You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As authentication key has an expiration date we have to rotate it. One approach would be to do it via firewall-controller. It's already connecting to the metal-api and could use the newly introducedv1/vpn/authkey endpoint for rotation.
Problem is, firewall-controller is limited to the Firewall machines. So if we would plan to extend VPN functionality to other machines this setup would have to be reimplemented. My proposal is to implement rotation in metalctl. So that metalctl would be installed on machines, serve as a Tailscale client and would be responsible for authentication key rotation.
Does that sounds good?
The text was updated successfully, but these errors were encountered:
cc @majst01 @Gerrit91
As authentication key has an expiration date we have to rotate it. One approach would be to do it via
firewall-controller. It's already connecting to themetal-apiand could use the newly introducedv1/vpn/authkeyendpoint for rotation.Problem is,
firewall-controlleris limited to the Firewall machines. So if we would plan to extend VPN functionality to other machines this setup would have to be reimplemented. My proposal is to implement rotation inmetalctl. So thatmetalctlwould be installed on machines, serve as a Tailscale client and would be responsible for authentication key rotation.Does that sounds good?
The text was updated successfully, but these errors were encountered: