Creating the object-store CA certificates
Configure your analytics subsystem to trust your object-store.
If your object-store presents a self-signed public server certificate, create a Kubernetes secret that contains the certificate, and specify the secret in your analytics CR.
- Create a file called
ca.crtthat contains your object-store public server certificate.Note: If the certificate includes intermediate certificates, then provide the entire chain in theca.crtfile, for example:
where the first certificate in theintermediate-certificate-1 intermediate-certificate-2 . . . intermediate-certificate-n root-certificateca.crt(intermediate-certificate-1) is the issuer of the object-store server certificate, and each subsequent certificate is the issuer of the preceding certificate. - Run the following command to create a Kubernetes secret from the certificate
file:
kubectl create secret generic analytics-custom-objstore-server-ca --from-file=ca.crt=/path/to/cert.crt - Specify your new secret in your analytics CR:
databaseBackup: ... backupCerts: analytics-custom-objstore-server-ca ... - Take a backup of the
analytics-custom-objstore-server-casecret object:kubectl get secret analytics-custom-objstore-server-ca -o yaml > analytics-custom-objstore-server-ca.yamlKeep the generated analytics-custom-objstore-server-ca.yaml with your infrastructure backup.