Anthony Romano c8a2c7f64f *: eschew you from documentation %!s(int64=7) %!d(string=hai) anos
..
config edfec45bf5 hack: TLS setup using cfssl %!s(int64=9) %!d(string=hai) anos
Makefile 74d75a96eb hack: install goreman in tls-setup example %!s(int64=8) %!d(string=hai) anos
Procfile dcb3b7aecf *: scrub legacy ports from code and scripts %!s(int64=8) %!d(string=hai) anos
README.md c8a2c7f64f *: eschew you from documentation %!s(int64=7) %!d(string=hai) anos

README.md

This demonstrates using Cloudflare's cfssl to easily generate certificates for an etcd cluster.

Defaults generate an ECDSA-384 root and leaf certificates for localhost. etcd nodes will use the same certificates for both sides of mutual authentication, but won't require client certs for non-peer clients.

Instructions

  1. Install git, go, and make
  2. Amend https://github.com/coreos/etcd/blob/master/hack/tls-setup/config/req-csr.json - IP's currently in the config should be replaced/added with IP addresses of each cluster node, please note 127.0.0.1 is always required for loopback purposes: json Example: { "CN": "etcd", "hosts": [ "3.8.121.201", "46.4.19.20", "127.0.0.1" ], "key": { "algo": "ecdsa", "size": 384 }, "names": [ { "O": "autogenerated", "OU": "etcd cluster", "L": "the internet" } ] } 3. Run make to generate the certs