From ff4ccd895d05c4b72b893b99c6de0a2a633a5fba Mon Sep 17 00:00:00 2001 From: Chen Rao Date: Tue, 6 Aug 2024 11:37:01 +0800 Subject: [PATCH] [bitnami/etcd] fix: healthcheck will failed when startup etcd with one-way tls authentication (#70554) Signed-off-by: Chen Rao --- .../3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh index 3991aaab5620f..64b66fb864e8f 100644 --- a/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh +++ b/bitnami/etcd/3.5/debian-12/rootfs/opt/bitnami/scripts/libetcd.sh @@ -307,7 +307,11 @@ etcdctl_auth_norbac_flags() { authFlags+=("--cert" "${ETCD_DATA_DIR}/fixtures/client/cert.pem" "--key" "${ETCD_DATA_DIR}/fixtures/client/key.pem") else [[ -f "$ETCD_CERT_FILE" ]] && [[ -f "$ETCD_KEY_FILE" ]] && authFlags+=("--cert" "$ETCD_CERT_FILE" "--key" "$ETCD_KEY_FILE") - [[ -f "$ETCD_TRUSTED_CA_FILE" ]] && authFlags+=("--cacert" "$ETCD_TRUSTED_CA_FILE") + # we skip tls verify + # when startup etcd with one-way tls authentication, there will no CA file + # but script run as client, need a CA to verify server certs + # so add following flags to skip server certs verification, this also works for two-way tls authentication + authFlags+=("--insecure-transport=false --insecure-skip-tls-verify=true") fi echo "${authFlags[*]}" }