Providing the root CA certificate
All deployments of the Cloud Pak by default have a self-signed certificate that is signed by a common root CA certificate. You can use this root CA that is generated by the operator, or provide your own root CA signer certificate.
About this task
If the root_ca_secret secret does not have a value or does not exist, the operator generates the secret with a self-signed root CA signer certificate. If your policy requires certificates that are signed by a recognized certificate authority, you can provide your own root CA.
To use your own root CA certificate, obtain or prepare the CA certificate and create a secret for it before you deploy your custom resource. If you have multiple deployments and you want to use the same root CA, copy the secret and use the same certificates in each deployment in separate namespaces.
AutomationUIConfig
instance manually to override the default configuration for the
Platform UI (or Zen UI). For more information, see AutomationUIConfig.When you enter your parameter values in the custom resource .yaml file, you provide the name of this secret as the value for the root_ca_secret parameter in the shared configuration section.
If you want to use your own root CA certificate, use the following steps to add it to the operator.
Procedure
What to do next
When your certificates expire, you must take the following actions to renew the secrets:
- Update or re-create the secret with the updated certificate.
- Restart the corresponding pods that are associated with the secret.