a few questions:
where i need to add that block ? is that in my cluster.yaml ?
cert manager is already deployed in our EKS clusters
so how to make my FDB use the certs ?
First I want to mention that currently it is not straight forward to configure TLS using FDB K8s operator. If you want to contribute to improve the TLS configuration using FDB K8s Operator.There is an open issue Restructure TLS settings and handling in the operator.
where i need to add that block ? is that in my cluster.yaml ?
As pointed in the documentation in order to get TLS working you need to make your certificates available to several components:
The fdb cluster configuration through the cluster.yaml. See tls.md#example-cluster-with-tls. This will allow cluster nodes to use tls connections to communicate.
The fdb k8s operator in the operator manifest (typically samples/deployment.yaml). See tls.md#configuring-the-operator. This will allow FDB K8s operator to communicate with the TLS enabled cluster and the Sidecar (assuming your certificates are valid for the Pod IP).
If you are using backup. The backup agents through backup.yaml see samples/backup.yaml This will allow the backup agents to use tls connections to the backup destination.
And the fdb clients will also need to have their TLS certificates configured. This will allow the clients to connect to the TLS enabled FDB cluster.
cert manager is already deployed in our EKS clusters
so how to make my FDB use the certs ?
First you need to generate the certificates according to your needs.
This is an example cert-manager wildcard certificate for a namespace. Which could be used for testing purposes.
Then you can make them available to the FDB Cluster, Operator, Backup agents and FDB Clients using a volume to share the cert. Note the difference between the secretName which refers to the TLS certificate and the volume name. In the example they are both named fdb-certs.
The following excerpts from the documentation show how it is done: