Hi, how can I use own certificates (own internal pki/CA) for incus clustering?
Without incus cluster, I can use server.crt
, server.key
and server.ca
(and client.*
) pointing to the proper certificates and with incus config set core.trust_ca_certificates=true
I can use “password-less” incus api access between servers and clients.
I am trying similar with incus cluster (cluster.crt
, cluster.key
and cluster.ca
) but without much success.
When I try to change cluster certs and key with incus cluster update-certificate
for single/first node and add cluster.ca
points to my CA crt, together with incus config set core.trust_ca_certificates=true
I can access incus UI/api with valid client certificate, but am getting instantly “Failed adding member event listener client” error even from the first/single cluster member itself and can’t add other nodes with “Error: Failed to retrieve cluster information: not authorized” on them.
Is this setup possible (own trusted internal pki/CA), or not yet?
Thanks.