go.etcd.io/etcd@v3.3.27+incompatible/hack/tls-setup/README.md

go.etcd.io/etcd@v3.3.27+incompatible/hack/tls-setup/README.md (about)

     1  This demonstrates using Cloudflare's [cfssl](https://github.com/cloudflare/cfssl) to easily generate certificates for an etcd cluster.
     2  
     3  Defaults generate an ECDSA-384 root and leaf certificates for `localhost`. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.
     4  
     5  **Instructions**
     6  
     7  1. Install git, go, and make
     8  2. Amend https://github.com/coreos/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes:
     9  ```json
    10  Example:
    11  {
    12    "CN": "etcd",
    13    "hosts": [
    14      "3.8.121.201",
    15      "46.4.19.20",
    16      "127.0.0.1"
    17    ],
    18    "key": {
    19      "algo": "ecdsa",
    20      "size": 384
    21    },
    22    "names": [
    23      {
    24        "O": "autogenerated",
    25        "OU": "etcd cluster",
    26        "L": "the internet"
    27      }
    28    ]
    29  }
    30  ```
    31  3. Run `make` to generate the certs