You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/07/25 09:46:57 UTC

[GitHub] [apisix] tzssangglass opened a new pull request #4665: docs: Set the CA certificate for etcd in mtls.md

tzssangglass opened a new pull request #4665:
URL: https://github.com/apache/apisix/pull/4665


   ### What this PR does / why we need it:
   <!--- Why is this change required? What problem does it solve? -->
   Add about setting CA certificate for etcd in `mtls.md`.
   <!--- If it fixes an open issue, please link to the issue here. -->
   
   ### Pre-submission checklist:
   
   * [x] Did you explain what problem does this PR solve? Or what new features have been added?
   * [ ] Have you added corresponding test cases?
   * [x] Have you modified the corresponding document?
   * [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

spacewander commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676231488



##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.
+
+```yaml
+apisix:
+  ssl:
+    ssl_trusted_certificate: /path/to/certs/ca-certificates.crt       # path of CA certificate used by the etcd client

Review comment:
       this is the CA used by the etcd server

##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.

Review comment:
       If the certificate used by etcd is already trusted by APISIX, we don't need to set the CA.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

tokers commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676230673



##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.
+
+```yaml
+apisix:

Review comment:
       What about just coalesce this code block and the last one (`etcd.tls`).




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676286224



##########
File path: docs/en/latest/mtls.md
##########
@@ -66,7 +66,7 @@ curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert /
 
 ### How to configure
 
-You need to [build APISIX-Openresty](./how-to-build.md#6-build-openresty-for-apisix) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled.
+You need to [build APISIX-Openresty](./how-to-build.md#step-6-build-openresty-for-apache-apisix) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled,

Review comment:
       update




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] yzeng25 commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

yzeng25 commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676272537



##########
File path: docs/en/latest/mtls.md
##########
@@ -66,7 +66,7 @@ curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert /
 
 ### How to configure
 
-You need to [build APISIX-Openresty](./how-to-build.md#6-build-openresty-for-apisix) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled.
+You need to [build APISIX-Openresty](./how-to-build.md#step-6-build-openresty-for-apache-apisix) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled,

Review comment:
       "enabled," --> "enabled." or "enabled:"




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676256572



##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.

Review comment:
       update expressions




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander merged pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

spacewander merged pull request #4665:
URL: https://github.com/apache/apisix/pull/4665


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676256820



##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.
+
+```yaml
+apisix:

Review comment:
       put them together may be unclear




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on a change in pull request #4665: docs: Set the CA certificate for etcd in mtls.md

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on a change in pull request #4665:
URL: https://github.com/apache/apisix/pull/4665#discussion_r676256363



##########
File path: docs/en/latest/mtls.md
##########
@@ -75,6 +75,14 @@ etcd:
     key: /data/certs/etcd_client.key        # path of key used by the etcd client
 ```
 
+Also set the CA certificate.
+
+```yaml
+apisix:
+  ssl:
+    ssl_trusted_certificate: /path/to/certs/ca-certificates.crt       # path of CA certificate used by the etcd client

Review comment:
       update




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org