New to KubeDB? Please start here.
Reconfiguring TLS of ProxySQL
This guide will give an overview on how KubeDB Ops Manager reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a ProxySQL
.
Before You Begin
- You should be familiar with the following
KubeDB
concepts:
How Reconfiguring ProxySQL TLS Configuration Process Works
The following diagram shows how KubeDB Ops Manager reconfigures TLS of a ProxySQL
. Open the image in a new tab to see the enlarged version.
The Reconfiguring ProxySQL TLS process consists of the following steps:
At first, a user creates a
ProxySQL
Custom Resource Object (CRO).KubeDB
Community operator watches theProxySQL
CRO.When the operator finds a
ProxySQL
CR, it creates required number ofPetSets
and related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
ProxySQL
, the user creates aProxySQLOpsRequest
CR with desired information.KubeDB
Enterprise operator watches theProxySQLOpsRequest
CR.When it finds a
ProxySQLOpsRequest
CR, it pauses theProxySQL
object which is referred from theProxySQLOpsRequest
. So, theKubeDB
Community operator doesn’t perform any operations on theProxySQL
object during the reconfiguring TLS process.Then the
KubeDB
Enterprise operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDB
Enterprise operator will restart all the Pods of the server so that they restart with the new TLS configuration defined in theProxySQLOpsRequest
CR.After the successful reconfiguring of the
ProxySQL
TLS, theKubeDB
Enterprise operator resumes theProxySQL
object so that theKubeDB
Community operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a ProxySQL using ProxySQLOpsRequest
CRD.