Hazelcast TLS is a security feature that provides encryption and authentication of data transmitted between Hazelcast nodes, preventing unauthorized access and eavesdropping.
Hazelcast TLS uses standard SSL/TLS certificates, which can be obtained from trusted Certificate Authorities (CA) or self-signed. The certificates are used to establish trust between the communicating parties and ensure the authenticity of the communication channel.
See TLS/SSL Basics for more detailed information about the configuration and behavior of TLS in Hazelcast.
Prerequisites for TLS
Before you create and configure TLS, you need to create Kubernetes secret:
kubectl create secret tls example --cert=example.crt --key=example.keyConfiguring Hazelcast TLS
Below are the configuration options for the TLS.
| Field | Description |
|---|---|
|
Specifies the name of Kubernetes TLS secret. |
|
Mutual authentication configuration, available values are:
|
Example Configuration
The example configuration does the following:
-
Enables member to member and member-client Hazelcast TLS connections
-
Enforces mutual TLS authentication for cluster members
apiVersion: hazelcast.com/v1alpha1
kind: Hazelcast
metadata:
name: hazelcast
spec:
clusterSize: 3
repository: 'docker.io/hazelcast/hazelcast-enterprise'
licenseKeySecretName: hazelcast-license-key
tls:
secretName: exampleapiVersion: hazelcast.com/v1alpha1
kind: ManagementCenter
metadata:
name: managementcenter
spec:
repository: 'hazelcast/management-center'
licenseKeySecretName: hazelcast-license-key
hazelcastClusters:
- address: hazelcast
name: dev
tls:
secretName: example