I have to be missing something here.
It just hit me as added a new node to my cluster in order to prepare for the removal of a different node: "How does the cluster know that it is okay to send the new node a SST?"
I am pretty sure that the only information the new node has about the cluster is the gcomm:// address. Surely that isn't looked at as "secure" information that passes for authentication. To my knowledge, no shell account on the new node has the same password as on the existing cluster nodes.
So what would prevent anyone from spinning up a new node and pointing it's gcomm:// address at one or more of my nodes to just get an SST and be able to see all of my data?
Of course, certificates will be put in place. But I'm talking about a default setup and how things work "out of the box." I couldn't find much of anything that talked about this out there.
Am I going nuts?