I have deployed Cassandra reaper as a stateful set in kubernetes cluster using latest docker image of it, to maintain Cassandra cluster. I have used Cassandra as a backend storage to store reaper data; which is working fine.
Just wanted to know how we can integrate ssl enabled Cassandra cluster to store reaper data. I have seen a template file cassandra-reaper-cassandra-ssl.yaml
, which shows that need to add ssl:type:jdk
, which I didn't get properly. Do I have to specify my ssl certificate location also in this section.
Also have seen after the deployment, and logging to pod showing me one env variable REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED
which is having default value as false
, do I need to use this entry and make it as true
?
You do have to set REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED
to true, which will set the ssl:type:jdk for you in the container.
Then, you need to set the JAVA_OPTS
env variable on the container which will allow you to set the truststore and keystore location and passwords:
-Djavax.net.ssl.keyStore=/path/to/keystore.jks
-Djavax.net.ssl.keyStorePassword=keystore_password
-Djavax.net.ssl.trustStore=/path/to/truststore.jks
-Djavax.net.ssl.trustStorePassword=truststore_password
With this, you should be able to use a cluster that uses client encryption to store Reaper data.