DataStax Mission Control is currently in Public Preview. DataStax Mission Control is not intended for production use, has not been certified for production workloads, and might contain bugs and other functional issues. There is no guarantee that DataStax Mission Control will ever become generally available. DataStax Mission Control is provided on an “AS IS” basis, without warranty or indemnity of any kind.
If you are interested in trying out DataStax Mission Control please join the Public Preview.
DataStax Mission Control does not currently orchestrate client-to-node encryption. It can be enabled by generating the keystore and truststore for the client-to-node certificates and storing them as a secret in the same namespace as the cluster:
kubectl create secret generic client-encryption-stores --from-file=keystore.jks --from-literal=keystore-password=<keystore password> --from-file=truststore.jks --from-literal=truststore-password=<truststore password>
Once the secret is created, reference it in the
apiVersion: missioncontrol.datastax.com/v1beta1 kind: MissionControlCluster metadata: name: test spec: k8ssandra: cassandra: ... ... config: cassandraYaml: client_encryption_options: enabled: true require_client_auth: true clientEncryptionStores: keystoreSecretRef: name: client-encryption-stores truststoreSecretRef: name: client-encryption-stores ... ...