Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Etcd salt defaults file is confusingly not used. #6081

Closed
erictune opened this issue Mar 27, 2015 · 3 comments
Closed

Etcd salt defaults file is confusingly not used. #6081

erictune opened this issue Mar 27, 2015 · 3 comments
Labels
area/etcd priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.

Comments

@erictune
Copy link
Member

Commit ba74928 by
@davidopp says:
Have etcd listen on all interfaces so that monit probes succeed. Closes #3852.

Listening on all interfaces is the wrong thing to do from a security standpoint because it exposes etcd to modification.

Once @ArtfulCoder change to put etcd in a pod is complete, then kubelet can monitor instead of monit, so then etc can be on 127.0.0.1.

It is confusing, because DAEMON_ARGS is set in cluster/saltbase/salt/etcd/defaults, which is where you normally set those things. But that file is only pushed to the node by cluster/saltbase/salt/etcd/init.sls if the OS is red-hat. What a mess.
@erictune erictune mentioned this issue Mar 27, 2015
Closed
@erictune erictune changed the title Etcd is listening on all IPs, should not. And the defaults file is orphaned. Etcd salt defaults file is confusingly not used. Mar 27, 2015
@erictune
Copy link
Member Author

This issue is really about the confusing salt config. The security issue is covered by #6067.

@zmerlynn
Copy link
Member

Totally obvious. I don't see what you're complaining about.

@vmarmol vmarmol added area/etcd priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. team/master labels Mar 30, 2015
@erictune erictune added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. team/control-plane and removed team/master sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels Aug 19, 2015
@bgrant0607
Copy link
Member

Fixed by #4442

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/etcd priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vmarmol @zmerlynn @bgrant0607 @erictune