cockroach-operator icon indicating copy to clipboard operation
cockroach-operator copied to clipboard

Published 20 hours ago verified publisher icon cockroachdb

ca.crt should be added in an independent secret

Open alinadonisa opened this issue 4 years ago • 3 comments

Move ca.crt in the another secret, so it can be mounted independently of the node.crt.

alinadonisa avatar May 13 '21 06:05 alinadonisa

No, we do not want to move ca.crt to the same secret as the ca.key, we need to create a cockroach.ca-crt secret that only includes the ca.crt. No one other than a user minting a new certificate should ever be mounting ca.key

keith-mcclellan avatar May 13 '21 13:05 keith-mcclellan

@keith-mcclellan this means we will have 4 secrets, right?

alinadonisa avatar May 13 '21 14:05 alinadonisa

yes. We don't want to remove ca.crt from the node and client secrets, just have a 4th secret that only has the ca.crt. Thanks

keith-mcclellan avatar May 13 '21 15:05 keith-mcclellan