Skip to content

Instantly share code, notes, and snippets.

@hongchaodeng

hongchaodeng/ca-config.json

Last active April 5, 2017 05:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hongchaodeng/995feb7c0b48c6af58e59afe9837ea4e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hongchaodeng/995feb7c0b48c6af58e59afe9837ea4e to your computer and use it in GitHub Desktop.
Download ZIP
self-hosted etcd tls
Raw
ca-config.json
{
"signing": {
"default": {
"expiry": "43800h"
},
"profiles": {
"server": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
Raw
ca-csr.json
{
"CN": "My own CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"O": "My Company Name",
"ST": "San Francisco",
"OU": "Org Unit 1",
"OU": "Org Unit 2"
}
]
}
Raw
etcd-0
apiVersion: v1
kind: Pod
metadata:
labels:
app: etcd
etcd_cluster: example-etcd-cluster
etcd_node: example-etcd-cluster-0000
name: example-etcd-cluster-0000
namespace: default
spec:
containers:
- command:
- sh
- -ec
- /usr/local/bin/etcd --data-dir=/var/etcd/default-example-etcd-cluster-0000
--name=example-etcd-cluster-0000 --initial-advertise-peer-urls=https://$(MY_POD_IP):2380
--listen-peer-urls=https://$(MY_POD_IP):2380 --listen-client-urls=http://$(MY_POD_IP):2379
--advertise-client-urls=http://$(MY_POD_IP):2379 --initial-cluster=example-etcd-cluster-0000=https://$(MY_POD_IP):2380
--initial-cluster-state=new --metrics extensive --initial-cluster-token=3a467869-915d-42b8-be5d-32e0a731fbd3
--peer-client-cert-auth --peer-trusted-ca-file=/var/etcdtls/ca.pem --peer-cert-file=/var/etcdtls/member1.pem --peer-key-file=/var/etcdtls/member1-key.pem
env:
- name: MY_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: quay.io/coreos/etcd:v3.1.4
imagePullPolicy: IfNotPresent
name: etcd
volumeMounts:
- mountPath: /var/etcd
name: etcd-data
- mountPath: /var/etcdtls
name: config-volume
dnsPolicy: ClusterFirst
hostNetwork: true
nodeName: hdeng-one-six-minion-group-58xc
restartPolicy: Always
volumes:
- hostPath:
path: /var/etcd/
name: etcd-data
- name: config-volume
configMap:
name: etcdtls
Raw
etcd-1
apiVersion: v1
kind: Pod
metadata:
labels:
app: etcd
etcd_cluster: example-etcd-cluster
etcd_node: example-etcd-cluster-0001
name: example-etcd-cluster-0001
namespace: default
spec:
containers:
- command:
- sh
- -ec
- /usr/local/bin/etcd --data-dir=/var/etcd/default-example-etcd-cluster-0001
--name=example-etcd-cluster-0001 --initial-advertise-peer-urls=https://$(MY_POD_IP):2380
--listen-peer-urls=https://$(MY_POD_IP):2380 --listen-client-urls=http://$(MY_POD_IP):2379
--advertise-client-urls=http://$(MY_POD_IP):2379
--initial-cluster=example-etcd-cluster-0000=https://10.240.0.14:2380,example-etcd-cluster-0001=https://$(MY_POD_IP):2380
--initial-cluster-state=existing --metrics extensive
--peer-client-cert-auth --peer-trusted-ca-file=/var/etcdtls/ca.pem --peer-cert-file=/var/etcdtls/member1.pem --peer-key-file=/var/etcdtls/member1-key.pem
env:
- name: MY_POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
image: quay.io/coreos/etcd:v3.1.4
imagePullPolicy: IfNotPresent
name: etcd
volumeMounts:
- mountPath: /var/etcd
name: etcd-data
- mountPath: /var/etcdtls
name: config-volume
dnsPolicy: ClusterFirst
hostNetwork: true
nodeName: hdeng-one-six-minion-group-w8k2
restartPolicy: Always
volumes:
- hostPath:
path: /var/etcd/
name: etcd-data
- name: config-volume
configMap:
name: etcdtls
Raw
member1.json
{
"CN": "peer",
"hosts": [
"10.240.0.14"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "US",
"ST": "CA",
"L": "San Francisco"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment