venezia/secure-etcd.md

Last active October 19, 2017 17:56

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/venezia/29b2f51997ac36ed81fadf449fa8c13c.js"></script>
Save venezia/29b2f51997ac36ed81fadf449fa8c13c to your computer and use it in GitHub Desktop.

Download ZIP

secure etcd

Raw

secure-etcd.md

Separate etcd CA
Separate etcd peer CA
network isolation of etcd to only talk to api servers
enable secret encryption (experimental feature)
secure Kubernetes cluster via pod tolerations / node selectors / pod security policies as appropriate
don't get tiller more access than it needs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment