Re: community feedback on removing non-encrypted support from consul-release


Amit Kumar Gupta
 

Thanks Zach, I agree it'll be nice to move all the things to
secure-by-default as a general rule.

I realized I left the link out of my original email when I said "The BOSH
release of consul maintained by the core CF team [1]"

[1] https://github.com/cloudfoundry-incubator/consul-release

On Sat, Feb 6, 2016 at 3:19 PM, Zach Robinson <zrobinson(a)pivotal.io> wrote:

I love the idea of secure by default, with simple tooling provided to
enable development workflows. If things work well on this release it's
probably a good idea to start using a similar pattern throughout.

-Zach

On Fri, Feb 5, 2016 at 4:04 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

Hey all!

The BOSH release of consul maintained by the core CF team [1] currently
supports both encrypted and unencrypted modes of operation. "encrypted"
means that all server-to-server and client-to-server is encrypted and
mutually authenticated via TLS, and all gossip traffic is encrypted using
an encryption key. "unencrypted" means none of the above.

We'd like to remove support for the non-encrypted mode of operation. All
production environments should be operating in encrypted mode, and all
production environments we know of do indeed. This should not affect the
developer workflow, as the BOSH-Lite tooling for the primary consumers of
consul-release (namely cf-release and diego-release) have built-in
self-signed certs.

We will continue to provide documentation and tooling to make it easy to
generate the right certs/keys for operating consul-release in encrypted
mode.

Does anyone have concerns about this proposal?

Thanks,
Amit, CF Infrastructure team PM

Join cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.