Hi all!
Please share example with external TLS use.
I use setup with haproxy, how i can set TLS for this case.
I not found tips for this.
1 Like
Hi again!
I was resolved my problem.
In case when HAproxy as loadbalancer, we use only sslInternal.
Haproxy in tcp mode and tls do with mysqld.
I miss with checking cert, when use
openssl s_client -connect IP_POD_PXC:3306
For check need use
openssl s_client -starttls mysql -connect IP_POD_PXC:3306
Also when we want use cert-manager and letencrypt issuer, you may get - “unable get local issuer certificate” in pxc pods and slave pod restarting always (not connect to master).
This was resolved by modify secret (i not find other solution).
New secret have:
ca.crt: chain ROOT_CA+INTER_CA
tls.crt: CERT
tls.key: KEY
Original secret have only:
tls.crt: chain ROOT_CA+INTER_CA+CERT
tls.key: KEY
Maybe who can known how resolve this problem different?
PS
Sorry for my english.
1 Like