Merge pull request #65031 from detiber/etcd_grpc_gateway

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

kubadm - add comment for etcd server cert clientauth usage workaround

Adds TODO requested in https://github.com/kubernetes/kubernetes/pull/65020#discussion_r194801712

**Release note**:
```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-06-21 07:11:30 -07:00 committed by GitHub
commit 218b334d26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -374,6 +374,10 @@ func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.C
return nil, nil, fmt.Errorf("failure while composing altnames for etcd: %v", err)
}
// TODO: etcd 3.2 introduced an undocumented requirement for ClientAuth usage on the
// server cert: https://github.com/coreos/etcd/issues/9785#issuecomment-396715692
// Once the upstream issue is resolved, this should be returned to only allowing
// ServerAuth usage.
config := certutil.Config{
CommonName: cfg.NodeRegistration.Name,
AltNames: *altNames,