Closed lavr closed 1 year ago
vitabaks
commented
1 year ago @lavr Hi!
I see that your changes are primarily aimed at working with existing etcd cluster (dcs_exists: true).
It would not be bad to add the ability to configure https and authorization also for a new etcd cluster deployment (dcs_exists: false)
lavr
commented
1 year ago @lavr Hi!
I see that your changes are primarily aimed at working with existing etcd cluster (dcs_exists: true).
It would not be bad to add the ability to configure https and authorization also for a new etcd cluster deployment (dcs_exists: false)
To add authentication for the etcd cluster deployment, significant updates to the etcd role are required, as I can see. This includes creating etcd root user with password, enabling authentication, creating a user and role with permissions for patroni cluster in etcd. This will entail substantial work on the etcd role. I can participate in this effort, but I suggest creating a separate Issue for it and handling it independently from this PR.
When using a shared etcd cluster, it is necessary to have the ability to configure additional parameters in the patroini config: namespace, login, password, and protocol