-
Notifications
You must be signed in to change notification settings - Fork 9.7k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
can etcd trust two certificate authorities #15914
Comments
Hey @ssengar - Thanks for raising this question. The normal way I would think about tackling this would be to provide a certificate bundle that includes the root certificates of all the required trusted CAs. The general steps to do that would be something like:
Have you tried an approach like this? Note: There is an active issue around the refreshing of ca bundles for new connections, i.e. zero downtime updates. Refer: #11555. Just something to be aware of. |
Hey @ssengar - This support issue will be moved to our Discussion Forums. We are trying to consolidate the channels to which questions for help/support are posted so that we can improve our efficiency in responding to your requests, and to make it easier for you to find answers to frequently asked questions and how to address common use cases. We regularly see messages posted in multiple forums, with the full response thread only in one place or, worse, spread across multiple forums. Also, the large volume of support issues on GitHub is making it difficult for us to use issues to identify real bugs. Members of the etcd community use Discussion Forums to field support requests. Before posting a new question, please search these for answers to similar questions, and also familiarize yourself with: Again, thanks for using etcd and raising this question. The etcd team |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
What would you like to be added?
multiple CA's should be trusted by etcd.
Why is this needed?
as part of our setup we might need etcd clients to connect to etcd via certificates issued by thier own CA.
The text was updated successfully, but these errors were encountered: