Does k8ssandra support enabling SSL/TLS for data encryption?

Hi,
Is there a configurable way to enable the data encryption for node-to-node and client-to-node? Thanks!

1 Like

Yes, the cass-operator does it for you if you add the configuration to the CassandraDatacenter.

Here’s an example from a test DC yaml:

apiVersion: cassandra.datastax.com/v1beta1
kind: CassandraDatacenter
metadata:
  name: dc2
spec:
  ...
config:
  ...
  cassandra-yaml:
    server_encryption_options:
      internode_encryption: all
      keystore: /etc/encryption/node-keystore.jks
      keystore_password: dc2
      truststore: /etc/encryption/node-keystore.jks
      truststore_password: dc2

@ErickRamirezAU Thank you for the guide! Since I am using the k8ssandra helm chart. It does not support such configurations in the values.yaml. So do I need to dump the cassdc as yaml, then edit the yaml file to add the configuration and re-apply it?

1 Like

That’s a good question. I’ve reached out to the team and will get you a response soon. Cheers! :beers:

Unfortunately, encryption within the cluster is not yet exposed via K8ssandra’s configuration. It’s an item on the roadmap, but it’s not being worked on yet.

Like was mentioned, you can configured it directly through cass-operator, but that will require some manual effort, particularly if the cluster is redeployed later, you’d want to reapply the configurations made manually.

2 Likes

There is some support for TLS in K8ssandra now. Please see kubernetes - Configuring internode encryption (TLS) in K8ssandra - Stack Overflow for a detailed description of how to configure things.

1 Like