This product is not supported for your selected
Datadog site. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: 98ce8b81-7707-4734-aa39-627c6db3d84b
Cloud Provider: k8s
Framework: Kubernetes
Severity: Medium
Category: Networking and Firewall
Learn More
Description
When using etcd, the --auto-tls flag should be set to false.
Compliant Code Examples
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd"]
args: []
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd", "--auto-tls=false"]
args: []
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
Non-Compliant Code Examples
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd"]
args: ["--auto-tls=true"]
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
