diff --git a/modules/manage/pages/kubernetes/security/tls/k-cert-manager.adoc b/modules/manage/pages/kubernetes/security/tls/k-cert-manager.adoc index e962e10b59..d76e1601b8 100644 --- a/modules/manage/pages/kubernetes/security/tls/k-cert-manager.adoc +++ b/modules/manage/pages/kubernetes/security/tls/k-cert-manager.adoc @@ -4,11 +4,11 @@ :page-categories: Management, Security :env-kubernetes: true -When using glossterm:cert-manager[] for TLS certificate management, you have the option to use a self-signed certificate or a certificate signed by a trusted certificate authority (CA). This topic provides instructions for each option. +When using glossterm:cert-manager[] for TLS certificate management, you can use a self-signed certificate or a certificate signed by a trusted certificate authority (CA). This topic provides instructions for each option. Redpanda supports both TLS and mTLS: -- TLS, previously SSL, provides encryption for client-server communication. A server certificate prevents third parties from accessing data transferred between the client and server. +- TLS, previously SSL, provides encryption for client-server communication. A server certificate prevents third parties from accessing data transferred between the client and the server. - mTLS, or mutual TLS, is a protocol that authenticates both the server and the client. In addition to the server certificate required in TLS, mTLS also requires the client to give a certificate. mTLS is useful for environments that require additional security and only have a small number of verified clients. @@ -44,7 +44,7 @@ By default, the Redpanda Helm chart uses cert-manager to generate four Certifica |=== -For each Certificate resource, a corresponding Secret resource exists, which contains the TLS files. +A corresponding Secret resource exists for each Certificate resource. The Secret contains the TLS files. Having separate self-signed certificates for internal and external connections provides security isolation. If an external certificate or its corresponding private key is compromised, @@ -271,7 +271,7 @@ Helm:: tls: enabled: true certs: - default: + external: issuerRef: name: kind: @@ -290,9 +290,9 @@ helm upgrade --install redpanda redpanda/redpanda --namespace --crea ```bash helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ --set tls.enabled=true \ - --set tls.certs.default.issuerRef.name= \ - --set tls.certs.default.issuerRef.kind= \ - --set tls.certs.default.caEnabled=false \ + --set tls.certs.external.issuerRef.name= \ + --set tls.certs.external.issuerRef.kind= \ + --set tls.certs.external.caEnabled=false \ --set external.domain= ``` ==== @@ -438,4 +438,4 @@ include::shared:partial$suggested-reading.adoc[] * https://killercoda.com/redpanda/scenario/redpanda-k8s-secure[Securing Redpanda in Kubernetes (Day 2 Ops)^] * xref:reference:k-redpanda-helm-spec.adoc#external[Redpanda Helm Specification] -* xref:reference:k-crd.adoc[Redpanda CRD Reference] \ No newline at end of file +* xref:reference:k-crd.adoc[Redpanda CRD Reference]