How to configure SSL enabled Cassandra cluster as backend storage for cassandra-reaper?

10/9/2020

I have deployed Cassandra reaper as a stateful set in kubernetes cluster using latest docker image of it, to maintain Cassandra cluster. I have used Cassandra as a backend storage to store reaper data; which is working fine.

Just wanted to know how we can integrate ssl enabled Cassandra cluster to store reaper data. I have seen a template file cassandra-reaper-cassandra-ssl.yaml, which shows that need to add ssl:type:jdk, which I didn't get properly. Do I have to specify my ssl certificate location also in this section.

Also have seen after the deployment, and logging to pod showing me one env variable REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED which is having default value as false, do I need to use this entry and make it as true?

-- andy
cassandra
datastax
kubernetes

1 Answer

10/12/2020

You do have to set REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED to true, which will set the ssl:type:jdk for you in the container. Then, you need to set the JAVA_OPTS env variable on the container which will allow you to set the truststore and keystore location and passwords:

-Djavax.net.ssl.keyStore=/path/to/keystore.jks
-Djavax.net.ssl.keyStorePassword=keystore_password
-Djavax.net.ssl.trustStore=/path/to/truststore.jks
-Djavax.net.ssl.trustStorePassword=truststore_password

With this, you should be able to use a cluster that uses client encryption to store Reaper data.

-- Alexander DEJANOVSKI
Source: StackOverflow