New to KubeDB? Please start here.
Reconfiguring TLS of Hazelcast
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of Hazelcast.
Before You Begin
- You should be familiar with the following
KubeDBconcepts:
How Reconfiguring Hazelcast TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a Hazelcast. Open the image in a new tab to see the enlarged version.
The Reconfiguring Hazelcast TLS process consists of the following steps:
At first, a user creates a
HazelcastCustom Resource Object (CRO).KubeDBProvisioner operator watches theHazelcastCRO.When the operator finds a
HazelcastCR, it creates required number ofStatefulSetsand related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
Hazelcastdatabase the user creates aHazelcastOpsRequestCR with desired information.KubeDBOps-manager operator watches theHazelcastOpsRequestCR.When it finds a
HazelcastOpsRequestCR, it pauses theHazelcastobject which is referred from theHazelcastOpsRequest. So, theKubeDBProvisioner operator doesn’t perform any operations on theHazelcastobject during the reconfiguring TLS process.Then the
KubeDBOps-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDBOps-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in theHazelcastOpsRequestCR.After the successful reconfiguring of the
HazelcastTLS, theKubeDBOps-manager operator resumes theHazelcastobject so that theKubeDBProvisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a Hazelcast database using HazelcastOpsRequest CRD.