Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabled TLS encrypted communication for etcd #857

Merged
merged 36 commits into from
Dec 30, 2024
Merged

Enabled TLS encrypted communication for etcd #857

merged 36 commits into from
Dec 30, 2024

Conversation

klention
Copy link
Contributor

@klention klention commented Dec 21, 2024
edited by vitabaks
Loading

Issue: #822

Related PR: #849

TLS Communication Encryption is now enabled for:

  • Between PostgreSQL nodes
  • Between PgBouncer and PostgreSQL nodes
  • Between etcd nodes
  • Between Patroni and etcd nodes
  • Between vip-manager and etcd nodes
  • Between confd and etcd nodes

@klention klention changed the title Enabled TLS communication encryption Enabled TLS communication encryption for etcd Dec 21, 2024
@klention klention force-pushed the tls_etcd_communication branch from c21ae15 to e4b34d3 Compare December 21, 2024 18:30
@klention klention force-pushed the tls_etcd_communication branch from c4f979c to 444cf71 Compare December 21, 2024 18:55
@klention klention force-pushed the tls_etcd_communication branch from 3ba5e76 to c515238 Compare December 22, 2024 11:40
@klention
Copy link
Contributor Author

klention commented Dec 22, 2024
edited
Loading

Resolves #822

@klention klention marked this pull request as ready for review December 22, 2024 13:55
@klention klention changed the title Enabled TLS communication encryption for etcd Enabled TLS encrypted communication for etcd Dec 22, 2024
@klention
Copy link
Contributor Author

#859

vitabaks
vitabaks reviewed Dec 26, 2024
View reviewed changes
automation/vars/main.yml Outdated Show resolved Hide resolved
@vitabaks
Copy link
Owner

vitabaks commented Dec 27, 2024
edited
Loading

Great job @klention! Thanks a lot for the contribution.

The remaining task is to implement TLS between the confd service and etcd nodes to ensure full TLS coverage across all cluster components (not considering the consul cluster).

Configuration options:

  • client_cakeys (string) - The client CA key file.
  • client_cert (string) - The client cert file.
  • client_key (string) - The client key file.

Doc: https://github.com/kelseyhightower/confd/blob/master/docs/configuration-guide.md

UPD: I'll do it.

@klention
Copy link
Contributor Author

Great job @klention! Thanks a lot for the contribution.

The remaining task is to implement TLS between the confd service and etcd nodes to ensure full TLS coverage across all cluster components (not considering the consul cluster).

Configuration options:

  • client_cakeys (string) - The client CA key file.
  • client_cert (string) - The client cert file.
  • client_key (string) - The client key file.

Doc: https://github.com/kelseyhightower/confd/blob/master/docs/configuration-guide.md

UPD: I'll do it.

Thank you for all of this 👍

@vitabaks vitabaks merged commit 7cf037c into vitabaks:master Dec 30, 2024
15 checks passed
This was referenced Dec 30, 2024
Closed
Closed
@klention klention deleted the tls_etcd_communication branch December 30, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vitabaks vitabaks vitabaks left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@klention @vitabaks