-
Notifications
You must be signed in to change notification settings - Fork 38
TLS
Sage edited this page Mar 17, 2021
·
10 revisions
Here we describe setting up a TLS enabled Aerospike cluster.
For more details, visit TLS configuration.
Assuming your TLS secrets are in deploy/secrets folder, create a Kubernetes secret like so
$ kubectl create secret generic aerospike-secret --from-file=deploy/secrets -n aerospikeTLS specific config for aerospike cluster CR file.
aerospikeConfigSecret:
secretName: aerospike-secret
mountPath: /etc/aerospike/secret
aerospikeConfig:
network:
service:
tls-name: bob-cluster-a
tls-authenticate-client: any
heartbeat:
tls-name: bob-cluster-b
fabric:
tls-name: bob-cluster-c
tls:
- name: bob-cluster-a
cert-file: /etc/aerospike/secret/svc_cluster_chain.pem
key-file: /etc/aerospike/secret/svc_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
- name: bob-cluster-b
cert-file: /etc/aerospike/secret/hb_cluster_chain.pem
key-file: /etc/aerospike/secret/hb_key.pem
ca-file: /etc/aerospike/secret/cacert.pem
- name: bob-cluster-c
cert-file: /etc/aerospike/secret/fb_cluster_chain.pem
key-file: /etc/aerospike/secret/fb_key.pem
ca-file: /etc/aerospike/secret/cacert.pemGet full CR file here.
Follow the instructions Create the Aerospike cluster to deploy this configuration.