Enabling or disabling TLS on existing clusters managed by the tidb-operator #5700

snowballbear · 2024-08-02T11:54:52Z

Feature Request

Currently, enabling or disabling TLS is not supported for existing clusters managed by TiDB Operator. This feature can only be enabled during cluster creation. For existing clusters, the only way to enable or disable TLS is by rebuilding the cluster, which is very inconvenient. It is recommended to add support for enabling or disabling TLS on existing clusters.

csuzhangxc · 2024-08-06T03:59:57Z

Another method to enable/disable TLS on existing clusters is: suspend the cluster -> update TLS config -> resume the cluster.

This can't be done with a rolling update as during the updating, some components with TLS but some without, then they can't talk to each other.

csuzhangxc · 2024-08-08T02:50:33Z

Another method to enable/disable TLS on existing clusters is: suspend the cluster -> update TLS config -> resume the cluster.

This can't be done with a rolling update as during the updating, some components with TLS but some without, then they can't talk to each other.

Sorry, we tested this method, but it doesn't work as the Peer URL of PD can't be updated from http to https.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enabling or disabling TLS on existing clusters managed by the tidb-operator #5700

Enabling or disabling TLS on existing clusters managed by the tidb-operator #5700

snowballbear commented Aug 2, 2024

csuzhangxc commented Aug 6, 2024

csuzhangxc commented Aug 8, 2024 •

edited

Loading

Enabling or disabling TLS on existing clusters managed by the tidb-operator #5700

Enabling or disabling TLS on existing clusters managed by the tidb-operator #5700

Comments

snowballbear commented Aug 2, 2024

Feature Request

csuzhangxc commented Aug 6, 2024

csuzhangxc commented Aug 8, 2024 • edited Loading

csuzhangxc commented Aug 8, 2024 •

edited

Loading