Skip to content

Support deploying and managing TLS encryption enabled TiDB cluster #529

New issue
New issue
Closed
#673
Closed
Support deploying and managing TLS encryption enabled TiDB cluster#529
#673
Assignees
AstroProfundis
Labels
category/securityCategorizes issue or PR as a security enhancement.priority/P0Indicates that the priority of a issue is very high.status/need-docIndicates that we should update document before merge a PR.type/feature-requestCategorizes issue as related to a new feature.
Milestone
v1.2.0
@lucklove

Description

@lucklove
lucklove
opened on Jun 23, 2020

Feature Request

Description

At present, when deploying a cluster with tiup-cluster, the tidb cluster (tidb <-> pd <-> tikv and pd <-> tiup) use plain messages to communicate, this may lead to potential security leaks. We should support TLS encryption as an option in the cluster topology to enable TLS encryption among components.

Similar support is already implemented in tidb-ansible and tidb-operator.

Catagory

Security

Value

Increase security of TiDB cluster, and avoid potential security leaks like MITM attack.

TODO List

  • Add support of TLS encryption in specs
    • PD
    • TiKV
    • TiDB (Both server and client)
    • Pump / Drainer
    • CDC
    • binlog
    • Conflict validation with unsupported components
  • Generate TLS certificates and correct configs for components
  • Support API calls with TLS encryption enabled

Schedule

GanttStart: 2020-08-01
GanttDue: 2020-08-31
GanttProgress: 95%

Metadata

Metadata

Assignees

Labels

category/securityCategorizes issue or PR as a security enhancement.priority/P0Indicates that the priority of a issue is very high.status/need-docIndicates that we should update document before merge a PR.type/feature-requestCategorizes issue as related to a new feature.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions