Comment 9 for bug 1809377
Revision history for this message
| Xav Paice (xavpaice) wrote Re: Scale out broken | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
For the sake of clarity, there's two models right now where we need to have a migration path:
- OpenStack models, where we use Vault for encryption at rest, with a backing data store of etcd (which is bootstrapped using certs from easyrsa)
- Kubernetes models, where all certs are provided by easyrsa and there's no Vault.
For the first scenario, the existing Vault could be migrated to use a fresh store, possibly mysql rather than etcd even, and that would allow us to remove the easyrsa charm when switching to HA.
For the second, easyrsa is more tightly knitted into the environment and we need to determine exactly what and how to migrate from easyrsa to vault.