The operator pod shows the following error message:
{"level":"error","ts":1654641248.7047756,"logger":"controller.perconaxtradbcluster-controller","msg":"Reconciler error","name":"cluster1","namespace":"pxc2","error":"reconcile users: manage monitor user: update monitor grant: create operator user: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.","errorVerbose":"Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.\ncreate operator user
If I normally create the cluster, then pause the cluster, and then resume it with the require_secure_transport option, it shows the below message:
{"level":"info","ts":1654644597.4689348,"logger":"perconaxtradbcluster","caller":"pxc/controller.go:465","msg":"reconcile replication error","cluster":"cluster1","namespace":"pxc2","err":"get primary pxc pod: failed to get proxySQL db: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON."}
It's not clear if the above messages will impact cluster subsequent behavior.
As a workaround, you can establish all connections using ssl.
makes sense to implement it later. Fixing the doc and providing a workaround is a step 1.
Sveta Smirnova August 15, 2022 at 11:12 PM
at the moment you can create MySQL users, created with option REQUIRE SSL. This should resolve the issue for all external connections.
Kimmo Katajisto August 15, 2022 at 7:12 AM
Hi,
This is really important feature. It is organization security requirement to have encrypted connections between client and server. We are offering databases as a service and workaround to enable TLS with each database user is not quite feasible.
I hope this could be prioritized on MySQL Operator development somehow.
-Kimmo
Sveta Smirnova August 11, 2022 at 2:38 PM
maybe we can also leave this ticket open after documentation is fixed, so we implement this feature in future versions of the Operator? Or create new feature request?
If I create a cluster with the option require_secure_transport, as follows
configuration: |[mysqld]require_secure_transport=ONThe operator pod shows the following error message:
{"level":"error","ts":1654641248.7047756,"logger":"controller.perconaxtradbcluster-controller","msg":"Reconciler error","name":"cluster1","namespace":"pxc2","error":"reconcile users: manage monitor user: update monitor grant: create operator user: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.","errorVerbose":"Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON.\ncreate operator userIf I normally create the cluster, then pause the cluster, and then resume it with the require_secure_transport option, it shows the below message:
{"level":"info","ts":1654644597.4689348,"logger":"perconaxtradbcluster","caller":"pxc/controller.go:465","msg":"reconcile replication error","cluster":"cluster1","namespace":"pxc2","err":"get primary pxc pod: failed to get proxySQL db: Error 3159: Connections using insecure transport are prohibited while --require_secure_transport=ON."}It's not clear if the above messages will impact cluster subsequent behavior.
As a workaround, you can establish all connections using ssl.