How to configure GPRC with TLS in redtail

Products	Versions
TIBCO Operational Intelligence Hawk RedTail	7.1.0, 7.2.0

Description

Follow the steps in this article to create the certificates used by GRPC, and configure TLS in both HawkConsole in k8s <--> HawkAgent in k8s and HawkConsole in k8s <--> HawkAgent in premises.
The idea is:

Create the certificates and store them in secrets;
Mount secret to pods in .yaml file;
Let HawkConsole and HawkAgent read the certificates from secrets.

Issue/Introduction

How to configure GPRC with TLS in redtail

Environment

Cloud, K8S, kubernetes

Resolution

Download the script in attachment, edit it as needed;
Run this script to generate the certificates and .yaml;
Deploy the redtail-secrets-grpc.yaml to create the secrets;
Edit redtail_hkceagent.yaml and redtail_console.yaml in text editor, set "grpc_enable_tls" to "true" . And appended the lines below:

(also see the example in redtail_console.yaml attached)

volumeMounts:
- name: redtail-secret-volume
mountPath: /redtail/tls-grpc/
readOnly: true
volumes:
- name: redtail-secret-volume
secret:
secretName: redtail-secrets-grpc

Redeploy redtail_hkceagent.yaml and redtail_console.yaml

For Hawkagent running on premises:

Copy the certificates generated above to the machine where hawkagent is running
Edit hawkagent.cfg, configure grpc properties below:

-grpc_session grpc_svc_external_url:port
-grpc_enable_tls true
-grpc_server_ca /full/path/grpc_certs/ca.crt
-grpc_server_hostname mytestgrpc
-grpc_client_certificate /full/path/grpc_certs/client.crt
-grpc_client_key /full/path/grpc_certs/client.pem

Start the hawkagent, register this domain in HawkConsole. You should be able to see this domain from HawkConsole.

Attachments

How to configure GPRC with TLS in redtail get_app

Welcome to "KB Articles"