How to configure GPRC with TLS in redtail

How to configure GPRC with TLS in redtail

book

Article ID: KB0071987

calendar_today

Updated On:

Products

TIBCO Operational Intelligence Hawk RedTail

Description

Follow the steps in this article to create the certificates used by GRPC, and configure TLS in both HawkConsole in k8s <--> HawkAgent in k8s and HawkConsole in k8s <--> HawkAgent in premises.
The idea is:
  1. Create the certificates and store them in secrets;
  2. Mount secret to pods in .yaml file;
  3. Let HawkConsole and HawkAgent read the certificates from secrets.

Issue/Introduction

How to configure GPRC with TLS in redtail

Environment

Cloud, K8S, kubernetes

Resolution

  • Download the script in attachment, edit it as needed;
  • Run this script to generate the certificates and .yaml;
  • Deploy the redtail-secrets-grpc.yaml to create the secrets;
  • Edit redtail_hkceagent.yaml and redtail_console.yaml in text editor, set "grpc_enable_tls" to "true" . And appended the lines below:
(also see the example in redtail_console.yaml attached)
          volumeMounts:
            - name: redtail-secret-volume
              mountPath: /redtail/tls-grpc/
              readOnly: true
      volumes: 
       - name: redtail-secret-volume
         secret:
           secretName: redtail-secrets-grpc
  • Redeploy redtail_hkceagent.yaml and redtail_console.yaml 
For Hawkagent running on premises:
  • Copy the certificates generated above to the machine where hawkagent is running
  • Edit hawkagent.cfg, configure grpc properties below:
-grpc_session grpc_svc_external_url:port
-grpc_enable_tls true
-grpc_server_ca  /full/path/grpc_certs/ca.crt
-grpc_server_hostname mytestgrpc
-grpc_client_certificate /full/path/grpc_certs/client.crt
-grpc_client_key /full/path/grpc_certs/client.pem
  • Start the hawkagent, register this domain in HawkConsole. You should be able to see this domain from HawkConsole.

Attachments

How to configure GPRC with TLS in redtail get_app
How to configure GPRC with TLS in redtail get_app
How to configure GPRC with TLS in redtail get_app