Configuring mTLS for Cassandra
Learn how to configure mTLS for Cassandra in a hybrid deployment.
About this task
Complete the following steps to configure mTLS inter and intra-cluster communication to use Cassandra with geo-redundancy securely.
Cassandra TLS is disabled by default. To enable TLS, add the following to the Netcool®
Operations Insight® instance:
spec: helmValuesNOI: global.internalCaCertificate.secretName: Name of the secret containing the certificate. Default: noi-root-ca global.internalCaCertificate.certificateName: Name of certificate within the secret. Default: tls.crt global.internalCaCertificate.certificateKeyName: Name of key within the secret. Default: tls.key global.cassandra.clientEncryption: true # Enables TLS for Cassandra client communication global.cassandra.requireClientAuth: true # Enable mutual TLS, also require enableMTLS global.cassandra.enableMTLS: true # Enable mutual TLS, also require requireClientAuth ibm-hdm-analytics-dev.cassandra.internodeEncryption: all # Enable mutual TLS between nodes and clusters. Default: noneNote: Configure mTLS for Cassandra. This configuration is used by Cassandra.
- Use the existing CA Certificate secret or create a new one.
noi-root-cais the default CA Certificate secret that is used in step 1. To create a CA Certificate secret, see Creating hybrid secrets.
- Restart the Netcool Operations Insight operator to reset the topology pods. These topology pods connect to the Cassandra pod that is running in TLS mode.