K
Q

Why do we need to provide the client's private key to the etcd server

10/22/2017

could somebody please explain why, when configuring a secure etcd cluster, we need to provide the client private key? Cf --key-file here: https://coreos.com/etcd/docs/latest/op-guide/security.html

I've never seen this in HTTPS 2 way ssl, for me, this key should never go out of the server.

Thanks for your help.

-- khaldoune
etcd
https
kubernetes
ssl

Similar Questions

Ingress separated between HTTP and HTTPS
Allowing access to a PersistentVolumeClaim to non-root user
ibm Cloud private console Not coming after installation
assign static IP to LoadBalancer service using k8s on aws

1 Answer

10/23/2017

Further reading has clarified things for me, especially the example 3: https://coreos.com/etcd/docs/latest/op-guide/security.html

So --key-file and --peer-key-file are both the SERVER keys used by clients when ETCD acts as server, they may be different if we have two different keypairs for peers and clients.

It's clear now, the client's private key remains private :) So everything is OK.

-- khaldoune
Source: StackOverflow