A newer version of Hazelcast Operator is available.

View latest

Configuring TLS

Hazelcast TLS is a security feature that provides encryption and authentication of data transmitted between Hazelcast nodes, preventing unauthorized access and eavesdropping.

Hazelcast TLS uses standard SSL/TLS certificates, which can be obtained from trusted Certificate Authorities (CA) or self-signed. The certificates are used to establish trust between the communicating parties and ensure the authenticity of the communication channel.

See TLS/SSL Basics for more detailed information about the configuration and behavior of TLS in Hazelcast.

Prerequisites for TLS

Before you create and configure TLS, you need to create Kubernetes secret:

kubectl create secret tls example --cert=example.crt --key=example.key

Configuring Hazelcast TLS

Below are the configuration options for the TLS.

Field Description

secretName

Specifies the name of Kubernetes TLS secret.

Example Configuration

The example configuration does the following:

  • Enables member to member and member-client Hazelcast TLS connections

  • Enforces mutual TLS authentication for cluster members

Example Hazelcast configuration
apiVersion: hazelcast.com/v1alpha1
kind: Hazelcast
metadata:
  name: hazelcast
spec:
  clusterSize: 3
  repository: 'docker.io/hazelcast/hazelcast-enterprise'
  licenseKeySecret: hazelcast-license-key
  tls:
    secretName: example
Example Managment Center configuration
apiVersion: hazelcast.com/v1alpha1
kind: ManagementCenter
metadata:
  name: managementcenter
spec:
  repository: 'hazelcast/management-center'
  licenseKeySecret: hazelcast-license-key
  externalConnectivity:
    type: LoadBalancer
  hazelcastClusters:
    - address: hazelcast
      name: dev
      tls:
        secretName: example