roachprod: support --secure flag for start-tenant

The in-development tenant streaming features require a secure tenant to test them properly. This change adds support for the --secure flag when starting a tenant. When passed, we use the host cluster to generate tenant-client certificates and distribute them to the tenant cluster, along with the CA and previously created client certificates. For simplicity, we've stuck with using a single CA for all certificate creation. Release note: None
nvanbenschoten · Aug 5, 2022 · f843d36 · f843d36
1 parent 033c911
commit f843d36
Show file tree

Hide file tree

Showing 4 changed files with 277 additions and 92 deletions.
diff --git a/pkg/cmd/roachprod/flags.go b/pkg/cmd/roachprod/flags.go
@@ -277,7 +277,7 @@ func initFlags() {
 		cmd.Flags().StringVarP(&config.Binary,
 			"binary", "b", config.Binary, "the remote cockroach binary to use")
 	}
-	for _, cmd := range []*cobra.Command{startCmd, sqlCmd, pgurlCmd, adminurlCmd, runCmd} {
+	for _, cmd := range []*cobra.Command{startCmd, startTenantCmd, sqlCmd, pgurlCmd, adminurlCmd, runCmd} {
 		cmd.Flags().BoolVar(&secure,
 			"secure", false, "use a secure cluster")
 	}