From 945d9a33cbbda3bb59dd54eabad9bdbd5a5ede11 Mon Sep 17 00:00:00 2001 From: Raoof Mohammed Date: Thu, 14 Sep 2017 12:02:28 -0400 Subject: [PATCH] doc: cluster_tls, wildcard domain correction doc: cluster_tls, wildcard domain correction based on the discussion https://github.com/coreos/etcd/issues/8534#issuecomment-329208369 --- doc/user/cluster_tls.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/user/cluster_tls.md b/doc/user/cluster_tls.md index 6c88e19ec..1f412bc15 100644 --- a/doc/user/cluster_tls.md +++ b/doc/user/cluster_tls.md @@ -35,8 +35,8 @@ The example cluster YAML manifest and example certs can be found in [example/tls The peer TLS assets should have the following: - **peer.crt**: peer communication cert. - The certificate should allow wildcard domain `*.${clusterName}.${namespace}.svc`. - In this case, it is `*.example.default.svc`. + The certificate should allow wildcard domain `*.${clusterName}.${namespace}.svc` and `*.{clusterName}.{namespace}.svc.cluster.local`. + In this case, it is `*.example.default.svc` and `*.example.default.svc.cluster.local`. - **peer.key**: peer communication key. - **peer-ca.crt**: CA cert for this peer key-cert pair. @@ -55,8 +55,8 @@ Once passed, etcd-operator will mount this secret at `/etc/etcdtls/member/peer-t The client TLS assets should have the following: - **server.crt**: etcd server's client communication cert. The certificate should allow wildcard domain `*.${clusterName}.${namespace}.svc`, - `${clusterName}-client.${namespace}.svc`, and `localhost`. - In this case, it is `*.example.default.svc`, `example-client.default.svc`, and `localhost`. + `${clusterName}-client.${namespace}.svc`, `*.{clusterName}.{namespace}.svc.cluster.local` and `localhost`. + In this case, it is `*.example.default.svc`, `example-client.default.svc`, `*.example.default.svc.cluster.local` and `localhost`. To use more DNS name or IP to access etcd server, please add it here. - **server.key**: etcd server's client communication key. - **server-ca.crt**: CA cert for validating the certs of etcd clients.