Hi there,
I am trying to add requireTLS to force all connections to use TLS. It seems that for some reason, there is code in ps-entry.sh which is changing this to preferTLS.
I cannot find any document as to why this is happening, but it seems to be intentional. Is there a reason why this has been done in the operators or is this a bug?
in the line 411 of the ps-entry.sh, I found something about requireTLS, but unfortunately, I cannot set to requireTLS either
I have already set the net.tls.mode to requireTLS in cr.yml
mongod:
net:
port: 27017
hostPort: 0
tls:
mode: requireTLS
thank you for submitting this. I will check with our eng team what can be done to set requireTLS.
Seems it is not possible to set requireTLS now through the Operator.
I have raised an improvement in JIRA: [K8SPSMDB-515] Allow setting requireTLS mode for MongoDB through the Operator - Percona JIRA
I don’t have any confirmed ETA of when it is going to be resolved.
Please let me know if this is a hard blocker for you.
That’s great, thanks for logging the improvement.
It is one of the blockers for using this Operator for my use case, so I will look at the operator once the feature set is further along.
Thank you
same as @kylem , requireTLS is a mandatory security item to be follow.
Unanswered | Unsolved | Solved
MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright © 2006 - 2024 Percona LLC. All rights reserved.