zoxpx
commented
1 year ago Sorry for the late feedback --
- note that there is also a "global CA" available, and implemented a while back (done by passing
-CA /host/dir/CA.crtto the px-runc) - when we introduce CA-cert globally, it'll automatically fix SSL-certificates evaluation for the whole container (i.e. not just
pxandkvdbbut also curl/wget and shell-scripts, etc)
What this PR does / why we need it: caFile option has been removed in etcd 3.4. So, pass caFile as trustedCAFile to avoid breaking clients.
Which issue(s) this PR fixes (optional) PWX-31462
Special notes for your reviewer: no testing done yet