Is there a configurable way to enable the data encryption for node-to-node and client-to-node? Thanks!
Yes, the cass-operator does it for you if you add the configuration to the
Here’s an example from a test DC yaml:
apiVersion: cassandra.datastax.com/v1beta1 kind: CassandraDatacenter metadata: name: dc2 spec: ... config: ... cassandra-yaml: server_encryption_options: internode_encryption: all keystore: /etc/encryption/node-keystore.jks keystore_password: dc2 truststore: /etc/encryption/node-keystore.jks truststore_password: dc2
@ErickRamirezAU Thank you for the guide! Since I am using the k8ssandra helm chart. It does not support such configurations in the values.yaml. So do I need to dump the cassdc as yaml, then edit the yaml file to add the configuration and re-apply it?
That’s a good question. I’ve reached out to the team and will get you a response soon. Cheers!
Unfortunately, encryption within the cluster is not yet exposed via K8ssandra’s configuration. It’s an item on the roadmap, but it’s not being worked on yet.
Like was mentioned, you can configured it directly through cass-operator, but that will require some manual effort, particularly if the cluster is redeployed later, you’d want to reapply the configurations made manually.