richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2581 Commits
29 Branches
80 Tags
156 MiB
Tree: 1d0415a6cf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1d0415a6cf'
${ noResults }
kubespray/roles/etcd/templates/openssl.conf.j2

43 lines
1.4 KiB
Raw Normal View History

Add etcd TLS support
8 years ago
Defaults for apiserver_loadbalancer_domain_name (#1993) * Defaults for apiserver_loadbalancer_domain_name When loadbalancer_apiserver is defined, use the apiserver_loadbalancer_domain_name with a given default value. Fix unconsistencies for checking if apiserver_loadbalancer_domain_name is defined AND using it with a default value provided at once. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru> * Define defaults for LB modes in common defaults Adjust the defaults for apiserver_loadbalancer_domain_name and loadbalancer_apiserver_localhost to come from a single source, which is kubespray-defaults. Removes some confusion and simplefies the code. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
6 years ago
Fixed counter in ETCD Openssl.conf When a apiserver_loadbalancer_domain_name is added to the Openssl.conf the counter gets not increased correctly. This didnt seem to have an effect at the current kargo version.
7 years ago
Add etcd TLS support
8 years ago
Add support for cert alt names for etcd (#2139) * Add support for cert alt names for etcd * Update gen_certs_vault.yml
6 years ago
Fix DNS entries in etcd's openssl.conf by adding a newline. (#2208) DNS entries generated from 'etcd_cert_alt_names' variable in etcd's openssl.conf are not terminated by a newline. This fixes issue #2207.
6 years ago
Add support for cert alt names for etcd (#2139) * Add support for cert alt names for etcd * Update gen_certs_vault.yml
6 years ago
Fix DNS entries in etcd's openssl.conf by adding a newline. (#2208) DNS entries generated from 'etcd_cert_alt_names' variable in etcd's openssl.conf are not terminated by a newline. This fixes issue #2207.
6 years ago
Add etcd TLS support
8 years ago
  1. [req]
  2. req_extensions = v3_req
  3. distinguished_name = req_distinguished_name
  5. [req_distinguished_name]
  7. [ v3_req ]
  8. basicConstraints = CA:FALSE
  9. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  10. subjectAltName = @alt_names
  12. [ ssl_client ]
  13. extendedKeyUsage = clientAuth, serverAuth
  14. basicConstraints = CA:FALSE
  15. subjectKeyIdentifier=hash
  16. authorityKeyIdentifier=keyid,issuer
  17. subjectAltName = @alt_names
  19. [ v3_ca ]
  20. basicConstraints = CA:TRUE
  21. keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  22. subjectAltName = @alt_names
  23. authorityKeyIdentifier=keyid:always,issuer
  25. [alt_names]
  26. DNS.1 = localhost
  27. {% for host in groups['etcd'] %}
  28. DNS.{{ 1 + loop.index }} = {{ host }}
  29. {% endfor %}
  30. {% if loadbalancer_apiserver is defined %}
  31. {% set idx = groups['etcd'] | length | int + 2 %}
  32. DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
  33. {% endif %}
  34. {% set idx = groups['etcd'] | length | int + 3 %}
  35. {% for etcd_alt_name in etcd_cert_alt_names %}
  36. DNS.{{ idx + 1 + loop.index }} = {{ etcd_alt_name }}
  37. {% endfor %}
  38. {% for host in groups['etcd'] %}
  39. IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
  40. IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
  41. {% endfor %}
  42. {% set idx = groups['etcd'] | length | int * 2 + 1 %}
  43. IP.{{ idx }} = 127.0.0.1