K
Q

Unable to connect to cqlsh when encryption is enabled

3/20/2019

I am trying to connect to cqlsh from remote (kuebctl command) when encryption is enabled, but I am unable to connect to cqlsh. anyone has a better way to connect?

$ kubectl run -i --tty --restart=Never --rm --image cassandra cqlsh -- cqlsh cassandra-0.cassandra.default.svc.cluster.local -u cassandra -p cassandra --ssl
If you don't see a command prompt, try pressing enter.
Validation is enabled; SSL transport factory requires a valid certfile to be specified. Please provide path to the certfile in [ssl] section as 'certfile' option in /root/.cassandra/cqlshrc (or use [certfiles] section) or set SSL_CERTFILE environment variable.
pod "cqlsh" deleted
pod default/cqlsh terminated (Error)

Since I am connecting from remote, I cannot set the cqlshrc file.

-- user3435964
cassandra
cqlsh
kubernetes

Similar Questions

Port based routing in Istio with GRPC service on GKE Not Working
Azure dev spaces to debug python code running in kubernetes pod
Cannot get local Kubernetes (minikube) to pull from local Docker registry
Accessmode in PVC and pod

2 Answers

3/26/2019

Since I was using cassandra image to connect cql, I added the cqlshrc file in the cassandra image where cql is installed to get it working.

-- user3435964
Source: StackOverflow
3/20/2019

You can specify location of the certfile, and validate options via environment variables SSL_CERTFILE and SSL_VALIDATE correspondingly, but you'll need to mount certificate files anyway, so you can also mount corresponding cqlshrc...

See documentation for more details.

P.S. Also, if client validation is enabled, you'll need to provide client's key/certificate as well (options userkey, and usercert in the cqlshrc).

-- Alex Ott
Source: StackOverflow