Loading
Version: Operator 1.x.xManage TLS Certificates
Here we describe setting up a TLS enabled Aerospike cluster.
For more details, visit TLS configuration.
Create a secret containing TLS certificates and key.
Assuming your TLS secrets are in deploy/secrets folder, create a Kubernetes secret like so
$ kubectl create secret generic aerospike-secret --from-file=deploy/secrets -n aerospike
Create the TLS specific Aerospike configuration.
TLS specific config for the Aerospike cluster CR file.
aerospikeConfigSecret:
secretName: aerospike-secret
mountPath: /etc/aerospike/secret
aerospikeConfig:
network:
service:
tls-name: bob-cluster-a
tls-authenticate-client: any
heartbeat:
tls-name: bob-cluster-b
fabric:
tls-name: bob-cluster-c
tls:
- name: bob-cluster-a
cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
key-file: /etc/aerospike/secret/svc_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
- name: bob-cluster-b
cert-file: /etc/aerospike/secret/hb_cluster_chain.pem
key-file: /etc/aerospike/secret/hb_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
- name: bob-cluster-c
cert-file: /etc/aerospike/secret/fb_cluster_chain.pem
key-file: /etc/aerospike/secret/fb_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
Get full CR file here.
Deploy the cluster
Follow the instructions here to deploy this configuration.