Without that option X509v3 certificate can be only used for server
authentication. While that works for some services, Galera requries this
to enable SSL connectivity.
Change-Id: Id6ec42aeef06533d56e37c372dbfff3d16c950f0
They will produce warnings about deprecated CN definition,
but v3 one not working for galera right now.
Change-Id: Iedec42d42c32209311f455d3585c0451dfc6997f
Generation is based on https://github.com/cloudflare/cfssl, which has
several advantages over traditional tools:
- can work as a microservice in k8s;
- requires nothing but Golang;
- configuration can be machine-generated;
Change-Id: I3f05ce795beade0af12eb3426df759a1af8806af
Since first stage is to enable encryption and not authentication, we do
not need client certificates. On the other hand, we need both server_key
and server_certificate to enable TLS on backend.
Change-Id: I6cb1da8f6e160c3b05006542cf7d8a43a587d28e
Lets start with defailts off and null certs to unblock local
work on the TLS and make it enabled by default later, when cert
creation options will be finalized.
Change-Id: I123eac70012959df8da88da710629f636d68f14c
* scheme can be added with with_scheme=True flag
* ingress port will be added to the end of the address
Change-Id: I94efeea5a8a0acb67781d3e5a50b0c99601f7b4e
* ingress support added
port:
cont: 123
ingress: test
* two config params added:
configs:
ingress:
enable: False
domain: external
Ingress will be disabled by default
Change-Id: Ic621af6930f078eea17fd83fce26b42cd32ecf01
Adding etcd_connection_attempts and etcd_connection_delay
parameters to defaults.yaml to show that they can be
overriden
Change-Id: Iac892dfbf849e36a1b940964fec07d2644c29401
Depends-On: Ie388c90379e49a6129a682a130e4889dde4f8adc
Andreas Jaeger