mirror of https://github.com/k3s-io/k3s
Generation of certificates and keys for etcd gated if etcd is disabled. (#6998)
Problem:
When support for etcd was added in 3957142
, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.
Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.
Signed-off-by: Bartossh <lenartconsulting@gmail.com>
pull/7972/head
parent
2eddfe6cf4
commit
34617390d0
|
@ -446,6 +446,7 @@ func genServerCerts(config *config.Control) error {
|
|||
}
|
||||
|
||||
func genETCDCerts(config *config.Control) error {
|
||||
|
||||
runtime := config.Runtime
|
||||
regen, err := createSigningCertKey("etcd-server", runtime.ETCDServerCA, runtime.ETCDServerCAKey)
|
||||
if err != nil {
|
||||
|
@ -455,13 +456,6 @@ func genETCDCerts(config *config.Control) error {
|
|||
altNames := &certutil.AltNames{}
|
||||
addSANs(altNames, config.SANs)
|
||||
|
||||
if _, err := createClientCertKey(regen, "etcd-server", nil,
|
||||
altNames, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
|
||||
runtime.ETCDServerCA, runtime.ETCDServerCAKey,
|
||||
runtime.ServerETCDCert, runtime.ServerETCDKey); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if _, err := createClientCertKey(regen, "etcd-client", nil,
|
||||
nil, []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
runtime.ETCDServerCA, runtime.ETCDServerCAKey,
|
||||
|
@ -481,6 +475,17 @@ func genETCDCerts(config *config.Control) error {
|
|||
return err
|
||||
}
|
||||
|
||||
if config.DisableETCD {
|
||||
return nil
|
||||
}
|
||||
|
||||
if _, err := createClientCertKey(regen, "etcd-server", nil,
|
||||
altNames, []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
|
||||
runtime.ETCDServerCA, runtime.ETCDServerCAKey,
|
||||
runtime.ServerETCDCert, runtime.ServerETCDKey); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue