TLS - Securing Memphis Client with TLS

In order to ensure the secure deployment of Memphis on a Kubernetes cluster, you can use Transport Layer Security (TLS) certificates for encrypting communication.

The self-signed certificates generated in this section are intended for testing and development. In production environments, it is strongly recommended to use certificates issued by a trusted Certificate Authority (CA) for enhanced security.

Create Self-Signed Certificates for the Memphis Server

  • Generate self-signed certificates for the Memphis server using mkcert. These certificates are essential for securing the Memphis server:

mkcert -client \
-cert-file memphis_client.pem \
-key-file memphis-key_client.pem  \
"" "localhost" "*" ::1 \
  • To locate the root certificate authority (CA) generated by mkcert, use the following command:

mkcert -CAROOT
  • To create self-signed certificates for client applications use the following command:

mkcert -client \
-cert-file client.pem \
-key-file key-client.pem  \
localhost ::1

Securing Memphis Deployment with TLS

  • Create a Kubernetes secret in the "memphis" namespace to store the necessary TLS certificates and keys. Use the following command:

$ kubectl create secret generic tls-client-secret \
--from-file=memphis_client.pem \
--from-file=memphis-key_client.pem \
--from-file=rootCA.pem -n memphis
  • Edit your Helm values.yaml file to include the TLS configuration under the "memphis.tls" section as follows:

    name: tls-client-secret
  ca: "rootCA.pem"
  cert: "memphis_client.pem"
  key: "memphis-key_client.pem"
  • Now, deploy Memphis using Helm with the following command:

helm install my-memphis memphis \ 
--create-namespace --namespace memphis --wait
  • Alternatively, you can deploy Memphis using Helm in a single line with all the TLS configurations provided as parameters:

$ helm install my-memphis memphis \
--create-namespace --namespace memphis --wait \
--set \

Note: The global.cluster.enabled configuration, omitted in this command, is intended for situations in which Memphis is deployed within a cluster environment. Ensure that you activate it as necessary when configuring deployments as a cluster.

Last updated


All rights reserved to 2023