Enable TLS and other security features
The following sections describe the options available for improving the security of your etcd deployment.
In order to enable Role-Based Access Control for etcd, set the following parameters:
These parameters create a root user with an associate root role with access to everything. The remaining users will use the guest role and won’t have permissions to do anything.
Configure TLS for server-to-server communications
In order to enable secure transport between peer nodes deploy the helm chart with these options:
Configure certificates for client communication
In order to enable secure transport between client and server, create a secret containing the certificate and key files and the CA used to sign the client certificates. In this case, create the secret and then deploy the chart with these options:
auth.client.secureTransport=true auth.client.enableAuthentication=true auth.client.existingSecret=etcd-client-certs
Learn more about the etcd security model and how to generate self-signed certificates for etcd.