Skip to content

rpc,security: set up TLS parameters for pod-to-pod communication #64476

New issue
New issue
Closed
Closed
rpc,security: set up TLS parameters for pod-to-pod communication#64476
Labels
A-authenticationPertains to authn subsystemsA-cc-enablementPertains to current CC production issues or short-term projectsA-cli-serverCLI commands that pertain to CockroachDB server processesA-kv-securityA-multitenancyRelated to multi-tenancyA-securityA-server-networkingPertains to network addressing,routing,initializationC-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-server-and-securityDB Server & SecurityX-server-triaged-202105
@knz

Description

@knz
knz
opened on Apr 30, 2021

The rpc.Context logic today is equipped to set up TLS parameters for:

  • Client-to-KV RPCs
  • KV-to-KV RPCs
  • SQL pod to KV RPCs

Now we also want to introduce SQL pod to SQL pod RPCs. We need a new TLS configuration for that.

Some questions to answer:

  • which CA to use?
  • are there other "gotchas" to account for?

Epic: CRDB-8505

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-authenticationPertains to authn subsystemsA-cc-enablementPertains to current CC production issues or short-term projectsA-cli-serverCLI commands that pertain to CockroachDB server processesA-kv-securityA-multitenancyRelated to multi-tenancyA-securityA-server-networkingPertains to network addressing,routing,initializationC-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)T-server-and-securityDB Server & SecurityX-server-triaged-202105

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions