search

Backup-testing-restore / ansible-role-k8s-cluster

https://github.com
Apache License 2.0
0 stars 0 forks source link

Configure tests for secured external etcd #11

Open Karina5005 opened 1 year ago

Karina5005 commented 1 year ago

Common scenarios the same as default_ext-etcd but in addition etcd should be set up with ssl certificates. Thus we need to provide caFile, certFile, keyFile params to cluster configuration like below (also take a look at protocol):

etcd:
  external:
    endpoints: [ "https://{{ hostvars[inventory_hostname]['ansible_facts']['default_ipv4']['address'] }}:2379" ]
    caFile: ""
    certFile: ""
    keyFile: ""

New scenario will be differ from default_ext-etcd by the following points:

  1. Certs generation for etcd instance (it would be the same host)
  2. Cert generation for control plane node because of client auth
  3. Copying certs to target dir (/etc/kubernetes/pki?) with appropriate permissions
Karina5005 commented 1 year ago

Assignee is Mishavint

Karina5005 commented 1 year ago

Created by bissquit at 2023-04-28T08:19:04Z