zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-07 08:31:02 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
463 Commits 1 Branch 51 Tags
61f56fea14b021646ff3a3eb97e4fe2f69fa3ec5
Commit Graph

12 Commits

Author SHA1 Message Date
Brian Cunnie
30c72cc5d4 etcd README: use API 3 2022-04-30 16:26:18 -07:00
Brian Cunnie
490f0fcd35 etcd instructions: rebuilding a node 2022-04-27 17:40:52 -07:00
Brian Cunnie
3f3f0ee78a 🐞 TLS for etcd: add GKE Node IPs 
ns-gce is unable to join the cluster because its source IP address is
the node on which its running, 34.72.45.206, and that's not included in
the SANs.

This commit updates the etcd certificate to one which includes the three
GKE nodes' IP addresses in its SANs.

This commit also includes instruction to update the certificates in the
event of an IP address change.

Fixes:
```
Apr 16 14:15:34 ns-aws etcd[500]: rejected connection from "34.72.45.206:43080" (error "tls: \"34.72.45.206\" does not match any of DNSNames [\"ns-aws.sslip.io\" \"ns-azure.sslip.io\" \"ns-gce.sslip.io\" \"ns-aws\" \"ns-azure\" \"ns-gce\"] (lookup ns-gce: Temporary failure in name resolution)", ServerName "ns-aws.sslip.io", IPAddresses ["127.0.0.1" "52.0.56.137" "52.187.42.158" "104.155.144.4" "::1" "2600:1f18:aaf:6900::a"], DNSNames ["ns-aws.sslip.io" "ns-azure.sslip.io" "ns-gce.sslip.io" "ns-aws" "ns-azure" "ns-gce"])
```
 2022-04-17 17:08:00 -07:00
Brian Cunnie
8483e1eb1e etcd README has troubleshooting section 2022-04-10 07:40:34 -07:00
Brian Cunnie
f4863813bb ns-aws & ns-azure have consistent etcd configs 
Now that both ns-aws & ns-azure are on Ubuntu Impish (previously ns-aws
was on Fedora), we can make the configuration files consistent.
 2022-04-09 18:54:18 -07:00
Brian Cunnie
3de0ccc431 README: minor corrections 2022-04-09 08:59:30 -07:00
Brian Cunnie
b46f09fa1f README: how to clear out etcd data 2022-03-30 14:06:17 -07:00
Brian Cunnie
9b8e3e36b1 etcd on Azure: conform to Ubuntu's defaults 
...because it's different than Fedora's defaults
 2022-03-24 07:21:03 -07:00
Brian Cunnie
a1117ef370 Azure has its own etcd configuration 
Other than two lines, it's identical to AWS's etcd configuration.

I've also updated the instructions for configuring it.
 2022-03-23 09:00:01 -07:00
Brian Cunnie
c4d415887e etcd: instructions to configure on ns-aws 2021-12-31 16:20:29 -08:00
Brian Cunnie
af6c0f8326 etcd cluster configuration for ns-aws.sslip.io 
- patterned after the [k8s
  configuration](https://github.com/cunnie/docs/blob/main/kubernetes.md#bootstrapping-the-etcd-cluster)
- I'm ridiculously psyched that the certificates are elliptic-curve
- clients communicate no TLS loopback only
- peers require TLS over public IPs
 2021-12-31 15:58:38 -08:00
Brian Cunnie
71ca8e1732 etcd: generate certs for cluster communication 2021-12-31 14:51:04 -08:00