LogoLogo
CloudDiscordGitHub
  • 👉Getting Started
    • Introduction
    • Quick start
    • Learn by example
    • Case studies
    • How to contribute?
  • ⭐Memphis Broker
    • Architecture
    • Key concepts
      • Message broker
      • Station
      • Producer API
      • Consumer API
      • Consumer Group
      • Storage and Redundancy
      • Security/Authentication
      • Scaling
      • Ordering
      • Dead-letter Station (DLS)
      • Delayed messages
      • Data exchange
      • Idempotency (Duplicate processing)
      • Failover Scenarios
      • Troubleshooting process
      • Connectors
    • Best practices
      • Producer optimization
      • Compression
    • Memphis configuration
    • Comparisons
      • NATS Jetstream vs Memphis
      • RabbitMQ vs Memphis
      • AWS SQS vs Memphis
      • Apache Kafka vs Memphis
      • Apache Pulsar vs Memphis
      • ZeroMQ vs Memphis
      • Apache NiFi vs Memphis
    • Privacy Policy
  • ⭐Memphis Schemaverse
    • Overview
    • Getting started
      • Management
      • Produce/Consume
        • Protobuf
        • JSON Schema
        • GraphQL
        • Avro
    • Comparison
    • KB
  • 📦Open-Source Installation
    • Kubernetes
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
      • Terraform
        • Deploy on AWS
        • Deploy on GCP
        • Deploy on DigitalOcean
      • Guides
        • Deploy/Upgrade Memphis utilizing predefined secrets
        • Monitoring/Alerts Recommendations
        • Production Best Practices
        • NGINX Ingress Controller and Cloud-Agnostic Memphis Deployments
        • Migrate Memphis storage between storageClass's
        • Expanding Memphis Disk Storage
        • Scale-out Memphis cluster
        • TLS - Deploy Memphis with TLS Connection to Metadata Frontend
        • TLS - Memphis TLS websocket configuration
        • TLS - Securing Memphis Client with TLS
        • Installing Memphis with an External Metadata Database
    • Docker
      • 1 - Installation
      • 2 - Access
      • 3 - Upgrade
    • Open-source Support
  • Client Libraries
    • REST (Webhook)
    • Node.js / TypeScript / NestJS
    • Go
    • Python
    • Kotlin (Community)
    • .NET
    • Java
    • Rust (Community)
    • NATS
    • Scala
  • 🔌Integrations Center
    • Index
    • Processing
      • Zapier
    • Change data Capture (CDC)
      • Debezium
    • Monitoring
      • Datadog
      • Grafana
    • Notifications
      • Slack
    • Storage tiering
      • S3-Compatible Object Storage
    • Source code
      • GitHub
    • Other platforms
      • Argo
  • 🗒️Release notes
    • KB
    • Releases
      • v1.4.3 - latest/stable
      • v1.4.2
      • v1.4.1
      • v1.4.0
      • v1.3.1
      • v1.3.0
      • v1.2.0
      • v1.1.1
      • v1.1.0
      • v1.0.3
      • v1.0.2
      • v1.0.1
      • V1.0.0 - GA
      • v0.4.5 - beta
      • v0.4.4 - beta
      • v0.4.3 - beta
      • v0.4.2 - beta
      • v0.4.1 - beta
      • v0.4.0 - beta
      • v0.3.6 - beta
      • v0.3.5 - beta
      • v0.3.0 - beta
      • v0.2.2 - beta
      • v0.2.1 - beta
      • v0.2.0 - beta
      • v0.1.0 - beta
Powered by GitBook
LogoLogo

Legal

  • Terms of Service
  • Privacy Policy

All rights reserved to Memphis.dev 2023

On this page
  • Step 1: Generate Certificates
  • Step 2: Create a Secret with the Certificates
  • Step 3: Prepare the Metadata TLS Values File
  • Step 4: Deploy Memphis with the Updated Values

Was this helpful?

  1. Open-Source Installation
  2. Kubernetes
  3. Guides

TLS - Deploy Memphis with TLS Connection to Metadata Frontend

The self-signed certificates generated in this section are intended for testing and development. In production environments, it is strongly recommended to use certificates issued by a trusted Certificate Authority (CA) for enhanced security.

Step 1: Generate Certificates

Begin by generating the necessary SSL certificates using OpenSSL:

openssl genrsa -des3 -passout pass:password -out ./client_tls.key
openssl rsa -in ./client_tls.key -passin pass:password -out ./client_tls.key
openssl req -new -key ./client_tls.key -out ./client_tls.csr -subj "/C=AU/ST=NSW/L=DY/O=MyOrg/OU=Dev/CN=postgres"
openssl x509 -req -in ./client_tls.csr -CA ./ca.crt -CAkey ./ca.key -out ./client_tls.crt -CAcreateserial

Step 2: Create a Secret with the Certificates

Next, create a Kubernetes secret that holds the SSL certificates:

kubectl create secret generic tls-secret \
--from-file=client_tls.crt \
--from-file=client_tls.key \
--from-file=ca.crt -n memphis

Step 3: Prepare the Metadata TLS Values File

Create a values file named metadata_tls.yaml with the following content:

metadata:
  pgpool:
    tls:
      enabled: true
      autoGenerated: false
      preferServerCiphers: true
      certificatesSecret: "tls-secret"
      certFilename: "client_tls.crt"
      certKeyFilename: "client_tls.key"
      certCAFilename: "ca.crt"

Step 4: Deploy Memphis with the Updated Values

Deploy Memphis with the newly created values file using Helm:

helm repo add memphis https://k8s.memphis.dev/charts/ --force-update
helm install -f metadata_tls.yaml memphis memphis/memphis --create-namespace --namespace memphis --wait

Last updated 1 year ago

Was this helpful?

📦