Skip to content

Split out "tls_dir" into individual files so that Docker/K8s secrets management can be plugged in  #3820

New issue
New issue
Closed
Closed
Split out "tls_dir" into individual files so that Docker/K8s secrets management can be plugged in #3820
Labels
area/kubernetesRelated to running Dgraph on K8sarea/operationsRelated to operational aspects of the DB, including signals, flags, env vars, etc.kind/enhancementSomething could be better.status/acceptedWe accept to investigate/work on it.
@sandys

Description

@sandys
sandys
opened on Aug 15, 2019

dgraph alpha has an option parameter "tls_dir" to take in TLS certificates created in a directory.

Usually this has CA certificates, node and user keys.

The industry recommended way to do secret management in Docker is through Docker Secrets : https://docs.docker.com/engine/swarm/secrets/

There are equivalents in Kubernetes as well as external tools like Hashicorp Vault. Most of them work at the file level and not at the directory level.

I request for additional parameters like "tls_ca_cert", "tls_node_key", etc so that these individual files can be passed in using secret management

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/kubernetesRelated to running Dgraph on K8sarea/operationsRelated to operational aspects of the DB, including signals, flags, env vars, etc.kind/enhancementSomething could be better.status/acceptedWe accept to investigate/work on it.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions