Example with TLS

Hi all!
Please share example with external TLS use.
I use setup with haproxy, how i can set TLS for this case.
I not found tips for this.

1 Like

Hi again!
I was resolved my problem.
In case when HAproxy as loadbalancer, we use only sslInternal.
Haproxy in tcp mode and tls do with mysqld.

I miss with checking cert, when use

openssl s_client -connect IP_POD_PXC:3306

For check need use

openssl s_client -starttls mysql -connect IP_POD_PXC:3306

Also when we want use cert-manager and letencrypt issuer, you may get - “unable get local issuer certificate” in pxc pods and slave pod restarting always (not connect to master).
This was resolved by modify secret (i not find other solution).
New secret have:
ca.crt: chain ROOT_CA+INTER_CA
tls.crt: CERT
tls.key: KEY

Original secret have only:
tls.crt: chain ROOT_CA+INTER_CA+CERT
tls.key: KEY

Maybe who can known how resolve this problem different?

Sorry for my english.

1 Like