• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Project Mission Control

    • Overview
      • Release notes
      • FAQs
      • Get support
    • Installing DataStax Mission Control
      • Plan your install
      • Server-based Runtime Installer
        • Services setup with DataStax Mission Control Runtime Installer
      • Bring your own Kubernetes
        • Install Control Plane
        • Install Data Plane
    • Securing
      • Authentication
      • Connect LDAP authentication backend
      • Connect OpenID authentication backend
      • Client-to-node encryption
      • Internode encryption
      • Secure DataStax Mission Control
      • DSE Unified Authorization
    • Migrating
      • Migrate a DSE Cluster to DataStax Mission Control
    • Managing
      • Manage DSE clusters
        • Configure DSE
        • Cluster lifecycle
          • Create a cluster
          • Create a single-token cluster
          • Create a multi-token cluster
          • Changing cluster Replication Factor
          • Terminate a DSE cluster
          • Upgrade a DSE cluster
        • Datacenter lifecycle
          • Add a DSE datacenter
          • Terminate a DSE datacenter
        • Node lifecycle
          • Add DSE nodes
          • Terminate DSE nodes
          • Use per-node configurations
      • Manage DataStax Mission Control infrastructure
        • Manage projects
        • Manage clusters
        • Add a node to DataStax Mission Control clusters
        • Terminate a node from DataStax Mission Control clusters
        • Storage classes defined
      • Manage DataStax Mission Control resources
        • Access Admin Console
        • Configure DataStax Mission Control
        • Generate a support bundle
      • Observability
        • Metrics
    • Operations
      • Cleanup
      • Rebuild
      • Replace a node
      • Rolling restart
      • Upgrade SSTables
    • Reference
      • MissionControlCluster manifest
      • CassandraTask manifest
  • DataStax Project Mission Control
  • Securing
  • Client-to-node encryption

Client-to-node encryption

DataStax Mission Control is currently in Public Preview. DataStax Mission Control is not intended for production use, has not been certified for production workloads, and might contain bugs and other functional issues. There is no guarantee that DataStax Mission Control will ever become generally available. DataStax Mission Control is provided on an “AS IS” basis, without warranty or indemnity of any kind.

If you are interested in trying out DataStax Mission Control please join the Public Preview.

DataStax Mission Control does not currently orchestrate client-to-node encryption. It can be enabled by generating the keystore and truststore for the client-to-node certificates and storing them as a secret in the same namespace as the cluster:

kubectl create secret generic client-encryption-stores --from-file=keystore.jks --from-literal=keystore-password=<keystore password> --from-file=truststore.jks --from-literal=truststore-password=<truststore password>

Once the secret is created, reference it in the MissionControlCluster spec:

apiVersion: missioncontrol.datastax.com/v1beta1
kind: MissionControlCluster
metadata:
  name: test
spec:
  k8ssandra:
    cassandra:
      ...
      ...
      config:
        cassandraYaml:
          client_encryption_options:
              enabled: true
              require_client_auth: true
      clientEncryptionStores:
        keystoreSecretRef:
          name: client-encryption-stores
        truststoreSecretRef:
          name: client-encryption-stores
      ...
      ...
Connect OpenID authentication backend Internode encryption

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage