> Thanks Xav. This is an old bug that should actually be closed now, since
> in the meantime we've provided a new recommended way to establish a HA
> certificate authority, using Vault instead of EasyRSA. Read
> https://ubuntu.com/kubernetes/docs/using-vault for details on using
> Vault with Charmed Kubernetes.
>
> There are no plans to provide a HA configuration for EasyRSA; Vault
> should be used if HA is needed.
Err, I have so many questions about this, but let's put them to one
side for now.
Canonical OpenStack supports full disk encryption. It does this using
vault. vault uses etcd as a backing store. etcd gets its TLS from
easyrsa.
I don't think having an EasyRSA charm which doesn't support scale out
is a super reasonable position, TBH.
Tim Van Steenburgh <email address hidden> writes:
> Thanks Xav. This is an old bug that should actually be closed now, since /ubuntu. com/kubernetes/ docs/using- vault for details on using
> in the meantime we've provided a new recommended way to establish a HA
> certificate authority, using Vault instead of EasyRSA. Read
> https:/
> Vault with Charmed Kubernetes.
>
> There are no plans to provide a HA configuration for EasyRSA; Vault
> should be used if HA is needed.
Err, I have so many questions about this, but let's put them to one
side for now.
Canonical OpenStack supports full disk encryption. It does this using
vault. vault uses etcd as a backing store. etcd gets its TLS from
easyrsa.
I don't think having an EasyRSA charm which doesn't support scale out
is a super reasonable position, TBH.
--
James