New to KubeDB? Please start here.
Reconfiguring TLS of RabbitMQ Database
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a RabbitMQ database.
Before You Begin
- You should be familiar with the following
KubeDBconcepts:
How Reconfiguring RabbitMQ TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a RabbitMQ database. Open the image in a new tab to see the enlarged version.
The Reconfiguring RabbitMQ TLS process consists of the following steps:
At first, a user creates a
RabbitMQCustom Resource Object (CRO).KubeDBProvisioner operator watches theRabbitMQCRO.When the operator finds a
RabbitMQCR, it creates required number ofPetSetsand related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
RabbitMQdatabase the user creates aRabbitMQOpsRequestCR with desired information.KubeDBOps-manager operator watches theRabbitMQOpsRequestCR.When it finds a
RabbitMQOpsRequestCR, it pauses theRabbitMQobject which is referred from theRabbitMQOpsRequest. So, theKubeDBProvisioner operator doesn’t perform any operations on theRabbitMQobject during the reconfiguring TLS process.Then the
KubeDBOps-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDBOps-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in theRabbitMQOpsRequestCR.After the successful reconfiguring of the
RabbitMQTLS, theKubeDBOps-manager operator resumes theRabbitMQobject so that theKubeDBProvisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a RabbitMQ database using RabbitMQOpsRequest CRD.