Only distribute etcd certificates to masters

They are not needed on other nodes.
2017-07-06 20:07:10 -05:00 · 2017-07-06 20:07:10 -05:00 · e36d2d864c
parent 8221c21b8f
commit e36d2d864c
1 changed files with 4 additions and 4 deletions
--- a/promenade/generator.py
+++ b/promenade/generator.py
@ -46,19 +46,19 @@ class Generator:
                key_target='masters')
        etcd_client_ca, etcd_client_ca_key = keys.generate_ca(
                ca_name='etcd-client',
-                cert_target='all',
+                cert_target='masters',
                key_target='masters')
        etcd_peer_ca, etcd_peer_ca_key = keys.generate_ca(
                ca_name='etcd-peer',
-                cert_target='all',
+                cert_target='masters',
                key_target='masters')
        calico_etcd_client_ca, calico_etcd_client_ca_key = keys.generate_ca(
                ca_name='calico-etcd-client',
-                cert_target='all',
+                cert_target='masters',
                key_target='masters')
        calico_etcd_peer_ca, calico_etcd_peer_ca_key = keys.generate_ca(
                ca_name='calico-etcd-peer',
-                cert_target='all',
+                cert_target='masters',
                key_target='masters')

        admin_cert, admin_cert_key = keys.generate_certificate(