TLS - Deploy Memphis with TLS Connection to Metadata Frontend
Step 1: Generate Certificates
Begin by generating the necessary SSL certificates using OpenSSL:
openssl genrsa -des3 -passout pass:password -out ./client_tls.key
openssl rsa -in ./client_tls.key -passin pass:password -out ./client_tls.key
openssl req -new -key ./client_tls.key -out ./client_tls.csr -subj "/C=AU/ST=NSW/L=DY/O=MyOrg/OU=Dev/CN=postgres"
openssl x509 -req -in ./client_tls.csr -CA ./ca.crt -CAkey ./ca.key -out ./client_tls.crt -CAcreateserial
Step 2: Create a Secret with the Certificates
Next, create a Kubernetes secret that holds the SSL certificates:
kubectl create secret generic tls-secret \
--from-file=client_tls.crt \
--from-file=client_tls.key \
--from-file=ca.crt -n memphis
Step 3: Prepare the Metadata TLS Values File
Create a values file named metadata_tls.yaml
with the following content:
metadata:
pgpool:
tls:
enabled: true
autoGenerated: false
preferServerCiphers: true
certificatesSecret: "tls-secret"
certFilename: "client_tls.crt"
certKeyFilename: "client_tls.key"
certCAFilename: "ca.crt"
Step 4: Deploy Memphis with the Updated Values
Deploy Memphis with the newly created values file using Helm:
helm repo add memphis https://k8s.memphis.dev/charts/ --force-update
helm install -f metadata_tls.yaml memphis memphis/memphis --create-namespace --namespace memphis --wait
Last updated
Was this helpful?