etcd should be configured to make use of TLS encryption for peer connections. etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be encrypted in transit and also amongst peers in the etcd clusters.
- Kind: Pod
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: + - etcd + - --peer-cert-file=file.pem + - --peer-key-file=file.key image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
Updated 9 months ago