Open justinsb opened 6 years ago
/cc @ericchiang
Not sure if it does this already, but it would be great if etcd-manager could create a new CA for etcd when enabled on an existing kops cluster that has TLS enabled for etcd.
Currently kops clusters fail kube-bench test 1.5.9 Ensure that a unique Certificate Authority is used for etcd
, since kops uses the same CA for k8s and etcd. It would be great if etcd-manager could offer a solution to this given it is planned for it to be used by kops for etcd upgrades, etc.
Isn't this implemented now with --etcd-insecure=false
and self-signed certs based on PKIDir CA?
We should be able to create keys and distribute them security