kubeadm - fix local etcd grpc gateway

- etcd 3.2 uses the server certificate as the client cert for the grpc
  gateway, this updates the generation of the etcd server certificate to
  add client usage to resolve the issue.
This commit is contained in:
Jason DeTiberus 2018-06-12 11:24:24 -04:00
parent 793a51cef0
commit b8e8e35333
No known key found for this signature in database
GPG Key ID: CBD7D7A4B41437BC

View File

@ -377,7 +377,7 @@ func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.C
config := certutil.Config{
CommonName: cfg.NodeRegistration.Name,
AltNames: *altNames,
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}
etcdServerCert, etcdServerKey, err := pkiutil.NewCertAndKey(caCert, caKey, config)
if err != nil {