github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-05 10:19:50 +00:00
Code Issues Projects Releases Wiki Activity

kubadm - add comment for etcd server cert clientauth usage workaround

Browse Source
This commit is contained in:
Jason DeTiberus 2018-06-12 16:31:44 -04:00
parent b8e8e35333
commit b6450c75e7
No known key found for this signature in database
GPG Key ID: CBD7D7A4B41437BC
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/phases/certs/certs.go
View File

@ -374,6 +374,10 @@ func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.C
return nil, nil, fmt.Errorf("failure while composing altnames for etcd: %v", err)
}
// TODO: etcd 3.2 introduced an undocumented requirement for ClientAuth usage on the
// server cert: https://github.com/coreos/etcd/issues/9785#issuecomment-396715692
// Once the upstream issue is resolved, this should be returned to only allowing
// ServerAuth usage.
config := certutil.Config{
CommonName: cfg.NodeRegistration.Name,
AltNames: *altNames,