Hi,
As per article lists the manual changes to Apigee Hybrid Cassendra.
When reviewing the listed apigee docs for manually changing the password to either K8s secret
Or to Override files
Have following queries:
1) Is listed changes required for every CS participating in ring ?. Like if my use case have Azure K8s (AKS) (Apigee Hybrid runtime CS Ring) and GKE Apigee Hybrid runtime (each having 6 CS meaning) 12 total Cassendra across both Apigee Hybrid runtimes nodes.
Does above changes to be done to each Cassendra ? Meaning repeat the listed 12 times for each cassendra ?
2) What could be realistic down time should be planned for such activity.
IF Use case requires, changing password each six months as an example.
Solved! Go to Solution.
1. You have to make changes one per participating cluster and not per Cassandra node. This means you have do once for AKS and one for GKE.
2. it requires rolling restart of cassandra pods, mart pods and synchronizer pods and the realistic downtime ballpark figure could be anywhere between 10 - 20 mins depending upon the available resources.
From technical standpoint , there is no difference between either of approach but you have to look from operator point of view managing overrides files in the source control with all passwords. This could be a big risk from security point of view. Kubernetes secrets can be added security team based on enterprise security policy and operators can reference these values in overrides files.
1. You have to make changes one per participating cluster and not per Cassandra node. This means you have do once for AKS and one for GKE.
2. it requires rolling restart of cassandra pods, mart pods and synchronizer pods and the realistic downtime ballpark figure could be anywhere between 10 - 20 mins depending upon the available resources.
Thanks @rajeshmi for response.
.As per article
1) If the changes are required for override file for listed per Configuring TLS for Cassandra | Apigee X | Google Cloud
Will have manually edit the listed file for password changes and restart the pod as per documented steps once for given runtime
2) If the listed changes are required only for Kubernetes secret per Configuring TLS for Cassandra | Apigee X | Google Cloud
Will require to run the same query for listed 5 users once for given runtime
2) Do we have any decision point to use either of overridefile Vs kubernetes secret for Apigee Hybrid Cassendra ?
From technical standpoint , there is no difference between either of approach but you have to look from operator point of view managing overrides files in the source control with all passwords. This could be a big risk from security point of view. Kubernetes secrets can be added security team based on enterprise security policy and operators can reference these values in overrides files.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |