Comments (2)
swapnilgm
commented on June 23, 2024
1
Copying the offline discussion and findings summary here:
Default etcd container image or to be precise alpine base image doesn't come with wget version supporting SSL flags. So, we injected bootstrap script with apk add wget call to get coorrect wget version. Hence etcd bootstrap has this dependency on internel.
**Finding: **
We can inject the provider self-signed CA bundle to root ca directories. Usually this could be done by update-ca-certificates utility but again this doesn't come preinstalled image of etcd. What it does is append the provided ca-etcd.crt to /etc/ssl/certs/ca-certificats.crt and also, copies/symlinks it under /etc/ssl/certs/ca-cert-ca-etcd.crtfile. This is sufficient for GNUTls SSL backend. update-ca-certificates also copeis/sysmlinks it under /etc/ssl/certs/<cert-x509-hash>.<index> which is used by openssl backend lib for server certificate verification.
For vanilla etcd container image, certificates are bundled under: /etc/ssl/cert.pem
Solution: cat <path-to-ca-etcd.crt> /etc/ssl/cert.pem. And remove wget udpates script.
from etcd-druid.
swapnilgm
commented on June 23, 2024
/assign @swapnilgm
from etcd-druid.
Related Issues (20)
- [Feature] Add E2E test for `EtcdCopyBackupsTask` using Localstack
- [Feature] Allow downscaling multi-node etcd cluster HOT 1
- ☂️ [Enhancement] Create v1beta1 for etcd-druid API
- [BUG] Etcd-druid removes the scale-up annotation even if scale-up didn't succeed. HOT 1
- [BUG] Wrong `.status.replicas` is set in etcd resource when cluster is marked for scale-up HOT 1
- ☂️ Improvements in etcd-backup-restore and in etcd-druid for Scale-up feature HOT 2
- [Feature] Druid-controlled updates to the pods in the etcd cluster HOT 1
- [Feature] Harmonize scaling operations of the etcd cluster
- [Feature] Introduce `Task`/`Operation` concept for out-of-band operations HOT 6
- [Feature] Enhanced snapshot compaction based on events size HOT 1
- Rework druid documentation HOT 4
- [Enhancement] New condition to ensure all etcd's join a single cluster HOT 2
- [BUG] If peerUrl TLS not enabled for non-HA migrate to HA then druid is recreates the statefulset as well as adds a scale-up annotation
- [Test] Add e2e tests while scaling a non-HA (peerUrl TLS is not enabled) to a HA etcd cluster (peerUrl TLS will get enabled) HOT 1
- [Feature] Alerts for the compaction job metrics HOT 4
- [Feature] Load some data to ETCD instances in every e2e tests
- ☂️ Replace etcd-custom-image with etcd-wrapper HOT 3
- [Feature] ☂️ Monitor compaction jobs running on shoot control planes HOT 1
- ☂️ [Epic]: Switch to Distroless images for etcd-wrapper and etcd-backup-restore HOT 1
- [Feature] Support setting imagePullSecrets and imagePullPolicy for etcd and backup images HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from etcd-druid.