search

improbable-eng / etcd-cluster-operator

A controller to deploy and manage etcd clusters inside of Kubernetes
MIT License
128 stars 35 forks source link

.*: added TLS functionality #194

Closed FlorinPeter closed 3 years ago

FlorinPeter commented 3 years ago

Changes

Added tls certificate functionality for peer and client.

Verification

Deploy a cluster like

apiVersion: etcd.improbable.io/v1alpha1
kind: EtcdCluster
metadata:
  name: cluster
  namespace: etcd
spec:
  podTemplate:
    affinity:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
            - matchExpressions:
                - key: node-role.kubernetes.io/master
                  operator: Exists
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: etcd.improbable.io/cluster-name
                  operator: In
                  values:
                    - mcs-etcd
            topologyKey: kubernetes.io/hostname
    tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
  replicas: 3
  storage:
    volumeClaimTemplate:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 10Gi
      storageClassName: ultra-high
  version: 3.3.24
  tls:
    enabled: true
improbable-prow-robot commented 3 years ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/improbable-eng/etcd-cluster-operator/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment