New to KubeDB? Please start here.
Reconfiguring TLS of Redis Database
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a Redis
database.
Before You Begin
- You should be familiar with the following
KubeDB
concepts:
How Reconfiguring Redis TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a Redis
database. Open the image in a new tab to see the enlarged version.
The Reconfiguring Redis/RedisSentinel TLS process consists of the following steps:
At first, a user creates a
Redis
/RedisSentinel
Custom Resource (CR).KubeDB
Community operator watches theRedis
andRedisSentinel
CR.When the operator finds a
Redis
/RedisSentinel
CR, it creates required number ofPetSets
and related necessary stuff like appbinding, services, etc.Then, in order to reconfigure the TLS configuration of the
Redis
database the user creates aRedisOpsRequest
CR with the desired version.Then, in order to reconfigure the TLS configuration (rotate certificate, update certificate) of the
RedisSentinel
database the user creates aRedisSentinelOpsRequest
CR with the desired version.KubeDB
Enterprise operator watches theRedisOpsRequest
andRedisSentinelOpsRequest
CR.When it finds a
RedisOpsRequest
CR, it halts theRedis
object which is referred from theRedisOpsRequest
. So, theKubeDB
Community operator doesn’t perform any operations on theRedis
object during the reconfiguring process.When it finds a
RedisSentinelOpsRequest
CR, it halts theRedisSentinel
object which is referred from theRedisSentinelOpsRequest
. So, theKubeDB
Community operator doesn’t perform any operations on theRedisSentinel
object during the reconfiguring process.By looking at the target version from
RedisOpsRequest
/RedisSentinelOpsRequest
CR,KubeDB
Enterprise operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.After successfully reconfiguring
Redis
/RedisSentinel
object, theKubeDB
Enterprise operator resumes theRedis
/RedisSentinel
object so that theKubeDB
Community operator can resume its usual operations.
In the next doc, we are going to show a step-by-step guide on updating of a Redis database using update operation.