This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Hybrid Cassandra password updates Apigee Hybrid 1.8.x

Posted on 01-18-2023 12:23 PM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

As per article  lists the manual changes to Apigee Hybrid Cassendra.

When reviewing the listed apigee docs for manually changing the password to either K8s secret 

Or to Override files 

Have following queries:

1) Is listed changes required for every CS participating in ring ?. Like if my use case have Azure K8s (AKS) (Apigee Hybrid runtime CS Ring) and GKE Apigee Hybrid runtime (each having 6 CS meaning) 12  total Cassendra across both Apigee Hybrid runtimes nodes.

Does above changes to be done to each Cassendra ? Meaning repeat the listed 12 times for each cassendra ?

2) What could be realistic down time should be planned for such activity.

IF Use case requires,  changing password each six months as an example.

@dino   @imesh  @rajeshmi 

 

Solved Solved
0 3 192
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
rajeshmi
Staff
Reply posted on --/--/---- --:-- AM

1. You have to make changes one per participating cluster and not per Cassandra node. This means you have do once for AKS and one for GKE.

2.  it requires rolling restart of cassandra pods, mart pods and synchronizer pods and the realistic downtime ballpark figure could be anywhere between 10 - 20 mins depending upon the available resources. 

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
rajeshmi
Staff
In response to aramkrishna6
Reply posted on --/--/---- --:-- AM

From technical standpoint , there is no difference between either of approach but you have to look from operator point of view managing overrides files in the source control with all passwords. This could be a big risk from security point of view. Kubernetes secrets can be added security team based on enterprise security policy and operators can reference these values in overrides files. 

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
rajeshmi
Staff
Reply posted on --/--/---- --:-- AM

1. You have to make changes one per participating cluster and not per Cassandra node. This means you have do once for AKS and one for GKE.

2.  it requires rolling restart of cassandra pods, mart pods and synchronizer pods and the realistic downtime ballpark figure could be anywhere between 10 - 20 mins depending upon the available resources. 

Jump to Solution

Posted on --/--/---- --:-- AM
aramkrishna6
Bronze 5
Bronze 5
In response to rajeshmi
Reply posted on --/--/---- --:-- AM

Thanks @rajeshmi  for response.

.As per article  

1) If the changes are required for override file for listed per Configuring TLS for Cassandra  |  Apigee X  |  Google Cloud

Will have manually edit the listed file for password changes and restart the pod as per documented steps once for given runtime

2) If the listed changes are required only for Kubernetes secret per Configuring TLS for Cassandra  |  Apigee X  |  Google Cloud

Will require to run the same query for listed 5 users once for given runtime 

2) Do we have any decision point to use either of  overridefile Vs kubernetes secret for Apigee Hybrid Cassendra ?  

@dino @imesh 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
rajeshmi
Staff
In response to aramkrishna6
Reply posted on --/--/---- --:-- AM

From technical standpoint , there is no difference between either of approach but you have to look from operator point of view managing overrides files in the source control with all passwords. This could be a big risk from security point of view. Kubernetes secrets can be added security team based on enterprise security policy and operators can reference these values in overrides files. 

Jump to Solution