Sysdig Documentation

Securing Cassandra

Use these instructions to enable authentication and TLS on Cassandra.

Tip

This feature is available for Sysdig on-prem v2.3.0 or later.

Prerequisite

Install the Sysdig Platform following the Kubernetes installation steps, version 2.3.0 or later, OR upgrade to version 2.3.0 or later.

Warning

If your Sysdig installation is in production, enabling Cassandra authentication and SSL will require downtime. Be sure to schedule a maintenance window in advance.

Enable Authentication and TLS

Step 1: Create a local copy of the current sysdigcloud-config configmap

Write the current configmap configuration to a local file so you can edit it and subsequently apply the changes (step 4).

NAMESPACE=sysdigcloud
kubectl -n $NAMESPACE get configmap sysdigcloud-config -o yaml > sysdigcloud-configmap.yaml

Step 2: Set authentication and SSL parameters to true

In sysdigcloud-configmap.yaml, set BOTH cassandra.secure and cassandra.ssl.enabled to true . The default values are false.(For this release, setting either to false will not enable auth or SSL).

cassandra.secure: "true"
cassandra.ssl.enabled: "true"

Step 3: Provide authentication credentials

In sysdigcloud-configmap .yaml, provide BOTH cassandra.user and cassandra.password.

cassandra.user: <username>
cassandra.password: <password>

Step 4: Apply the configuration changes

kubectl -n $NAMESPACE apply -f sysdigcloud-configmap.yaml

Step 5: Restart components

Restart Cassandra, API, collector, and worker pods:

kubectl -n $NAMESPACE delete pod -l role=cassandra
kubectl -n $NAMESPACE delete pod -l role=collector
kubectl -n $NAMESPACE delete pod -l role=api
kubectl -n $NAMESPACE delete pod -l role=worker