vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-26 15:40:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
Pulse/pkg
History
rcourtman e0dc6695fc fix: Per-node TLS fingerprints for cluster peers (TOFU) 
When a PVE cluster has unique self-signed certificates on each node, Pulse
would mark secondary nodes as unhealthy because only the primary node's
fingerprint was used for all connections.

Now, during cluster discovery, Pulse captures each node's TLS fingerprint
and uses it when connecting to that specific node. This enables
"Trust On First Use" (TOFU) for clusters with unique per-node certs.

Changes:
- Add Fingerprint field to ClusterEndpoint config
- Add FetchFingerprint() to tlsutil for capturing node certs
- validateNodeAPI() now captures and returns fingerprints during discovery
- NewClusterClient() accepts endpointFingerprints map for per-node certs
- All client creation paths use per-endpoint fingerprints when available

Related to #879
2025-12-24 10:05:03 +00:00
..
agents feat: add Kubernetes platform support 2025-12-12 21:31:11 +00:00
discovery hostagent: avoid host ID collisions and prefer LAN IP 2025-12-17 16:29:59 +00:00
fsfilters Merge main into ai-features: incorporate latest bugfixes 2025-12-13 15:18:51 +00:00
pbs test: add unit tests for AI, Kubernetes agent, and clients 2025-12-17 12:47:36 +00:00
pmg style: Apply gofmt to 37 files 2025-12-02 17:21:48 +00:00
proxmox fix: Per-node TLS fingerprints for cluster peers (TOFU) 2025-12-24 10:05:03 +00:00
tlsutil fix: Per-node TLS fingerprints for cluster peers (TOFU) 2025-12-24 10:05:03 +00:00