-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d7fa6e8
commit 68eaf68
Showing
11 changed files
with
119 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
# Qdrant TLS Guide | ||
|
||
In this guide you create a Qdrant cluster with enabled TLS encryption. | ||
|
||
1. Create Qdrant Cluster | ||
|
||
```bash | ||
cat <<EOF | kubectl apply -f - | ||
apiVersion: qdrant.operator/v1alpha1 | ||
kind: QdrantCluster | ||
metadata: | ||
name: my-auth-cluster | ||
spec: | ||
replicas: 1 | ||
image: qdrant/qdrant:v1.7.3 | ||
tls: | ||
enabled: true | ||
EOF | ||
``` | ||
|
||
2. Create a new collection to check if operator can connect to the cluster: | ||
|
||
```bash | ||
cat <<EOF | kubectl apply -f - | ||
apiVersion: qdrant.operator/v1alpha1 | ||
kind: QdrantCluster | ||
metadata: | ||
name: my-notls-cluster | ||
spec: | ||
replicas: 1 | ||
image: qdrant/qdrant:v1.7.3 | ||
EOF | ||
``` | ||
|
||
3. Start a new pod with a Certificate Authority, mounted as a volume from the Kubernetes secret: | ||
|
||
```bash | ||
cat <<EOF | kubectl apply -f - | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: tlsclient | ||
spec: | ||
containers: | ||
- image: curlimages/curl | ||
name: mycurlpod | ||
command: ["/bin/sh"] | ||
args: ["-c", "while true; do echo hello; sleep 10;done"] | ||
volumeMounts: | ||
- name: cert | ||
readOnly: true | ||
mountPath: "/cert/cacert.pem" | ||
subPath: cacert.pem | ||
volumes: | ||
- name: cert | ||
secret: | ||
secretName: my-tls-cluster-server-cert | ||
items: | ||
- key: cacert.pem | ||
path: cacert.pem | ||
EOF | ||
``` | ||
|
||
4. Wait for the pod readiness and connect to it: | ||
|
||
```bash | ||
kubectl wait pods tlsclient --for condition=Ready --timeout=300s | ||
kubectl exec -it tlsclient -- sh | ||
``` | ||
|
||
5. Request the collection list to check if HTTPS works: | ||
|
||
```bash | ||
curl --cacert /cert/cacert.pem https://my-tls-cluster.default:6333/collections | ||
``` | ||
|
||
You will see a similar output: | ||
|
||
```console | ||
{"result":{"collections":[{"name":"my-tls-collection"}]},"status":"ok","time":0.000017} | ||
``` | ||
|
||
6. Press `CTRL-D` to exit the pod shell. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: qdrant.operator/v1alpha1 | ||
kind: QdrantCluster | ||
metadata: | ||
name: my-cluster | ||
spec: | ||
replicas: 3 | ||
image: qdrant/qdrant:v1.7.3 | ||
tls: | ||
enabled: true | ||
mtls: true | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{:metadata.name}}-client-cert | ||
namespace: {{:metadata.namespace}} | ||
ownerReferences: | ||
- apiVersion: {{:apiVersion}} | ||
kind: {{:kind}} | ||
name: {{:metadata.name}} | ||
uid: {{:metadata.uid}} | ||
data: | ||
cert.pem: '' | ||
key.pem: '' | ||
cacert.pem: '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters