hi,
at work we are deploying a elasticsearch cluster using docker swarm.
Joining the containers to the domain is no problem, but requesting host
certificates is proving more of a challenge.
The ipa-getcert request command executes succesfully, but it takes a long
time (> 1 hour) to get the certificate.
ipa-getcert list shows that it's generating a key, after a while a csr, but
it does not retrieve the signed certificate from the caserver.
This is obviously not desirable for us.
One alternative we are considering is generating the certificates in the
docker host (already joined) as dns aliases and offering those certificate
pairs to the containers running inside it. That way we would not even have
to join the containers to the domain.
How are you solving this problem (if you have it, of course)?
Thanks in advance for your comments.
--
regards,
natxo
Show replies by date