The Wayback Machine - https://web.archive.org/web/20190601131656/https://github.com/etcd-io/etcd/issues/10714
Skip to content

/etcd

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Enabling HTTPS" documentation for v3? #10714

Open
vkhromov opened this issue May 9, 2019 · 4 comments

Comments

Labels
Help Wanted area/doc good first issue
3 participants
@vkhromov @spzala @hexfusion
@vkhromov
Copy link

commented May 9, 2019
edited

There is a document describing how to migrate an existing etcd cluster from HTTP communication to encrypted HTTPS.
The document uses v2-based CLI, some of those commands have different args or output format in their v3 equivalent, and some of them (like etcdctl cluster-health) doesn't seem to exist in v3. The document is also marked as deprecated and there is a recommendation to use the GitHub repository for the more recent documentation.
Unfortunately, it seems there is no document describing such migration in the current GitHub repository. Moreover, such document probably better uses v3-based CLI, as more and more etcd installations are moving away from v2.

@spzala spzala added the area/doc label May 9, 2019

@spzala

This comment has been minimized.

Sign in to view
Copy link
Member

commented May 9, 2019
edited

I also do not see the doc page mentioned here in the master doc. Not sure if it was not moved because of a specific reason or we missed moving it /cc @gyuho @hexfusion

@hexfusion hexfusion added good first issue Help Wanted labels May 10, 2019

@hexfusion

This comment has been minimized.

Sign in to view
Copy link
Member

commented May 10, 2019

I am not sure how common this use-case is honestly, this type of reconfiguration is probably best documented as a snapshot restore operation. In which case we already document all of the necessary runtime configurations [1].

We also already document cluster reconfiguration [2]. But if you wanted to put this all together will full examples and link it from runtime-configuration docs [2] it could be useful.

[1] https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md
[2] https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/runtime-configuration.md#cluster-reconfiguration-operations
@vkhromov

This comment has been minimized.

Sign in to view
Copy link
Author

commented May 10, 2019

That's true that the required steps and changes for the migration could be deduced from the existing docs. Probably the most important property of [1] is that it describes the migration without the etcd cluster downtime, which is not so trivial to archive considering the nature of migration. Particularly, the migration using the snapshot restore operation does require the cluster downtime.

[1] https://coreos.com/etcd/docs/latest/etcd-live-http-to-https-migration.html
@hexfusion

This comment has been minimized.

Sign in to view
Copy link
Member

commented May 10, 2019

Particularly, the migration using the snapshot restore operation does require the cluster downtime.

True there is no silver lining here reconfiguring a cluster is risky and snapshot requires downtime.

@vkhromov vkhromov referenced this issue May 15, 2019

Open

Documentation: import "Enabling HTTPS in an existing etcd cluster" #10728

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.