tokers commented on issue #5608: URL: https://github.com/apache/apisix/issues/5608#issuecomment-979587311
> > It seems that you don't configure the username and password fields in APISIX configuration, so it won't carry the credential to ETCD. > > Thanks for your reply. I think username and password are not necessary. If an etcd server is launched with the option --client-cert-auth=true, the field of Common Name (CN) in the client’s TLS cert will be used as an etcd user. > > I did not set the username and password on dashboard config, but dashboard works well. > > And my ssl pem follows this rule. > > > STEP 3: create apisix ssl pems > > ``` > > #cat apisix-csr.json > > { > > "CN": "apisix", > > "hosts": [ > > ], > > "key": { > > "algo": "rsa", > > "size": 2048 > > }, > > "names": [ > > { > > "C": "CN", > > "ST": "DUMMY", > > "L": "DUMMY", > > "O": "etcd", > > "OU": "DUMMY" > > } > > ] > > } > > ``` > > refer to https://etcd.io/docs/v3.4/op-guide/authentication/#using-tls-common-name > > I force enable the debug mode of init_etcd, and got the following errmsg: > > ``` > CommonName of client sending a request against gateway will be ignored and not used as expected > ``` > > The error was ignored since the keyword "error" was missing in the response. details see [apisix](https://github.com/apache/apisix/blob/master/apisix/cli/etcd.lua#L350-L356) and [etcd](https://github.com/etcd-io/etcd/blob/main/server/embed/serve.go#L330-L341) Just in the docs you share: > Note that this feature cannot be used with gRPC-proxy and gRPC-gateway. This is because gRPC-proxy terminates TLS from its client so all the clients share a cert of the proxy. gRPC-gateway uses a TLS connection internally for transforming HTTP request to gRPC request so it shares the same limitation APISIX uses the gRPC gateway to communicate with ETCD. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org