Keywords: SSL certificate inventa
To enable https connections to the Inventa site, it is necessary to create a TLS secret in Kubernetes as outlined in the installation manual (see section 7.2 Create TLS Secret in Kubernetes)
kubectl create secret tls <name> --key <private-key-file> --cert <cert-file>
When this certificate expires, you will see a browser error showing that the certificate is no longer valid.
To renew the certificate, the following steps should be completed.
1) Obtain a new SSL certificate and copy it to the data factory client workstation
2) Check which secrets are currently available
# kubectl get secrets
NAME TYPE DATA AGE
default-token-vh59f kubernetes.io/service-account-token 3 90d
pki kubernetes.io/dockerconfigjson 1 90d
sh.helm.release.v1.sdf-ci.v1 helm.sh/release.v1 1 90d
sh.helm.release.v1.sdf-cs.v1 helm.sh/release.v1 1 90d
sh.helm.release.v1.sdf-cs.v2 helm.sh/release.v1 1 87d
sh.helm.release.v1.sdf-cs.v3 helm.sh/release.v1 1 87d
sh.helm.release.v1.sdf-es.v1 helm.sh/release.v1 1 90d
sh.helm.release.v1.sdf-logstash.v1 helm.sh/release.v1 1 90d
sh.helm.release.v1.sdf-spark-1.v1 helm.sh/release.v1 1 90d
sh.helm.release.v1.sia.v1 helm.sh/release.v1 1 87d
tlssecret kubernetes.io/tls 2 16h
The last line in this output shows our secret for implementing https connections (type kubernetes.io/tls)
3) Delete the expired secret
kubectl delete secret tlssecret
4) Add the secret again using the same name
kubectl create secret tls tlssecret --key private_key.key --cert inventa.pem
5) There is no need to restart any services, the new certificate should work immediately.
Comments
0 comments
Please sign in to leave a comment.