Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

How to enable encryption

Note:

The TLS settings here are for self-signed-certificates which are not recommended for production clusters, the tls-certificates-operator charm offers a variety of configurations, read more on the TLS charm here.

Enable TLS

# deploy the TLS charm 
juju deploy tls-certificates-operator --channel=stable
# add the necessary configurations for TLS
juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA" 
# to enable TLS relate the two applications 
juju relate mongodb-k8s tls-certificates-operator

Manage keys

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note passing keys to external/internal keys should only be done with base64 -w0 not cat. With three replicas this schema should be followed

  • Generate a shared internal key
openssl genrsa -out internal-key.pem 3072
  • generate external keys for each unit
openssl genrsa -out external-key-0.pem 3072
openssl genrsa -out external-key-1.pem 3072
openssl genrsa -out external-key-2.pem 3072
  • apply both private keys on each unit, shared internal key will be allied only on juju leader
juju run mongodb-k8s/0 set-tls-private-key "external-key=$(base64 -w0 external-key-0.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"
juju run mongodb-k8s/1 set-tls-private-key "external-key=$(base64 -w0 external-key-1.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"
juju run mongodb-k8s/2 set-tls-private-key "external-key=$(base64 -w0 external-key-2.pem)"  "internal-key=$(base64 -w0 internal-key.pem)"
  • updates can also be done with auto-generated keys with
juju run mongodb/0 set-tls-private-key
juju run mongodb/1 set-tls-private-key
juju run mongodb/2 set-tls-private-key

Disable TLS remove the relation

juju remove-relation mongodb tls-certificates-operator

Last updated 7 months ago. Help improve this document in the forum.