Skip to content
Visit booth 3171 at Google Cloud Next to see how to unlock real-time decisions at scaleMore info

Use Kubernetes Secrets With an Aerospike Kubernetes Cluster

import { Steps } from “@site/components”;

Kubernetes Secrets let you store sensitive data with less risk of exposing the information publicly. You can create secrets to set up Aerospike authentication, TLS, and your features.conf feature-key file. See Manage-TLS-Certificates for more details.

Create a Secret for a folder

  1. To create a Kubernetes Secret for connectivity to the Aerospike cluster, use the following command to package the Aerospike features.conf in a folder and convert it to a Secret:

    Terminal window
    kubectl -n aerospike create secret generic aerospike-secret --from-file=config/samples/secrets

  2. Update the spec.storage section of the cluster’s Custom Resource (CR) file to include the Secret. If the secret volume already exists, update the secretName.

    spec:
    ...
      storage:
        filesystemVolumePolicy:
          cascadeDelete: true
          initMethod: deleteFiles
        blockVolumePolicy:
          cascadeDelete: true
        volumes:
          ...
          - name: aerospike-config-secret
            source:
              secret:
                secretName: aerospike-secret
            aerospike:
              path: /etc/aerospike/secret

  3. Use kubectl to apply the change.

    Terminal window
    kubectl apply -f aerospike-cluster.yaml

Create a Secret for a password

  1. Use the following kubectl command to create a Secret that contains the password for the Aerospike cluster admin user.

    Terminal window
    kubectl  -n aerospike create secret generic auth-secret --from-literal=password='admin123'

  2. To deploy with AKO, you must include the names of the Secrets for each user in the cluster’s Custom Resource (CR) file.

    For example, suppose that you want to give two people, an admin and an ordinary user, access to the Aerospike cluster. In this case, you would create one secret named admin-secret and another secret named user-secret.

    To enable security for the cluster:

    spec:
    ...
      aerospikeAccessControl:
        users:
          - name: admin
            secretName: admin-secret
            roles:
              - sys-admin
              - user-admin
          - name: user
            secret-name: user-secret
            roles:
              - data-admin

  3. Save and exit the CR file, then use kubectl to apply the change.

    Terminal window
    kubectl apply -f aerospike-cluster.yaml
Feedback

Was this page helpful?

What type of feedback are you giving?

What would you like us to know?

+Capture screenshot

Can we reach out to you?