V2018 upgrade: List of certificates to update manually
If you upgraded to API Connect V10 from V2018, some external certificates are carried over from the V2018 deployment and are not managed by cert-manager. When you update any of the retained certificates, you must restart the affected pods manually.
Ingress (front-end) certificates
Table 1 presents a list of the ingress certificates that were carried forward when you upgraded from V2018, and the pods that you must restart when you update each certificate.
If multiple Portal web ingress endpoints have been configured, then the certificates for those additional endpoints must be updated manually as well.
Certificate and Secret | Pods |
---|---|
client-tls-xxxxxxxxxx |
|
ingestion-tls-xxxxxxx |
|
platform-api-tls-xxxxxxx |
N/A |
api-manager-tls-xxxxxxxx |
N/A |
cloud-manager-tls-xxxxxx |
N/A |
consumer-api-tls-xxxxxxx |
N/A |
v5GwName-datapower-admin-credentials |
N/A |
v5GwName-apic-gateway-peering-tls |
N/A |
v5GwName-apic-gateway-service-tls |
N/A |
v6GwName-datapower-admin-credentials |
N/A |
v6GwName-apic-gateway-peering-tls |
N/A |
v6GwName-apic-gateway-service-tls |
N/A |
portal-uuid-admin |
|
www-tls-xxxxxxxxxxxxxx |
N/A |
Subsystem communication certificates
Table 2 presents a list of the subsystem communication certificates that were carried forward when you upgraded from V2018, and the pods that you must restart when you update each certificate.
Usage | Certificate and Secret | Pods |
---|---|---|
client | managementUpgradeName-analytics-ingestion-client |
|
client | managementUpgradeName-portal-admin |
|
client | gw-apic-gateway-service-tls |
|
clientserver | gw-apic-gateway-peering-tls |
|
Database encryption key
The database encryption key is carried forward from V2018, and uses the name:
managementUpgradeName-encryption-secret
. You can update the
value of this secret as explained in Changing the database encryption key.