sachin kumar:
Can anyone please help me to understand why we have ?
--peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true
--peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
Rocky:
–peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
=> In HA env we have multiple etcd and certs ensure secure communication b/w all the peers.
–peer-client-cert-auth=true
=> Makes sure that incoming request from peer have right cert.
–peer-key-file=/etc/kubernetes/pki/etcd/peer.key
=> As you know cert & key goes together. Pls refer to video for awesome detail.
–peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
=> You need to have ca.crt encryption. Please refer to video explanation in security section.