Announcement: default etcd cluster to TLS in cf-release spiff templates


Amit Kumar Gupta
 

Hi all,

I'd like to change the cf-release manifest generation templates to default
to running etcd in secure TLS mode. It currently supports both TLS and
non-TLS modes of operation. The etcd job will support both modes of
operation for the near future, but I'd like to make the manifest scripts
only support TLS, meaning anyone using those templates will either need to
switch to TLS mode or do their own post-processing of the manifest to
disable TLS.

Detailed instructions for upgrading a non-TLS cluster to a TLS cluster with
zero downtime are here:
https://docs.google.com/document/d/1ZzWzp3H6H3t1ikk6Fl-8x1LX2a_0dHPJ5MMLEwY0inI/edit.
Note that this should allow for zero app and logging downtime, but minimal
downtime for certain features such as binding a syslog-drain-url service.

Please let me know if you have any feedback about this forthcoming change.

Best,
Amit

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.