
config grpcproxy: make grpc keep alive related options configurable (#11711) 2020-04-17 21:20:03 -07:00
Makefile grpcproxy: make grpc keep alive related options configurable (#11711) 2020-04-17 21:20:03 -07:00
Procfile *: scrub legacy ports from code and scripts 2016-05-11 13:46:30 -07:00
README.md *: update github.com links 2018-08-28 17:47:56 -07:00

README.md

This demonstrates using Cloudflare's cfssl to easily generate certificates for an etcd cluster.

Defaults generate an ECDSA-384 root and leaf certificates for localhost. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

Instructions

  1. Install git, go, and make
  2. Amend https://github.com/etcd-io/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
Example:
{
  "CN": "etcd",
  "hosts": [
    "3.8.121.201",
    "46.4.19.20",
    "127.0.0.1"
  ],
  "key": {
    "algo": "ecdsa",
    "size": 384
  },
  "names": [
    {
      "O": "autogenerated",
      "OU": "etcd cluster",
      "L": "the internet"
    }
  ]
}
  1. Run make to generate the certs