K
Q

How to configure SSL enabled Cassandra cluster as backend storage for cassandra-reaper?

10/9/2020

I have deployed Cassandra reaper as a stateful set in kubernetes cluster using latest docker image of it, to maintain Cassandra cluster. I have used Cassandra as a backend storage to store reaper data; which is working fine.

Just wanted to know how we can integrate ssl enabled Cassandra cluster to store reaper data. I have seen a template file cassandra-reaper-cassandra-ssl.yaml, which shows that need to add ssl:type:jdk, which I didn't get properly. Do I have to specify my ssl certificate location also in this section.

Also have seen after the deployment, and logging to pod showing me one env variable REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED which is having default value as false, do I need to use this entry and make it as true?

-- andy
cassandra
datastax
kubernetes

Similar Questions

Istio virtual service not applying timeout
Mosquitto can't assign requested address inside my Kubernetes Cluster
(How) do node pool autoupgrades in GKE actually work?
Kubectl using command to get cluster status
Spark on k8s - emptyDir not mounted to directory

1 Answer

10/12/2020

You do have to set REAPER_CASS_NATIVE_PROTOCOL_SSL_ENCRYPTION_ENABLED to true, which will set the ssl:type:jdk for you in the container. Then, you need to set the JAVA_OPTS env variable on the container which will allow you to set the truststore and keystore location and passwords: 

-Djavax.net.ssl.keyStore=/path/to/keystore.jks
-Djavax.net.ssl.keyStorePassword=keystore_password
-Djavax.net.ssl.trustStore=/path/to/truststore.jks
-Djavax.net.ssl.trustStorePassword=truststore_password

With this, you should be able to use a cluster that uses client encryption to store Reaper data.

-- Alexander DEJANOVSKI
Source: StackOverflow