Chapter 7. Configuring Security in Kubernetes

Documentation

VoltDB Home » Documentation » VoltDB Kubernetes Administrator's Guide

Chapter 7. Configuring Security in Kubernetes

There are two aspects to security with Volt Active Data — security within the database with is managed through user accounts and roles and network security between the database nodes, between the cluster and client applications, and between clusters in the case of cross datacenter replication (XDCR). For internal security, you define user accounts as part of the database configuration and assign them to roles that are defined as part of the schema. For network security, Volt recommends encryption and authentication certificates using the TLS/SSL protocol. The following sections explain how to configure both types of security within Kubernetes.

7.1. Configuring User Accounts and Roles Within The Database

User accounts allow you to control who has access to specific functions and procedures within the database. Security is enabled in the configuration with the cluster.config.deployment.security.enabled property. You must also use the properties to define the actual user names, passwords, and assigned roles. The users property expects a list of sub-elements so you must prefix each set of properties with a hyphen.

If you enable basic security, you must also tell the VoltDB operator which account to use when accessing the database. To do that, you define the cluster.config.auth properties, as shown below, which must specify an account with the built-in administrator role. The following example enables basic security, defines two accounts, and assigns the admin account for use by the VoltDB Operator:

cluster:
  config:
    deployment:
      security:
        enabled: true
      users:
        - name: admin
          password: superman
          roles: administrator
        - name: mitty
          password: thurber
          roles: user
    auth:
      username: admin
      password: superman