3.6.2 Create a Kubernetes Secret for etcd
You must provide etcd credentials and etcd endpoints in the values.yaml
file. MicroTx uses this information to establish a connection to etcd after the service is installed.
Before you begin, generate RSA certificates for etcd and create a JSON file with the contents of the generated certificates. See Generate RSA Certificates for etcd.
If you plan to deploy etcd and MicroTx within the same Kubernetes cluster, then it is optional for you to configure etcd with TLS. When etcd is configured with TLS, you must provide the certificate details in the values.yaml
file for the transaction coordinator.
values.yaml
file. The following code snippet provides sample value which are based on the values used in the commands in this topic.storage:
type: etcd
etcd:
endpoints: "https://198.51.100.1:4002"
skipHostNameVerification: "false"
credentialSecret:
secretName: "etcd-cert-secret"
secretFileName: "etcdecred.json"
cacertConfigMap:
configMapName: "etcd-ca-cert-map"
configMapFileName: "ca.pem"
If you do not provide the correct IP address for the endpoints
field, then host verification fails when you install MicroTx. To bypass the host verification in development environments, you can set skipHostNameVerification
to true
in the values.yaml
file of MicroTx.
Caution:
You must set theskipHostNameVerification
field to false
in production environments.
Parent topic: Set Up etcd as Data Store