Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2178

CAO - Enforce TLS Only

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 2.3.0
    • couchbase-server
    • 1

    Description

      There's a new Enforce TLS Couchbase Server cluster-wide option, see MB-12175 .  When this is enabled, the cluster must only use TLS network connections.  We need this available to K8s deployed clusters as well.

      Attachments

        Issue Links

          For Gerrit Dashboard: K8S-2178
          # Subject Branch Project Status CR V

          Activity

            simon.murray Simon Murray added a comment - - edited

            I hope you appreciate how infuriating it is to support cool new upstream features while also supporting legacy versions at the same time!

            simon.murray Simon Murray added a comment - - edited I hope you appreciate how infuriating it is to support cool new upstream features while also supporting legacy versions at the same time!
            simon.murray Simon Murray added a comment -

            Marked as >7.0.0 so adding to backlog.

            simon.murray Simon Murray added a comment - Marked as >7.0.0 so adding to backlog.
            simon.murray Simon Murray added a comment -

            Apparently available in 7.0.2.  Tried it out, trivial.  For QE, not so trivial as it obviously cuts off their communication channels with server.  This is a non-trivial change for them as they need to start using TLS everywhere when TLS is in use.  Not a chance this will make 2.3.0 IMO.

            simon.murray Simon Murray added a comment - Apparently available in 7.0.2.  Tried it out, trivial.  For QE, not so trivial as it obviously cuts off their communication channels with server.  This is a non-trivial change for them as they need to start using TLS everywhere when TLS is in use.  Not a chance this will make 2.3.0 IMO.
            simon.murray Simon Murray added a comment -

            Other option is to sneak it in as DP...

            simon.murray Simon Murray added a comment - Other option is to sneak it in as DP...

            Build couchbase-operator-2.3.0-204 contains couchbase-operator commit ff78f90 with commit message:
            K8S-2178: Strict Mode TLS

            build-team Couchbase Build Team added a comment - Build couchbase-operator-2.3.0-204 contains couchbase-operator commit ff78f90 with commit message: K8S-2178 : Strict Mode TLS

            Verified by QE

            arunkumar Arunkumar Senthilnathan added a comment - Verified by QE

            People

              simon.murray Simon Murray
              ianmccloy Ian McCloy
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty