Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for cassandra tls #1390

Merged
merged 2 commits into from
Jul 1, 2024
Merged

Add support for cassandra tls #1390

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a4ab2b
Add support for cassandra tls under v2.15
Jun 27, 2024
d3d4777
Merge branch 'main' into feature-cassandra-tls-v3
rxg8255 Jun 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 100 additions & 1 deletion content/docs/2.15/scalers/cassandra.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,11 @@ You can authenticate by using a password via `TriggerAuthentication` configurati
**Password Authentication:**

- `password` - Password for configured user to log in to the Cassandra instance.
- `tls` - To enable SSL auth for Cassandra session, set this to enable. If not set, TLS for Cassandra is not used. (Values: enable, disable, Default: disable, Optional).
- `cert` - Certificate path for client authentication. Mandatory if tls enabled. (Optional)
- `key` - Key path for client authentication. Mandatory if tls enabled. (Optional)

### Example
### Example with no TLS auth

```yaml
apiVersion: v1
Expand Down Expand Up @@ -87,3 +90,99 @@ spec:
authenticationRef:
name: keda-trigger-auth-cassandra-secret
```

### Example with TLS auth

Since we are passing Cert and Key content as inputs to the scaler, we have to supply writable location for required GSSAPI configurations for the `keda-operator` container.

##### `sasl/gssapi` in manager.yaml

If you use YAML declarations to deploy KEDA, add below volume mount and volume to supply writable location for required GSSAPI configurations for the `keda-operator` container.

```
volumeMounts:
- mountPath: /tmp/cassandra
name: temp-cassandra-vol
readOnly: false

volumes:
- name: temp-cassandra-vol
emptyDir:
medium: Memory
```

##### `sasl/gssapi` in keda-charts

If you use Helm Charts to deploy KEDA, add below volume mount and volume to supply writable location for required gssapi configurations.

```
volumes.keda.extraVolumeMounts
- mountPath: /tmp/cassandra
name: temp-cassandra-vol
readOnly: false

volumes.keda.extraVolumes
- name: temp-cassandra-vol
emptyDir:
medium: Memory
```

Once we have the writable mount path set up for the certificates and keys.

```yaml
apiVersion: v1
kind: Secret
metadata:
name: cassandra-secrets
type: Opaque
data:
cassandra_password: CASSANDRA_PASSWORD
tls: enable
cert: <cert content | base64encoded>
key: <key content | base64encoded>
## Optional parameter ca ##
ca: <ca cert content | base64encoded>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: keda-trigger-auth-cassandra-secret
spec:
secretTargetRef:
- parameter: password
name: cassandra-secrets
key: cassandra_password
- parameter: tls
name: cassandra-secrets
key: tls
- parameter: cert
name: cassandra-secrets
key: cert
- parameter: key
name: cassandra-secrets
key: key
## Optional parameter ca ##
- parameter: ca
name: cassandra-secrets
key: ca
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: cassandra-scaledobject
spec:
scaleTargetRef:
name: nginx-deployment
triggers:
- type: cassandra
metadata:
username: "cassandra"
port: "9042"
clusterIPAddress: "cassandra.default"
consistency: "Quorum"
protocolVersion: "4"
query: "SELECT COUNT(*) FROM test_keyspace.test_table;"
targetQueryValue: "1"
authenticationRef:
name: keda-trigger-auth-cassandra-secret
```