From 74a860be08a7825ca56d1ee2f6eb5c7283f61da4 Mon Sep 17 00:00:00 2001
From: moelsayed <m.elsayed@gmail.com>
Date: Sat, 3 Feb 2018 01:03:29 +0200
Subject: [PATCH] Update template to use etcd tls with AWS

---
 templates/calico.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/templates/calico.go b/templates/calico.go
index 00ac068a..b91e9d85 100644
--- a/templates/calico.go
+++ b/templates/calico.go
@@ -503,9 +503,30 @@ spec:
         configMapKeyRef:
           name: calico-config
           key: etcd_endpoints
+    # Location of the CA certificate for etcd.
+    - name: ETCD_CA_CERT_FILE
+      valueFrom:
+        configMapKeyRef:
+          name: calico-config
+          key: etcd_ca
+    # Location of the client key for etcd.
+    - name: ETCD_KEY_FILE
+      valueFrom:
+        configMapKeyRef:
+          name: calico-config
+          key: etcd_key
+    # Location of the client certificate for etcd.
+    - name: ETCD_CERT_FILE
+      valueFrom:
+        configMapKeyRef:
+          name: calico-config
+          key: etcd_cert
     volumeMounts:
     - name: ippool-config
       mountPath: /root/
+    # Mount in the etcd TLS secrets.
+    - mountPath: /calico-secrets
+      name: etcd-certs
   volumes:
   - name: ippool-config
     configMap:
@@ -513,5 +534,9 @@ spec:
       items:
         - key: {{.CloudProvider}}-ippool
           path: {{.CloudProvider}}-ippool.yaml
+  # Mount in the etcd TLS secrets.
+  - name: etcd-certs
+    secret:
+      secretName: calico-etcd-secrets
           {{end}}
 `