You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
New to KubeDB? Please start here.
This guide will give an overview on how KubeDB Enterprise operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a ProxySQL
.
KubeDB
concepts:The following diagram shows how KubeDB Enterprise operator reconfigures TLS of a ProxySQL
. Open the image in a new tab to see the enlarged version.
The Reconfiguring ProxySQL TLS process consists of the following steps:
At first, a user creates a ProxySQL
Custom Resource Object (CRO).
KubeDB
Community operator watches the ProxySQL
CRO.
When the operator finds a ProxySQL
CR, it creates required number of StatefulSets
and related necessary stuff like secrets, services, etc.
Then, in order to reconfigure the TLS configuration of the ProxySQL
, the user creates a ProxySQLOpsRequest
CR with desired information.
KubeDB
Enterprise operator watches the ProxySQLOpsRequest
CR.
When it finds a ProxySQLOpsRequest
CR, it pauses the ProxySQL
object which is referred from the ProxySQLOpsRequest
. So, the KubeDB
Community operator doesn’t perform any operations on the ProxySQL
object during the reconfiguring TLS process.
Then the KubeDB
Enterprise operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.
Then the KubeDB
Enterprise operator will restart all the Pods of the server so that they restart with the new TLS configuration defined in the ProxySQLOpsRequest
CR.
After the successful reconfiguring of the ProxySQL
TLS, the KubeDB
Enterprise operator resumes the ProxySQL
object so that the KubeDB
Community operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a ProxySQL using ProxySQLOpsRequest
CRD.