Open micahasmith opened 9 years ago
@micahasmith This looks reasonable to me (and we are definitely lacking a nice HOWTO in this area so would greatly welcome such a document if you'd be willing to contribute it!). Are things working okay for you with this setup?
A writeup on how client auth works with fleet would be great, also how the REST API would handle this. Would the HTTPS request to fleet API have to be signed by the etcd-keyfile?
@jonboulle the only issue i'm experiencing right now is https://github.com/coreos/fleet/issues/1113
note that i do have my entire "securing coreos/etcd/fleet process" written up in a HOWTO at http://micahasmith.github.io/2014/12/22/coreos-cloud-config/
I'm trying to write up how to secure CoreOS/fleet/etcd.
It looks like some etcd cert settings need specified for fleet as well.
Does the following cloud-config seem to specify them correctly?
Are there other security settings that are fleet specific that I should look into?
Thanks--