TLS - Securing Memphis Client with TLS
In order to ensure the secure deployment of Memphis on a Kubernetes cluster, you can use Transport Layer Security (TLS) certificates for encrypting communication.
Create Self-Signed Certificates for the Memphis Server
Generate self-signed certificates for the Memphis server using
mkcert
. These certificates are essential for securing the Memphis server:
mkcert -client \
-cert-file memphis_client.pem \
-key-file memphis-key_client.pem \
"127.0.0.1" "localhost" "*.memphis.dev" ::1 \
email@localhost
To locate the root certificate authority (CA) generated by
mkcert
, use the following command:
mkcert -CAROOT
To create self-signed certificates for client applications use the following command:
mkcert -client \
-cert-file client.pem \
-key-file key-client.pem \
localhost ::1
Securing Memphis Deployment with TLS
Create a Kubernetes secret in the "memphis" namespace to store the necessary TLS certificates and keys. Use the following command:
$ kubectl create secret generic tls-client-secret \
--from-file=memphis_client.pem \
--from-file=memphis-key_client.pem \
--from-file=rootCA.pem -n memphis
Edit your Helm
values.yaml
file to include the TLS configuration under the "memphis.tls" section as follows:
tls:
secret:
name: tls-client-secret
ca: "rootCA.pem"
cert: "memphis_client.pem"
key: "memphis-key_client.pem"
Now, deploy Memphis using Helm with the following command:
helm install my-memphis memphis \
--create-namespace --namespace memphis --wait
Alternatively, you can deploy Memphis using Helm in a single line with all the TLS configurations provided as parameters:
$ helm install my-memphis memphis \
--create-namespace --namespace memphis --wait \
--set \
memphis.tls.cert="memphis_client.pem",\
memphis.tls.key="memphis-key_client.pem",\
memphis.tls.secret.name="tls-client-secret",\
memphis.tls.ca="rootCA.pem"
Last updated
Was this helpful?