Document TLS configuration #1968
Assignees
Labels
area:documentation
All issues pertaining to usability and documentation
Comments
|
@schallert Can comment here on TLSConfig for etcd and seed nodes, but in general, communication between M3DB nodes are not secured. The system was designed to be run inside a secure network. You can secure writes into the overall system, but between the components of the system, there are no security mechanisms now. |
|
@gibbscullen Can you explain why this was closed? |
|
Yes, we are actively working on updating the M3 documentation. |
gibbscullen
added
the
area:documentation
|
@schallert -- following up on this ... can you comment here on TLSConfig for etcd and seed nodes when have a chance? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, the documentation doesn't explain how to secure communication between M3DB and etcd and also between M3DB nodes. There are no TLS options in the example configuration files.
Looking at the source code, TLS seems to be supported, at least for the etcdclusters and seednodes configurations. These two components use a different configuration format, however, and it's not entirely clear what the etcdclusters TLSConfig does. The code comments are meaningless, and the documentation lacks a description of the options.
SeedNodeSecurityConfig is better, in that it has separate options for client and server certificates for the embedded etcd cluster. But there is no documentation either, and the comments are equally meaningless.
As for communication between M3 nodes, is there even some sort of security? I don't see any place where TLS certificates or some other kind of authentication and transport security could be configured.
The text was updated successfully, but these errors were encountered: