Hazelcast TLS is a security feature that provides encryption and authentication of data transmitted between Hazelcast nodes, preventing unauthorized access and eavesdropping.
Hazelcast TLS uses standard SSL/TLS certificates, which can be obtained from trusted Certificate Authorities (CA) or self-signed. The certificates are used to establish trust between the communicating parties and ensure the authenticity of the communication channel.
See TLS/SSL Basics for more detailed information about the configuration and behavior of TLS in Hazelcast.
Prerequisites for TLS
Before you create and configure TLS, you need to create Kubernetes secret:
kubectl create secret tls example --cert=example.crt --key=example.key
Configuring Hazelcast TLS
Below are the configuration options for the TLS.
Specifies the name of Kubernetes TLS secret.
The example configuration does the following:
Enables member to member and member-client Hazelcast TLS connections
Enforces mutual TLS authentication for cluster members
apiVersion: hazelcast.com/v1alpha1 kind: Hazelcast metadata: name: hazelcast spec: clusterSize: 3 repository: 'docker.io/hazelcast/hazelcast-enterprise' licenseKeySecret: hazelcast-license-key tls: secretName: example
apiVersion: hazelcast.com/v1alpha1 kind: ManagementCenter metadata: name: managementcenter spec: repository: 'hazelcast/management-center' licenseKeySecret: hazelcast-license-key externalConnectivity: type: LoadBalancer hazelcastClusters: - address: hazelcast name: dev tls: secretName: example