Enable TLS encryption in etcd

kopeio / etcd-manager

operator for etcd: moved to https://github.com/kubernetes-sigs/etcdadm

Apache License 2.0

164 stars 47 forks source link

Enable TLS encryption in etcd #65

Open justinsb opened 6 years ago

justinsb commented 6 years ago

We should be able to create keys and distribute them security

rphillips commented 6 years ago

/cc @ericchiang

carpenterm commented 5 years ago

Not sure if it does this already, but it would be great if etcd-manager could create a new CA for etcd when enabled on an existing kops cluster that has TLS enabled for etcd.

Currently kops clusters fail kube-bench test 1.5.9 Ensure that a unique Certificate Authority is used for etcd, since kops uses the same CA for k8s and etcd. It would be great if etcd-manager could offer a solution to this given it is planned for it to be used by kops for etcd upgrades, etc.

adammw commented 4 years ago

Isn't this implemented now with --etcd-insecure=false and self-signed certs based on PKIDir CA?