Using custom TLS certificate

You can change the TLS certificate that is used by Data Cataloging for serving web pages and the REST API endpoints.

About this task

Follow the procedure to use a custom TLS certificate:

Procedure

  1. Create a secret for your TLS certificate within the same namespaceas the one used for deploying Data Cataloging on OpenShift® that is "spectrum-discover".
    Note: You can use any name for the secret. The following example uses my-tls-secret as the secret name.
    oc create secret tls my-tls-secret --key ${KEY_FILE} --cert ${CERT_FILE} -n ibm-data-cataloging
  2. Modify the Data Cataloging custom resource and specify the following ingress settings:
    oc edit SpectrumDiscover spectrumdiscover -n ibm-data-cataloging
  3. Update the "host" and "tls_secret_name" in the relevant ingress section.
    ingress:
        host: spectrum-discover.ibm.com
        tls_secret_name: my-tls-secret
    Note: The "ingress.host" setting must match the fully qualified domain name as specified in the TLS certificate. This domain name is the hostname that the ingress binds to.
  4. Save the custom resource.
    Note: The operator takes a while to go through all components and update them with the new settings. Issue the following command to check the operator log for monitoring its progress.
    oc logs $(oc get po -l name=spectrum-discover-operator -n ibm-data-cataloging -o name) -n ibm-data-cataloging -c operator --follow
    • The log displays "PLAY RECAP" on completing the update.
    • Enter ctrl+c to stop following the log.