-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does this support secure etcd? #1
Comments
Unfortunately not yet @nightwolfzor . I will try to setup a solution and post it either here or some wiki page. |
Thanks @nikfoundas This would be very useful for us, as there are no etcd browsers that currently support secure mode. |
@nightwolfzor After a couple of different tests I can verify that there is a way to work with a secured etcd registry using https. If you use the docker distribution nikfountas/etcd-viewer:1.0 you can create another image that inserts your certificate(s) on the provided distribution.
If you are using the source distribution and you build the war file using maven then you should just use the keytool to import your certificates in the jre distribution of your environment:
Please note that the current etcd-viewer docker distribution (1.0) only supports etcd 0.4.x versions. Dual support for etcd 2.0.x versions will be released in a couple of days. One last thing: My environment does not have any DNS server so I had to use the --add-host parameter in the docker run in order to work with host names and not ip addresses. Not quite sure that this is relevant since I'm not a security expert and maybe I'm missing something. If ip addresses were provided directly the connections were rejected. You had to use the hostname that was included in the certificate. Your feedback would be really useful. |
@nightwolfzor Did it work for you? Do you need any more clarifications? |
This is what I did to add more than one cert every time I build the container:
FROM nikfoundas/etcd-viewer
COPY certs /certs
COPY provision.sh /provision.sh
RUN /provision.sh
#!/bin/bash
for filename in /certs/*.crt; do
echo "Importing ${filename} ..."
obj_name=$(basename "$filename")
obj_name="${obj_name%.*}"
keytool -importcert -noprompt -storepass changeit -keystore /etc/ssl/certs/java/cacerts -file ${filename} -alias ${obj_name}
done Finally, just place the certificates you wish to import in the |
hi, i have three files to connect to my etcd server, etcd-client-ca.crt, etcd-client.crt and etcd-client.key |
I would also like to know how to import the key as well |
How do I setup certificates for secure etcd
The text was updated successfully, but these errors were encountered: