[7.0] default to serf -encrypt

Question

[7.0] default to serf -encrypt

wadells opened this issue 2 years ago · 0 comments

Feature Request

Currently, 7.0 gravity clusters on the same network will sometimes accidentally merge their serf clusters when a node is reused between the clusters. This can lead to a behavior where a cluster with fully healthy nodes shows degraded (one of more cluster nodes are unhealthy) status because it is picking up on degraded nodes from a different cluster.

We'd like to avoid this by (ab)using serf encryption keys. If each gravity cluster has a unique serf encryption key, then serf nodes should not be able to communicate across clusters:

"All nodes within a Serf cluster must share the same encryption key in order to send and receive cluster information."

https://www.serf.io/docs/agent/encryption.html#enabling-encryption

Motivation

This is a quality of life feature for customer S, who has seen several clusters accidentally merge their serf memberships.