Peer auto TLS set to true
This product is not supported for your selected
Datadog site. (
).
Id: ae8827e2-4af9-4baa-9998-87539ae0d6f0
Cloud Provider: k8s
Framework: Kubernetes
Severity: Medium
Category: Networking and Firewall
Learn More
Description
When using etcd, the --peer-auto-tls flag should be set to false.
Compliant Code Examples
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd"]
args: []
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd", "--peer-auto-tls=false"]
args: []
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
Non-Compliant Code Examples
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-etcd-deployment
spec:
selector:
matchLabels:
app: app
replicas: 1
template:
metadata:
labels:
app: app
version: v1
spec:
serviceAccountName: database
containers:
- name: database
image: gcr.io/google_containers/etcd:v3.2.18
imagePullPolicy: IfNotPresent
command: ["etcd"]
args: ["--peer-auto-tls=true"]
nodeSelector:
kubernetes.io/hostname: worker02
restartPolicy: OnFailure
