Group A: Is one cluster, it has 3 namespaces that get XDR’d to Group B clusters.
Group B: Is several clusters, around the world. They have their own namespaces as well that never reach Group A at all. Some are only connected to their sibling. Yada yada.
Sometimes developers ask for read-only access to either group A or B. Sometimes specific namespaces.
Assigning the actual aerospike accounts is the easy part. Provisioning them access is less easy.
I’m assuming that opening port 4333 to just one aerospike node in a several node cluster does not work well given the way the protocol works? (Because if it did work, I’d just create a Virtual IP on our networking gear for each cluser as a way to easily turn access on and off if something bad were to happen)
Has there been any discussion on ways to provide non-admin humans fairly easy access ?
Hi @Jeff.MacDonald, could you provide a little more information about what you are trying to do? Are you talking about namespace specific access, or the actual connection to the cluster?
Our support team may be able to help you out with this as well. Thanks!
Using Access Control would allow your developers to use password based authentication, defined within the cluster and setup within a compatible client. Configuration information can be found here, as well as important caveats for using Access Control. This setup would not require TLS.
Otherwise, you could possibly enable TLS for a single node, but that may mess with the way the seed node returns cluster information to the client and how the client interacts with the rest of the cluster. For a setup like this, I would recommend reaching out to our support.