You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.
New to KubeDB? Please start here.
This guide will give an overview on how KubeDB Enterprise operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a
The following diagram shows how the KubeDB enterprise operator reconfigure TLS of the
MySQL database server. Open the image in a new tab to see the enlarged version.
The Reconfiguring MySQL TLS process consists of the following steps:
At first, a user creates a
MySQL Custom Resource Object (CRO).
KubeDB Community operator watches the
When the operator finds a
MySQL CR, it creates required number of
StatefulSets and related necessary stuff like secrets, services, etc.
Then, in order to reconfigure the TLS configuration of the
MySQL database the user creates a
MySQLOpsRequest CR with desired information.
KubeDB Enterprise operator watches the
When it finds a
MySQLOpsRequest CR, it pauses the
MySQL object which is referred from the
MySQLOpsRequest. So, the
KubeDB Community operator doesn’t perform any operations on the
MongoDB object during the reconfiguring TLS process.
KubeDB Enterprise operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.
KubeDB Enterprise operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in the
After the successful reconfiguring of the
MySQL TLS, the
KubeDB Enterprise operator resumes the
MySQL object so that the
KubeDB Community operator resumes its usual operations.
In the next docs, we are going to show a step-by-step guide on reconfiguring tls of MySQL database using reconfigure-tls operation.