Follow the etcd service documentation and configure TLS encryption. Then, edit the etcd pod specification file /etc/kubernetes/manifests/etcd.yaml on the master node and set the below parameters. –cert-file=</path/to/ca-file> –key-file=</path/to/key-file>
Edit the etcd pod specification file $etcdconf on the master node and set the below parameter. –client-cert-auth=“true”
Edit the etcd pod specification file $etcdconf on the master node and either remove the –auto-tls parameter or set it to false. –auto-tls=false
Follow the etcd service documentation and configure peer TLS encryption as appropriate for your etcd cluster. Then, edit the etcd pod specification file $etcdconf on the master node and set the below parameters. –peer-client-file=</path/to/peer-cert-file> –peer-key-file=</path/to/peer-key-file>
Edit the etcd pod specification file $etcdconf on the master node and set the below parameter. –peer-client-cert-auth=true
Edit the etcd pod specification file $etcdconf on the master node and either remove the –peer-auto-tls parameter or set it to false. –peer-auto-tls=false
[Manual test] Follow the etcd documentation and create a dedicated certificate authority setup for the etcd service. Then, edit the etcd pod specification file $etcdconf on the master node and set the below parameter. –trusted-ca-file=</path/to/ca-file>