Learn how to configure Secure Sockets Layer (SSL) communications from IBM®
Tivoli®
Netcool®/Impact on
Red Hat®
OpenShift® Container Platform.
About this task
For more information about enabling SSL communications from an on-premises deployment of
Netcool/Impact,
see Enabling SSL connections with external servers
.To enable SSL communications from a Netcool Operations Insight® on OpenShift deployment, complete
the following steps:
Procedure
- Create the configmap in either of the following ways:
- Add your external certificate to the YAML file:
vi <release-name>-nciserver-external-cacerts.yaml
The following example shows that the external certificate is added to the YAML
file:
Note: You must indent the certificate in the YAML file.
apiVersion: v1
kind: ConfigMap
metadata:
name: <release-name>-nciserver-external-cacerts
data:
file.crt: |
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIJAMWULciaKp4bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
..
WkUE81/qflUaSOVZRneo3xvkmYNfiYBkpw==
-----END CERTIFICATE-----
In this example,
<release-name> is
your deployed release name.
Next, generate the configmap from the YAML file by running the kubectl create
command:
kubectl create -f <release-name>-nciserver-external-cacerts.yaml
- Another way to create the configmap is to create it from the certificate:
kubectl create configmap <release-name>-nciserver-external-cacerts --from-file=./cert.pem
- Add the
nciserver
property to the noi cr YAML file
under the spec
field:
spec:
helmValuesNOI:
nciserver.importNCICACerts.enabled: true
- You can edit the noi cr YAML file in either of the following
ways:
- Edit from the command line:
- Or edit the deployment from Red Hat
OpenShift Container Platform with the Operator
Lifecycle Manager (OLM) console. Go to
. Then, click your NOI
deployment and the YAML tab to edit and save the YAML
file.
Your changes are auto-deployed.
- Delete the
noi-operator
pod with the kubectl delete
command:
- Get the
noi-operator
pod name:
oc get pod | grep operator
- Delete the
noi-operator
pod:
kubectl delete pod <noi-operator pod name>
Restarting the noi-operator
pod triggers the related pods,
such as the nciserver
pod, to restart. The Netcool/Impact core
server pod is restarted with the external certificates in the trust.jks file.
SSL communications from the Netcool/Impact core
server pod are enabled.