vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
etcd/hack/tls-setup
History
Gyuho Lee f2f7fc23f7 *: update github.com links 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 		2018-08-28 17:47:56 -07:00
..
config hack: TLS setup using cfssl 2015-07-27 14:51:17 -07:00
Makefile hack: install goreman in tls-setup example 2016-06-30 10:11:47 -06:00
Procfile *: scrub legacy ports from code and scripts 2016-05-11 13:46:30 -07:00
README.md *: update github.com links 2018-08-28 17:47:56 -07:00

README.md

This demonstrates using Cloudflare's cfssl to easily generate certificates for an etcd cluster.

Defaults generate an ECDSA-384 root and leaf certificates for localhost. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

Instructions

  1. Install git, go, and make
  2. Amend https://github.com/etcd-io/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
Example:
{
  "CN": "etcd",
  "hosts": [
    "3.8.121.201",
    "46.4.19.20",
    "127.0.0.1"
  ],
  "key": {
    "algo": "ecdsa",
    "size": 384
  },
  "names": [
    {
      "O": "autogenerated",
      "OU": "etcd cluster",
      "L": "the internet"
    }
  ]
}
  1. Run make to generate the certs