I’m currently using SSL with user/password authentication on my k8s cluster. I’d like to be able to run unit tests and services locally on my laptop with my insecure cluster but I don’t seem to be able to create users when my local cluster is insecure. What’s up?
FYI, I’m just running a local cluster via:
#!/bin/bash export ROACH_DATA=/Users/jimlambrt/cockroach-data docker run -d \ --name=roach1 \ --hostname=roach1 \ --net=roachnet \ -p 26257:26257 -p 8080:8080 \ -v "$ROACH_DATA/roach1:/cockroach/cockroach-data" \ cockroachdb/cockroach:v2.1.6 start --insecure # Start the second container/node: docker run -d \ --name=roach2 \ --hostname=roach2 \ --net=roachnet \ -v "$ROACH_DATA/roach2:/cockroach/cockroach-data" \ cockroachdb/cockroach:v2.1.6 start --insecure --join=roach1 # Start the third container/node: docker run -d \ --name=roach3 \ --hostname=roach3 \ --net=roachnet \ -v "$ROACH_DATA/roach3:/cockroach/cockroach-data" \ cockroachdb/cockroach:v2.1.6 start --insecure --join=roach1
AFAIK and unfortunately, insecure means no security at all in CRDB. Here are some other issues with it:
I’m not looking for security. I’m looking for compatibility. Returning an error when I try to create a user is silly just because it’s in “insecure” mode.
Can you share the command you ran when you tried creating the new user?
CREATE USER %s WITH PASSWORD %s;
Frankly, i am also annoyed with this “future”. When you just want to quickly test something in a insecure local cluster, you do not want to bother with all the certifications.
Only to be greeted with “ERROR: setting or updating a password is not supported in insecure mode”.
Not only is this not compatible with the default postgresql sql like behavior, it is annoying when all you want to do is run a few quick tests in a local insecure CRDB.