Example with TLS

Sergey_Stepanenko · October 24, 2021, 2:25pm

Hi all!
Please share example with external TLS use.
I use setup with haproxy, how i can set TLS for this case.
I not found tips for this.

Sergey_Stepanenko · October 25, 2021, 12:18pm

Hi again!
I was resolved my problem.
In case when HAproxy as loadbalancer, we use only sslInternal.
Haproxy in tcp mode and tls do with mysqld.

I miss with checking cert, when use

openssl s_client -connect IP_POD_PXC:3306

For check need use

openssl s_client -starttls mysql -connect IP_POD_PXC:3306

Also when we want use cert-manager and letencrypt issuer, you may get - “unable get local issuer certificate” in pxc pods and slave pod restarting always (not connect to master).
This was resolved by modify secret (i not find other solution).
New secret have:
ca.crt: chain ROOT_CA+INTER_CA
tls.crt: CERT
tls.key: KEY

Original secret have only:
tls.crt: chain ROOT_CA+INTER_CA+CERT
tls.key: KEY

Maybe who can known how resolve this problem different?

PS
Sorry for my english.

Topic		Replies	Views
Documentation for PXC-OPERATOR and PXC-DB Percona Operator for MySQL mysql , percona	8	869	February 17, 2022
Cannot update haproxy service parameters Percona Operator for MySQL	1	504	December 7, 2023
Handshake Failure with certificate validation failed Percona XtraDB Cluster 8.x mysql , percona	7	3396	May 10, 2022
Openshift operator how to create public route and connect Percona Operator for MySQL	2	976	September 20, 2021
Problems with HAProxy as load balancer and 2 nodes on leastcon / roundrobin Percona XtraDB Cluster 5.x	0	2944	November 9, 2013

Example with TLS

Related topics