finish standalone

Signed-off-by: Neaj Morshad <[email protected]>

docs/examples/mssqlserver/tls/issuer.yaml

@@ -1,8 +1,8 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
- name: redis-ca-issuer
+ name: mssqlserver-ca-issuer
  namespace: demo
 spec:
  ca:
- secretName: redis-ca
+ secretName: mssqlserver-ca

docs/examples/mssqlserver/tls/rd-standalone-ssl.yaml → docs/examples/mssqlserver/tls/mssql-standalone-tls.yaml

@@ -1,19 +1,23 @@
-apiVersion: kubedb.com/v1
-kind: Redis
+apiVersion: kubedb.com/v1alpha2
+kind: MSSQLServer
 metadata:
- name: rd-tls
+ name: mssql-standalone-tls
  namespace: demo
 spec:
- version: "6.2.14"
+ version: "2022-cu12"
+ replicas: 1
+ storageType: Durable
  tls:
  issuerRef:
- apiGroup: "cert-manager.io"
+ name: mssqlserver-ca-issuer
  kind: Issuer
- name: redis-ca-issuer
+ apiGroup: "cert-manager.io"
+ clientTLS: true
  storage:
  storageClassName: "standard"
  accessModes:
  - ReadWriteOnce
  resources:
  requests:
  storage: 1Gi
+ deletionPolicy: WipeOut

docs/guides/mssqlserver/tls/ag_cluster.md

@@ -1,20 +1,20 @@
 ---
-title: MSSQLServer Sentinel TLS/SSL Encryption
+title: SQL Server Availability Group TLS/SSL Encryption
 menu:
  docs_{{ .version }}:
- identifier: ms-tls-sentinel
- name: Sentinel
+ identifier: ms-tls-availability-group
+ name: Availability Group (HA Cluster)
  parent: ms-tls
- weight: 20
+ weight: 30
 menu_name: docs_{{ .version }}
 section_menu_id: guides
 ---
 
 > New to KubeDB? Please start [here](/docs/README.md).
 
-# Run SQL Server with TLS/SSL Encryption
+# Run SQL Server Availability Group with TLS/SSL Encryption
 
-KubeDB supports providing TLS/SSL encryption for MSSQLServer. This tutorial will show you how to use KubeDB to run a MSSQLServer database with TLS/SSL encryption.
+KubeDB supports providing TLS/SSL encryption for MSSQLServer. This tutorial will show you how to use KubeDB to run a MSSQLServer with TLS/SSL encryption.
 
 ## Before You Begin
 
@@ -24,58 +24,70 @@ KubeDB supports providing TLS/SSL encryption for MSSQLServer. This tutorial will
 
 - Now, install KubeDB cli on your workstation and KubeDB operator in your cluster following the steps [here](/docs/setup/README.md).
 
+- Install [csi-driver-cacerts](https://github.com/kubeops/csi-driver-cacerts) which will be used to add self-signed ca certificates to the OS trusted certificate store (eg, /etc/ssl/certs/ca-certificates.crt)
+
 - To keep things isolated, this tutorial uses a separate namespace called `demo` throughout this tutorial.
 
  ```bash
  $ kubectl create ns demo
  namespace/demo created
  ```
 
-> Note: YAML files used in this tutorial are stored in [docs/examples/mssqlserver](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/mssqlserver) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs).
+> Note: YAML files used in this tutorial are stored in [docs/examples/mssqlserver/tls](https://github.com/kubedb/docs/tree/{{< param "info.version" >}}/docs/examples/mssqlserver/tls) folder in GitHub repository [kubedb/docs](https://github.com/kubedb/docs).
 
 ## Overview
 
-KubeDB uses following crd fields to enable SSL/TLS encryption in MSSQLServer and MSSQLServerSentinel.
+KubeDB uses following crd fields to enable SSL/TLS encryption in MSSQLServer.
 
 - `spec:`
  - `tls:`
  - `issuerRef`
- - `certificate`
+ - `certificates`
+ - `clientTLS`
+
+
+- `issuerRef` is a reference to the `Issuer` or `ClusterIssuer` CR of [cert-manager](https://cert-manager.io/docs/concepts/issuer/) that will be used by `KubeDB` to generate necessary certificates.
 
-There are two basic things to keep in mind when securing MSSQLServer using TLS in Sentinel Mode.
+ - `apiGroup` is the group name of the resource that is being referenced. Currently, the only supported value is `cert-manager.io`.
+ - `kind` is the type of resource that is being referenced. KubeDB supports both `Issuer` and `ClusterIssuer` as values for this field.
+ - `name` is the name of the resource (`Issuer` or `ClusterIssuer`) being referenced.
 
-- Either Sentinel instance and MSSQLServer database both should have TLS enabled or both have TLS disabled.
+- `clientTLS` This setting determines whether TLS (Transport Layer Security) is enabled for the MS SQL Server.
+ - If set to `true`, the sql server will be provisioned with `TLS`, and you will need to install the [csi-driver-cacerts](https://github.com/kubeops/csi-driver-cacerts) which will be used to add self-signed ca certificates to the OS trusted certificate store (/etc/ssl/certs/ca-certificates.crt).
+ - If set to `false`, TLS will not be enabled for SQL Server. However, the Issuer will still be used to configure a TLS-enabled WAL-G proxy server, which is necessary for performing SQL Server backup operations.
 
