[bitnami/etcd] fix: healthcheck will failed when startup etcd with on…

…e-way tls authentication (#70554) Signed-off-by: Chen Rao <chenrao317328@163.com>
bitnami · Aug 6, 2024 · ff4ccd8 · ff4ccd8
1 parent 42af12b
commit ff4ccd8
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh
@@ -307,7 +307,11 @@ etcdctl_auth_norbac_flags() {
         authFlags+=("--cert" "${ETCD_DATA_DIR}/fixtures/client/cert.pem" "--key" "${ETCD_DATA_DIR}/fixtures/client/key.pem")
     else
         [[ -f "$ETCD_CERT_FILE" ]] && [[ -f "$ETCD_KEY_FILE" ]] && authFlags+=("--cert" "$ETCD_CERT_FILE" "--key" "$ETCD_KEY_FILE")
-        [[ -f "$ETCD_TRUSTED_CA_FILE" ]] && authFlags+=("--cacert" "$ETCD_TRUSTED_CA_FILE")
+        # we skip tls verify
+        # when startup etcd with one-way tls authentication, there will no CA file
+        # but script run as client, need a CA to verify server certs
+        # so add following flags to skip server certs verification, this also works for two-way tls authentication
+        authFlags+=("--insecure-transport=false --insecure-skip-tls-verify=true")
     fi
     echo "${authFlags[*]}"
 }