tectonic-installer
tectonic-installer copied to clipboard
Published
20 hours ago •
coreos
coreos
Tectonic doesn't render generated etcd CA private key
When using self-signed etcd certs, the CA private key is generated in memory but never rendered. Once terraform exits the content is discarded.
Internal bug can be found here: https://jira.coreos.com/browse/INST-1027
What keywords did you search in tectonic-installer issues before filing this one?
etcd, ca, tls, certificate
Is this a BUG REPORT or FEATURE REQUEST?
BUG REPORT
Versions
Tectonic version (release or commit hash):
1.8.9-tectonic.1
Terraform version (terraform version):
Terraform v0.10.7
Platform (aws|azure|openstack|metal|vmware):
(all)
What happened?
Generated TLS assets include etcd-client-ca.crt but not etcd-client-ca.key
$ tree generated/tls/
generated/tls/
├── apiserver.crt
├── apiserver.key
├── ca.crt
├── ca.key
├── etcd
│ ├── peer.crt
│ ├── peer.key
│ ├── server.crt
│ └── server.key
├── etcd-client-ca.crt
├── etcd-client.crt
├── etcd-client.key
├── grpc-client.crt
├── grpc-client.key
├── grpc-server.crt
├── grpc-server.key
├── kubelet.crt
├── kubelet.key
├── service-account.key
└── service-account.pub
1 directory, 19 files
What you expected to happen?
The installer should have included a etcd-client-ca.key as part of the generated TLS assets.
How to reproduce it (as minimally and precisely as possible)?
Run the terraform installer.
Anything else we need to know?
enter text here
References
https://github.com/coreos/tectonic-installer/blob/1.8.9-tectonic.1/modules/tls/etcd/signed/outputs.tf#L1-L3
