Use Kubernetes Secrets With an Aerospike Kubernetes Cluster
Kubernetes Secrets let you store sensitive data with less risk of exposing the information publicly. You can create secrets to set up Aerospike authentication, TLS, and features.conf. See Manage-TLS-Certificates for more details.
Create a Secret for a Folder
To create a Kubernetes Secret for connectivity to the Aerospike cluster, use the following command to package the Aerospike features.conf
in a folder and convert it to a Secret:
kubectl -n aerospike create secret generic aerospike-secret --from-file=config/samples/secrets
Update the spec.storage
section of the cluster's Custom Resource (CR) file to include the Secret. If the secret volume already exists, update the secretName
.
spec:
.
.
.
storage:
filesystemVolumePolicy:
cascadeDelete: true
initMethod: deleteFiles
blockVolumePolicy:
cascadeDelete: true
volumes:
.
.
- name: aerospike-config-secret
source:
secret:
secretName: aerospike-secret
aerospike:
path: /etc/aerospike/secret
Use kubectl to apply the change.
kubectl apply -f aerospike-cluster.yaml
Create a Secret for a Password
Use kubectl to create a Secret that contains the password for the Aerospike cluster admin user.
kubectl -n aerospike create secret generic auth-secret --from-literal=password='admin123'
To deploy with the Operator, you must include the names of the Secrets for each user in the cluster's Custom Resource (CR) file.
For example, suppose that you want to give two people, an admin and an ordinary user, access to the Aerospike cluster.
In this case, you would create one secret named admin-secret
and another secret named user-secret
.
To enable security for the cluster:
spec:
.
.
.
aerospikeAccessControl:
users:
- name: admin
secretName: admin-secret
roles:
- sys-admin
- user-admin
- name: user
secret-name: user-secret
roles:
- data-admin
.
.
Save and exit the CR file, then use kubectl to apply the change.
kubectl apply -f aerospike-cluster.yaml