community feedback on removing non-encrypted support from consul-release

Home Messages Hashtags Subgroups

Amit Kumar Gupta #1369 Hey all! The BOSH release of consul maintained by the core CF team [1] currently supports both encrypted and unencrypted modes of operation. "encrypted" means that all server-to-server and client-to-server is encrypted and mutually authenticated via TLS, and all gossip traffic is encrypted using an encryption key. "unencrypted" means none of the above. We'd like to remove support for the non-encrypted mode of operation. All production environments should be operating in encrypted mode, and all production environments we know of do indeed. This should not affect the developer workflow, as the BOSH-Lite tooling for the primary consumers of consul-release (namely cf-release and diego-release) have built-in self-signed certs. We will continue to provide documentation and tooling to make it easy to generate the right certs/keys for operating consul-release in encrypted mode. Does anyone have concerns about this proposal? Thanks, Amit, CF Infrastructure team PM attachment.html
More All Messages By This Member

Join {cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.