V2018 upgrade: List of certificates to update manually

If you upgraded to API Connect V10 from V2018, some external certificates are carried over from the V2018 deployment and are not managed by cert-manager. When you update any of the retained certificates, you must restart the affected pods manually.

Ingress (front-end) certificates

Table 1 presents a list of the ingress certificates that were carried forward when you upgraded from V2018, and the pods that you must restart when you update each certificate.

If multiple Portal web ingress endpoints have been configured, then the certificates for those additional endpoints must be updated manually as well.

Table 1. V2018 ingress certificates and affected pods
Certificate and Secret Pods
client-tls-xxxxxxxxxx
  • analytics-mtls-gw-hashed-suffix
ingestion-tls-xxxxxxx
  • analytics-mtls-gw-hashed-suffix
platform-api-tls-xxxxxxx N/A
api-manager-tls-xxxxxxxx N/A
cloud-manager-tls-xxxxxx N/A
consumer-api-tls-xxxxxxx N/A
v5GwName-datapower-admin-credentials N/A
v5GwName-apic-gateway-peering-tls N/A
v5GwName-apic-gateway-service-tls N/A
v6GwName-datapower-admin-credentials N/A
v6GwName-apic-gateway-peering-tls N/A
v6GwName-apic-gateway-service-tls N/A
portal-uuid-admin
  • portal-nginx
www-tls-xxxxxxxxxxxxxx N/A

Subsystem communication certificates

Table 2 presents a list of the subsystem communication certificates that were carried forward when you upgraded from V2018, and the pods that you must restart when you update each certificate.

Table 2. V2018 subsystem communication certificates and affected pods
Usage Certificate and Secret Pods
client managementUpgradeName-analytics-ingestion-client
  • management-apim
  • management-taskmanager
  • gateway (via webhook, no restart needed)
client managementUpgradeName-portal-admin
  • management-apim
  • management-taskmanager
  • management-portal-proxy
client gw-apic-gateway-service-tls
  • gwv6
  • gwv5
clientserver gw-apic-gateway-peering-tls
  • gwv6 (redis)
  • gwv5 (redis)

Database encryption key

The database encryption key is carried forward from V2018, and uses the name: managementUpgradeName-encryption-secret. You can update the value of this secret as explained in Changing the database encryption key.