Skip to content

Add TLS support for multiple flow-aggregators within the same namespace #7540

New issue
New issue
Open
#7559
Open
Add TLS support for multiple flow-aggregators within the same namespace#7540
#7559
Labels
area/flow-visibilityIssues or PRs related to flow visibility support in Antreaarea/flow-visibility/aggregatorIssues or PRs related to Flow Aggregatorarea/flow-visibility/exporterIssues or PRs related to the Flow Exporter functions in the Agentkind/featureCategorizes issue or PR as related to a new feature.
@andrew-su

Description

@andrew-su
andrew-su
opened on Nov 5, 2025

Describe the problem/challenge you have
Running flow aggregator as multi replica in proxy mode will only allow TLS to one of the N replicas.

Describe the solution you'd like
Only one of the pods in the deployment should create the certificates. All other replicas should wait and fetch the latest version of the root CA and server certificate/key.

Anything else you would like to add?
The flow aggregator is regenerating the ca, client and server certs on startup so the last flow aggregator "wins" by clobbering the certs for the other Flow Aggregators.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/flow-visibilityIssues or PRs related to flow visibility support in Antreaarea/flow-visibility/aggregatorIssues or PRs related to Flow Aggregatorarea/flow-visibility/exporterIssues or PRs related to the Flow Exporter functions in the Agentkind/featureCategorizes issue or PR as related to a new feature.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions