For an authoring or development environment, set up a connection to a Git server.
About this task
You set up the Git organization for Automation Document Processing after the operator deploys the
environment. However, you can configure a secure connection to the required Git server as part of
the operator deployment. You accomplish this step by importing a certificate from Git hub and
creating a secret that you can add to your CR YAML.
Procedure
If the root certificate authority (CA) key of the external service is not signed by the
operator root CA key, provide the TLS certificate of the external service to the component's
truststore.
The certificate includes the root CA key and the key of each component. If the external
service is not installed by the same custom resource, the root CA key of the service is not signed
by the operator root CA key. If the service is installed by the same custom resource, check the
documentation of the external service to see whether it uses the same root CA key.
-
Get the root CA that is used to sign your external service and save it to a certificate, for
example external-service-cert.crt.
See
OpenSSL for instructions to export the root CA of your external
service.
You can also download the certificate by clicking the lock icon in your browser address
bar. Navigate to the secure connection information to view and download the certificate to your
local system.
-
To create the secret, run the following command in the OpenShift project:
kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/external-service-cert.crt
Substitute your values for
secretName
and
your_cert_path/external-service-cert.crt
. The
certificate and key files must be in Privacy Enhanced Mail (PEM) format, and must start with
-----BEGIN CERTIFICATE-----
.
-
Add the secret to the component's truststore.
When you prepare your CR YAML, add the secret in the
shared_configuration.trusted_certificate_list
parameter if you want this service to
be trusted by all components installed by the operator.
For example:
shared_configuration:
…
trusted_certificate_list: [adw-tls-secret, baw-tls-secret, git-tls-secret]
This
variable is an array and multiple values can be provided by separating them with a comma as shown in
the example.
What to do next
To prepare your environment for other components from other patterns or capabilities, see Preparing for other components.