K
Q

Is there any way use one set of certificates for several etcd cluster

5/5/2017

If I have several etcd cluster, simply I should create several certificates for each cluster.

However can I create only one set of certificates for those etcd cluster? Cause it's too complicated when I want scaling the cluster or some other scenarios( to tell the truth I want use only one set of certificates for etcd cluster and kubernetes cluster).

I try to generate server certificate like below, but dosen't work: cfssl print-defaults csr > server.json ... "CN": "coreos1", "hosts": [ "" ], ... I follow the guide: https://coreos.com/os/docs/latest/generate-self-signed-certificates.html Thanks!

-- workhardcc
etcd
kubernetes

Similar Questions

User "worker-key" cannot list pods at the cluster scope
Correct Egress rules when using deny-all on Google Container Engine
If I have Kubernetes(or mesos) already, why do I need use Spring Cloud?
Monitoring and alerting on pod status or restart with Google Container Engine (GKE) and Stackdriver

1 Answer

5/18/2017

Yes, it is possible to create a server certificate and associated key signed by a custom CA that will work on multiple hosts. You will need to specify which hosts the server certificate is good for in the "hosts": [] section. Note you can also use wildcards, which as the CoreOS guide states at the bottom:

They will work on any machine. It will simplify certificates routine but increase security risks.

-- Murad Korejo
Source: StackOverflow