[Improvement] Share Certificates Among Multiple Components #8278
Comments
|
kind of similar to #8201 |
|
This issue has been marked as stale because it has been open for 30 days with no activity |
|
@iziang In the scenario of ElasticSearch, Kibana requires the CA certificate to establish an encrypted connection with ElasticSearch, the information Kibana needs is the actual content of the certificate or the path to the local file containing the certificate content? |
Kibana needs the path to the local file containing the CA certificate. For example, if the CA certificate is located at elasticsearch.ssl.certificateAuthorities: [ "/path/to/ca_certificate.crt" ] |
In a production environment, the CA certificate should be centrally managed and not shared from a specific component. |
Is your improvement request related to a problem? Please describe.
KubeBlocks currently supports TLS certificates at the component level. However, for sharded clusters where multiple components use the same certificate, there is a need to support sharing certificates among multiple components, or alternatively, support certificates at the cluster level.
Additionally, for example, in the case of ElasticSearch, which has two types of components: ES and Kibana, the Kibana component needs to obtain the CA certificate from the ES component in order to initiate a secure connection.
If this is a new function, please describe the motivation and goals.
A clear and concise description of why you want to happen, link the design doc if possible
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or functions you've considered.
Additional context
Add any other context or screenshots about the improvement request here.
The text was updated successfully, but these errors were encountered: