You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As discussed in #18522 (comment), we currently store generated client certificates in a secure location on the local file system with other CA/PKI-related files.
As that is node-local, that file is not necessarily available for requests to be read in a cluster.
In this case, we only intend for a user to download this certificate with third-party clients, e.g., curl, dashboards like Grafana, or other custom applications requiring direct OpenSearch access.
Arguably, we don't need to store this particular certificate at all.
The text was updated successfully, but these errors were encountered:
The actual file was needed just for the certificate signing process. We we able replace it with an in-memory implementation that doesn't store anything in the FS while keeping the very same functionality.
As discussed in #18522 (comment), we currently store generated client certificates in a secure location on the local file system with other CA/PKI-related files.
As that is node-local, that file is not necessarily available for requests to be read in a cluster.
In this case, we only intend for a user to download this certificate with third-party clients, e.g.,
curl,
dashboards like Grafana, or other custom applications requiring direct OpenSearch access.Arguably, we don't need to store this particular certificate at all.
The text was updated successfully, but these errors were encountered: