You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/proposals/control-data-plane-split/README.md
+2-2Lines changed: 2 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -140,7 +140,7 @@ This process must be documented so users are aware that their Secrets are being
140
140
### Encryption
141
141
142
142
The agent and control plane communication channel will be encrypted. We will store the server certificate, key pair, and
143
-
CA certificate in Kubernetes Secrets. The server Secret will live in the `nginx-gateway` namespace, and the agent Secret will live in the same namespace where the agent is deployed. The Secrets need to exist before the control plane and data planes are deployed.
143
+
CA certificate in Kubernetes Secrets. The server Secret will live in the control plane namespace, and the agent Secret will live in the same namespace where the agent is deployed. The Secrets need to exist before the control plane and data planes are deployed.
144
144
145
145
-`nginx-gateway-cert`: This Secret will contain the TLS certificate and private key that the control plane will use to
146
146
serve gRPC traffic.
@@ -151,7 +151,7 @@ names and mount path configurable via flags. For production, we will direct the
151
151
For development and testing purposes, we will provide a self-signed default certificate. In order to be secure by
152
152
default, NGF should generate the default certificates and keypair during installation using a Kubernetes Job.
153
153
154
-
Cert-manager is probably the easiest way for a user to manage certs for this. [Reflector](https://github.com/emberstack/kubernetes-reflector) is a tool that can be used to sync Secrets across namespaces, so that all agents receive the certificate updates for the initial Secret created by cert-manager.
154
+
Cert-manager is probably the easiest way for a user to manage certs for this. [Reflector](https://github.com/emberstack/kubernetes-reflector) is a tool that can be used to sync Secrets across namespaces, so that all agents receive the certificate updates for the initial Secret created by cert-manager. Or our control plane just does this since we will likely have this logic anyway for copying NGINX Plus Secrets.
0 commit comments