You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
New to KubeDB? Please start here.
Reconfiguring TLS of Druid
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of Druid
.
Before You Begin
- You should be familiar with the following
KubeDB
concepts:
How Reconfiguring Druid TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a Druid
. Open the image in a new tab to see the enlarged version.
The Reconfiguring Druid TLS process consists of the following steps:
At first, a user creates a
Druid
Custom Resource Object (CRO).KubeDB
Provisioner operator watches theDruid
CRO.When the operator finds a
Druid
CR, it creates required number ofPetSets
and related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
Druid
database the user creates aDruidOpsRequest
CR with desired information.KubeDB
Ops-manager operator watches theDruidOpsRequest
CR.When it finds a
DruidOpsRequest
CR, it pauses theDruid
object which is referred from theDruidOpsRequest
. So, theKubeDB
Provisioner operator doesn’t perform any operations on theDruid
object during the reconfiguring TLS process.Then the
KubeDB
Ops-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDB
Ops-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in theDruidOpsRequest
CR.After the successful reconfiguring of the
Druid
TLS, theKubeDB
Ops-manager operator resumes theDruid
object so that theKubeDB
Provisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a Druid database using DruidOpsRequest
CRD.