k8s
k8s copied to clipboard
cockroachdb
Client Certificates in a K8S cluster with multiple CRDB StatefulSets
I am currently writing a Kubernetes Operator for CRDB. While porting over the statefulset artefacts from the crdb repo it became clear that when running multiple CRDB clusters in the same namespace in K8s the root key (default.client.root) will be valid in all clusters, which is probably not what we want.
All other client keys with the same name will also work on all clusters inside K8S (granted the user exists.) . I propose changing the naming convention for keys to something like:
<namespace>.<cluster-name>.<role>.<name>
in stead of
<namespace>.<role>.<name> what we have today.
