Merge pull request #65031 from detiber/etcd_grpc_gateway

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubadm - add comment for etcd server cert clientauth usage workaround Adds TODO requested in https://github.com/kubernetes/kubernetes/pull/65020#discussion_r194801712 **Release note**: ```release-note NONE ```
2025-07-23 19:56:01 +00:00 · 2018-06-21 07:11:30 -07:00 · 2018-06-21 07:11:30 -07:00 · 218b334d26
commit 218b334d26
parent 95c3b39930 b6450c75e7
1 changed files with 4 additions and 0 deletions
--- a/cmd/kubeadm/app/phases/certs/certs.go
+++ b/cmd/kubeadm/app/phases/certs/certs.go
@ -374,6 +374,10 @@ func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.C
 		return nil, nil, fmt.Errorf("failure while composing altnames for etcd: %v", err)
 	}

+	// TODO: etcd 3.2 introduced an undocumented requirement for ClientAuth usage on the
+	// server cert: https://github.com/coreos/etcd/issues/9785#issuecomment-396715692
+	// Once the upstream issue is resolved, this should be returned to only allowing
+	// ServerAuth usage.
 	config := certutil.Config{
 		CommonName: cfg.NodeRegistration.Name,
 		AltNames:   *altNames,