This software is pre-production and should not be deployed to production servers.
Table of Contents
Secure Socket Layer allows to establish authenticated secure communication with external services like:
- Kubernetes,
- Mesos,
- Zookeeper,
- etcd.
In all these cases SSL component can be used to configure client side PKI based authentication or
server certifications validation.
For KubernetesNode, MesosNode and EtcdDatabase the SSL component is just wrapper for
underlying requests library parameters: ssl_verify and cert.
Please go to requests library documentation for further reference.
For ZookeeperDatabase, the SSL component is just a transport for following parameters for
KazooClient class: use_ssl, ca, certfile, keyfile and verify_certs.
Please go to Kazoo client documentation for more information.
Example of minimal configuration that uses SSL:
runner: !MeasurementRunner
node: !KubernetesNode
ssl: !SSL
server_verify: True
client_cert_path: "$PATH/apiserver-kubelet-client.crt"
client_key_path: "$PATH/apiserver-kubelet-client.key"
kubelet_endpoint: https://127.0.0.1:10250SSL object has the following properties:
- server_verify - enabled by default to check server certificates against trusted local storage CA or given CA storage (if provided as path),
- client_cert_path and client_key_path - to enable client certificates based authentication on server side
Note that for KubernetesNode, MesosNode or EtcdDatabase it is also required to enable "https" scheme
explicitly in endpoint and hosts properties.