wu-sheng edited a comment on pull request #8179: URL: https://github.com/apache/skywalking/pull/8179#issuecomment-981020834
> I explained before. Below is the use case: > > Deploy SkyWalking in K8S by using [chart](https://github.com/apache/skywalking-kubernetes/blob/master/chart/skywalking/README.md), using an existing ElasticSearch instance which is https enabled and using self signed key. > > So how can you give SkyWalking a trust store which containing the ElasticSearch's CA by using environment? > > 3 Options: > > 1. Easy way: just tell SkyWalking to skip TLS host verify. > 2. Middle way: give SkyWalking a PEM encoded X.509 certificate to trust by using an env variable. > 3. Hardest way, and also SkyWalking currently support: make a trust store with the CA certificate, put that trust store into SkyWalking OAP server container. Apparently this way is not suitable for K8S deploy. > > So I implement Option 1. > > Option 2 is good too, I'll implement in another PR. This is not accurate, I am afraid. There are plenty of sidecar tech could inject files into docker inside, such as Vault(just an example). I can't see why this is hard. More importantly you should know, this is correct and real TLS should be done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
