Setting up etcd certificates for RBAC

You want to restrict the operations that support staff are able to perform to minimize accidental corruption or deletion of etcd data.
You want to use a single etcd cluster for Calico and Kubernetes (rather than having an etcd cluster for Calico and a separate etcd cluster for Kubernetes.
You want to restrict the read/write access of the various Calico components as an additional safety measure.

If using only the v2 API with etcd, as Calico does, then the minimum etcd version required is 3.0.12.
If using the v3 API with etcd, as Kubernetes can, then the minimum etcd version required is 3.2. (Note: The 3.x version of etcd supports both the v2 and the v3 API.)

Setup etcd with the CA certificate and the certificates generated in step 1. See the etcd security op-guide for help configuing etcd.
.
Configure components. For example:
- Setting up Kubernetes with Calico utilizing etcd RBAC.
- .