Hey everyone! I'm curious to hear from those who are using CloudNativePG (CNPG) alongside Istio's mTLS feature. Specifically, have you experienced any challenges while running CNPG clusters with strict mTLS in your mesh? Did you encounter problems with CNPG's internal communication like replication or health checks? Additionally, did you have to tweak any PeerAuthentication or DestinationRule configurations? I'd love to hear any insights or tips you might have so I can better prepare myself!
2 Answers
Not trying to derail the topic, but I'm curious if you're using Barman for your CNPG backups. Have you tried the cloud plugin yet? I’d love to hear about any operational challenges or if everything has been running smoothly.
I'm currently using CloudNativePG with mTLS enabled across the mesh. However, I had to set up a Peer Authentication and a Service Entry to disable mTLS for the CNPG services. Honestly, the combination of mTLS with Istio and CNPG doesn't seem to work smoothly right now. There's a pull request out there working on this issue, but it hasn't seen much activity lately.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures