updated

cockroach-gssapi-multinode/README.md

@@ -1,4 +1,5 @@
 # A Secure CockroachDB Cluster with Kerberos and HAProxy acting as load balancer
+
 ---
 
 Check out my series of articles on CockroachDB and Kerberos below:
@@ -16,13 +17,14 @@ Check out my series of articles on CockroachDB and Kerberos below:
 ---
 
 ## Services
-* `roach-0` - CockroachDB node
-* `roach-1` - CockroachDB node
-* `roach-2` - CockroachDB node
-* `lb` - HAProxy acting as load balancer
-* `roach-cert` - Holds certificates as volume mounts
-* `kdc` - MIT Kerberos realm
-* `client` - cockroach client node, also has `psql` installed
+
+  `roach-0` - CockroachDB node
+  `roach-1` - CockroachDB node
+  `roach-2` - CockroachDB node
+  `lb` - HAProxy acting as load balancer
+  `roach-cert` - Holds certificates as volume mounts
+  `kdc` - MIT Kerberos realm
+  `client` - cockroach client node, also has `psql` installed
 
 ## Getting started
 
@@ -41,12 +43,12 @@ docker exec -ti kdc sh
 docker exec -ti client cockroach sql --certs-dir=/certs --host=lb
 ```
 
-1) execute `./up.sh` instead of `docker compose up`
+1. execute `./up.sh` instead of `docker compose up`
    - monitor the status of services via `docker compose logs`
-2) visit the [DB Console](http://localhost:8080)
-3) visit the [HAProxy UI](http://localhost:8081)
+2. visit the [DB Console](http://localhost:8080)
+3. visit the [HAProxy UI](http://localhost:8081)
 
-4) Connect to `cockroach` using `psql`
+4. Connect to `cockroach` using `psql`
 
 __Disclaimer__: given weird behavior on my host, I am unable to execute the below command on the latest CockroachDB
 
@@ -79,13 +81,13 @@ Type "help" for help.
 defaultdb=> 
 ```
 
-5) Connect to `cockroach` using `psql` and `krbsrvname`
+#### Connect to `cockroach` using `psql` and `krbsrvname`
 
 ```bash
 psql "postgresql://lb:26257/defaultdb?sslmode=verify-full&sslrootcert=/certs/ca.crt&krbsrvname=customspn" -U tester
 ```
 
-6) Connecting to CockroachDB using the native binary
+#### Connecting to CockroachDB using the native binary
 
 ```bash
 docker exec -it client cockroach sql \

cockroach-gssapi-multinode/docker-compose.yml

@@ -18,6 +18,9 @@ services:
       - certs-roach-1:/certs/roach-1
       - certs-roach-2:/certs/roach-2
       - certs-client:/certs/client
+    networks:
+      roachnet:
+        ipv4_address: 172.28.0.1
 
   kdc:
     container_name: kdc

cockroach-gssapi-multinode/roach-cert/Dockerfile

@@ -2,9 +2,9 @@
 FROM cockroachdb/cockroach:latest-v21.1 AS generator
 
 LABEL maintainer="artemervits at gmail dot com"
-LABEL version="5.0"
+LABEL version="6.0"
 LABEL description="cockroach cert generator container"
-ENV REFRESHED_AT 2021_05_25
+ENV REFRESHED_AT 2021_06_15
 
 RUN mkdir -pv /tmp/certs/ca /tmp/certs/roach-0 /tmp/certs/roach-1 /tmp/certs/roach-2 /tmp/safe /tmp/certs/client /tmp/certs/lb
 
@@ -15,7 +15,8 @@ RUN cockroach cert create-ca --certs-dir=/tmp/certs/ca --ca-key=/tmp/safe/ca.key
     && cp -v /tmp/certs/ca/ca.crt /tmp/certs/roach-2 \
     && cp -v /tmp/certs/ca/ca.crt /tmp/certs/lb
 
-RUN ./cockroach cert create-client root --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key --also-generate-pkcs8-key
+RUN cockroach cert create-client root --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key --also-generate-pkcs8-key
+RUN cockroach cert create-client roach --certs-dir=/tmp/certs/client --ca-key=/tmp/safe/ca.key
 
 RUN cp -v /tmp/certs/client/client.* /tmp/certs/roach-0 \
     && cp -v /tmp/certs/client/client.* /tmp/certs/roach-1 \