Skip to content

TLS

Jump to bottom
Sage edited this page Mar 17, 2021 · 10 revisions

Here we describe setting up a TLS enabled Aerospike cluster.

For more details, visit TLS configuration.

Create a secret containing TLS certificates and key.

Assuming your TLS secrets are in deploy/secrets folder, create a Kubernetes secret like so

$ kubectl create secret generic aerospike-secret --from-file=deploy/secrets -n aerospike

Create the TLS specific Aerospike configuration.

TLS specific config for aerospike cluster CR file.

  aerospikeConfigSecret:
    secretName: aerospike-secret
    mountPath:  /etc/aerospike/secret
  aerospikeConfig:
    network:
      service:
        tls-name: bob-cluster-a
        tls-authenticate-client: any
      heartbeat:
        tls-name: bob-cluster-b
      fabric:
        tls-name: bob-cluster-c
      tls:
        - name: bob-cluster-a
          cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
          key-file: /etc/aerospike/secret/svc_key.pem
          ca-file: /etc/aerospike/secret/cacert.pem
        - name: bob-cluster-b
          cert-file: /etc/aerospike/secret/hb_cluster_chain.pem
          key-file: /etc/aerospike/secret/hb_key.pem
          ca-file: /etc/aerospike/secret/cacert.pem
        - name: bob-cluster-c
          cert-file: /etc/aerospike/secret/fb_cluster_chain.pem
          key-file: /etc/aerospike/secret/fb_key.pem
          ca-file: /etc/aerospike/secret/cacert.pem

Get full CR file here.

Deploy the cluster

Follow the instructions here to deploy this configuration.

Clone this wiki locally