-- If TLS enabled, both Sentinel instance and MSSQLServer database should use the same `Issuer`. If they are in different namespace, in order to use same issuer, the certificates should be signed using `ClusterIssuer`
+- `certificates` (optional) are a list of certificates used to configure the server and/or client certificate.
+
+Read about the fields in details in [mssqlserver concept](/docs/guides/mssqlserver/concepts/mssqlserver.md).
 
-Read about the fields in details in [mssqlserver concept](/docs/guides/mssqlserver/concepts/mssqlserver.md) and [mssqlserversentinel concept](/docs/guides/mssqlserver/concepts/mssqlserversentinel.md)
 
 ## Create Issuer/ ClusterIssuer
 
-We are going to create an example `ClusterIssuer` that will be used throughout the duration of this tutorial to enable SSL/TLS in MSSQLServer. Alternatively, you can follow this [cert-manager tutorial](https://cert-manager.io/docs/configuration/ca/) to create your own `ClusterIssuer`.
+We are going to create an example `Issuer` that will be used throughout the duration of this tutorial to enable SSL/TLS in MSSQLServer. Alternatively, you can follow this [cert-manager tutorial](https://cert-manager.io/docs/configuration/ca/) to create your own `Issuer`.
 
-- Start off by generating you can certificate using openssl.
+- Start off by generating you CA certificates using openssl.
 
 ```bash
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./ca.key -out ./ca.crt -subj "/CN=mssqlserver/O=kubedb"
 ```
 
-- Now create a ca-secret using the certificate files you have just generated. The secret should be created in `cert-manager` namespace to create the `ClusterIssuer`.
+- Now create a ca-secret using the certificate files you have just generated.
 
 ```bash
-$ kubectl create secret tls mssqlserver-ca \
+kubectl create secret tls mssqlserver-ca \
  --cert=ca.crt \
  --key=ca.key \
- --namespace=cert-manager
+ --namespace=demo
 ```
 
-Now, create an `ClusterIssuer` using the `ca-secret` you have just created. The `YAML` file looks like this:
+Now, create an `Issuer` using the `ca-secret` you have just created. The `YAML` file looks like this:
 
 ```yaml
 apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+kind: Issuer
 metadata:
  name: mssqlserver-ca-issuer
+ namespace: demo
 spec:
  ca:
  secretName: mssqlserver-ca
@@ -84,16 +96,16 @@ spec:
 Apply the `YAML` file:
 
 ```bash
-$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/mssqlserver/tls/clusterissuer.yaml
-clusterissuer.cert-manager.io/mssqlserver-ca-issuer created
+$ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/mssqlserver/tls/issuer.yaml
+issuer.cert-manager.io/mssqlserver-ca-issuer created
 ```
 
-## TLS/SSL encryption in Sentinel
+## TLS/SSL encryption in SQL Server Availability Group
 
-Below is the YAML for MSSQLServer  in Sentinel Mode.
+Below is the YAML for MSSQLServer in Availability Group Mode.
 ```yaml
 apiVersion: kubedb.com/v1
-kind: MSSQLServerSentinel
+kind: MSSQLServerAvailability Group
 metadata:
  name: sen-tls
  namespace: demo
@@ -114,7 +126,7 @@ spec:
  storage: 1Gi
 ```
 
-### Deploy MSSQLServer in Sentinel Mode
+### Deploy MSSQLServer in Availability Group Mode
 
 ```bash
 $ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/mssqlserver/tls/sentinel-ssl.yaml
@@ -130,7 +142,7 @@ NAME VERSION STATUS AGE
 sen-tls 6.2.14 Ready 111s
 ```
 
-### Verify TLS/SSL in MSSQLServer in Sentinel Mode
+### Verify TLS/SSL in MSSQLServer in Availability Group Mode
 
 Now, connect to this database by exec into a pod and verify if `tls` has been set up as intended.
 
@@ -160,9 +172,9 @@ tls.crt: 1127 bytes
 tls.key: 1675 bytes
 ```
 
-## TLS/SSL encryption in MSSQLServer in Sentinel Mode
+## TLS/SSL encryption in MSSQLServer in Availability Group Mode
 
-Below is the YAML for MSSQLServer in Sentinel Mode.
+Below is the YAML for MSSQLServer in Availability Group Mode.
 ```yaml
 apiVersion: kubedb.com/v1
 kind: MSSQLServer
@@ -171,7 +183,7 @@ metadata:
  namespace: demo
 spec:
  version: "6.2.14"
- mode: Sentinel
+ mode: Availability Group
  replicas: 3
  sentinelRef:
  name: sen-tls
@@ -190,7 +202,7 @@ spec:
  storage: 1Gi
 ```
 
-### Deploy MSSQLServer in Sentinel Mode
+### Deploy MSSQLServer in Availability Group Mode
 
 ```bash
 $ kubectl create -f https://github.com/kubedb/docs/raw/{{< param "info.version" >}}/docs/examples/mssqlserver/tls/ms-sentinel.yaml
@@ -206,7 +218,7 @@ NAME VERSION STATUS AGE
 ms-tls 6.2.14 Ready 2m14s
 ```
 
-### Verify TLS/SSL in MSSQLServer in Sentinel Mode
+### Verify TLS/SSL in MSSQLServer in Availability Group Mode
 
 Now, connect to this database by exec into a pod and verify if `tls` has been set up as intended.