Some cluster connections don't use TLS

General

Escalation

General

Escalation

Description

I was using PixieLabs to check some things and noticed that mysql queries can be seen clearly in Pixie interface, which probably means that the network traffic is not encrypted.

Example1:

Example2:

Example1 code seems to be from here: https://github.com/percona/percona-server-mysql-operator/blob/main/pkg/replicator/replicator.go#L116-L125

I will gather more examples and update.

Environment

None

Attachments

Smart Checklist

Activity

Show:

Tomislav Plavcic March 28, 2023 at 2:13 PM

As of 0.5.0 intra mysql connections are no longer visible in the output, but connections from orchestrator are still visible so it needs to be discussed if this needs to be encrypted as well or not.
What I can see in the config is that we specify:

but don't specify:

Done

Details
Assignee
Tomislav Plavcic
Reporter
Tomislav Plavcic
Labels
certificatediscover-qa
Needs QA
Yes
Fix versions
0.7.0
Affects versions
0.3.0
Priority
Medium

Smart Checklist

Created September 30, 2022 at 5:18 PM

Updated March 25, 2024 at 7:39 PM

Resolved March 18, 2024 at 3:06 PM

Configure

Some cluster connections don't use TLS

Description

Environment

Attachments

Smart Checklist

Activity

Tomislav Plavcic March 28, 2023 at 2:13 PM

DetailsAssigneeTomislav PlavcicTomislav PlavcicReporterTomislav PlavcicTomislav PlavcicLabelscertificatediscover-qaNeeds QAYesFix versions0.7.0Affects versions0.3.0PriorityMedium

Details

Assignee

Reporter

Labels

Needs QA

Fix versions

Affects versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Tomislav Plavcic
Reporter
Tomislav Plavcic
Labels
certificatediscover-qa
Needs QA
Yes
Fix versions
0.7.0
Affects versions
0.3.0
Priority
Medium

Smart Checklist