Currently users need to do manual work to enable/disable TLS in a running cluster.
To disable TLS in a running cluster you need to do the following manually:
Pause cluster
Set spec.unsafeFlags.tls=true and spec.tls.enabled=false
Delete SSL secrets
Unpause cluster
To enable TLS in a running cluster:
Pause cluster
Set spec.unsafeFlags.tls=false and spec.tls.enabled=true
Unpause cluster
These can be automated.
Environment
None
Activity
Julio Pasinatto December 10, 2024 at 8:20 PM
Verified, but we have a limitation: If cluster is paused and spec.tls.enabled is changed and cr is applied, the cluster will be automatically unpaused.
Currently users need to do manual work to enable/disable TLS in a running cluster.
To disable TLS in a running cluster you need to do the following manually:
Pause cluster
Set
spec.unsafeFlags.tls=trueandspec.tls.enabled=falseDelete SSL secrets
Unpause cluster
To enable TLS in a running cluster:
Pause cluster
Set
spec.unsafeFlags.tls=falseandspec.tls.enabled=trueUnpause cluster
These can be automated.