Skip to main content
Loading
Version: Operator 3.2.2

Use Kubernetes Secrets With an Aerospike Kubernetes Cluster

Kubernetes Secrets let you store sensitive data with less risk of exposing the information publicly. You can create secrets to set up Aerospike authentication, TLS, and features.conf. See Manage-TLS-Certificates for more details.

Create a Secret for a Folder

To create a Kubernetes Secret for connectivity to the Aerospike cluster, use the following command to package the Aerospike features.conf in a folder and convert it to a Secret:

kubectl -n aerospike create secret generic aerospike-secret --from-file=config/samples/secrets

Update the spec.storage section of the cluster's Custom Resource (CR) file to include the Secret. If the secret volume already exists, update the secretName.

spec:
.
.
.
storage:
filesystemVolumePolicy:
cascadeDelete: true
initMethod: deleteFiles
blockVolumePolicy:
cascadeDelete: true
volumes:
.
.
- name: aerospike-config-secret
source:
secret:
secretName: aerospike-secret
aerospike:
path: /etc/aerospike/secret

Use kubectl to apply the change.

kubectl apply -f aerospike-cluster.yaml

Create a Secret for a Password

Use kubectl to create a Secret that contains the password for the Aerospike cluster admin user.

kubectl  -n aerospike create secret generic auth-secret --from-literal=password='admin123'

To deploy with the Operator, you must include the names of the Secrets for each user in the cluster's Custom Resource (CR) file.

For example, suppose that you want to give two people, an admin and an ordinary user, access to the Aerospike cluster. In this case, you would create one secret named admin-secret and another secret named user-secret.

To enable security for the cluster:

spec:
.
.
.
aerospikeAccessControl:
users:
- name: admin
secretName: admin-secret
roles:
- sys-admin
- user-admin
- name: user
secret-name: user-secret
roles:
- data-admin
.
.

Save and exit the CR file, then use kubectl to apply the change.

kubectl apply -f aerospike-cluster.yaml