TLS Certificates

To create new certificates or rotate existing ones or to fix an invalid or rename your TLS secret, refer to the sections below.

New or Rotating Certificates

Note: If you are renewing the TLS certificates, you must first delete the existing Kubernetes secret before continuing.
$ kubectl delete secret datainsightcerts

If you have TLS certificates, you may load them into Kubernetes as a secret and configure SevOne Data Insight to utilize them.

  1. Using a text editor of your choice, edit /opt/SevOne/chartconfs/di_custom.yaml file to enable TLS certificates and then, save it.
    Important: If /opt/SevOne/chartconfs/di_custom.yaml file does not exist, please create one and add the following to it.

    Enable the certificates

    Important: Please make sure to copy and paste the configuration below as-is in /opt/SevOne/chartconfs/di_custom.yaml file. Spacing is very important and it must match when copied into /opt/SevOne/chartconfs/di_custom.yaml file.
    ingress:
      hosts:
      - "di.customer.com"
      tls:
      - secretName: datainsightcerts
        hosts:
        - "di.customer.com"
  2. Load your TLS certificates as a Kubernetes secret.
    $ ls /home/sevone/tls
        tls.crt  tls.key
    
    $ kubectl create secret tls datainsightcerts \
    --key /home/sevone/tls/tls.key \
    --cert /home/sevone/tls/tls.crt
  3. Apply the change made to /opt/SevOne/chartconfs/di_custom.yaml file.
    $ sevone-cli playbook up --tags apps

Fix an Invalid TLS Secret Name

SevOne Data Insight expects the TLS certificate secret to be specifically named datainsightcerts.

If you find that your secret is named something else, please rename it to the expected name to avoid any issues.

Find your Config File

SevOne Data Insight Version Config File Location
SDI 3.4.x and below /opt/datainsight/values-override.yaml
SDI 3.5.x and above /opt/SevOne/chartconfs/di_custom.yaml

Find your Secret Name

  1. In the config file, TLS secret name will be present in the location <SECRET_NAME>.
    Important: Please make sure to copy and paste the configuration below as-is in the configuration file location (for SDI 3.4.x and below, in /opt/datainsight/values-override.yaml file and for SDI 3.5.x and above, in /opt/SevOne/chartconfs/di_custom.yaml file). Spacing is very important and it must match when copied into the appropriate configuration file.
    ingress:
      hosts:
      - "di.customer.com"
      tls:
      - secretName: <SECRET_NAME>
        hosts:
        - "di.customer.com"

    If <SECRET_NAME> is datainsightcerts, you are all set and you do not need to perform any other steps. If it does not say datainsightcerts, proceed to the next section, Rename your Secret.

Rename your Secret

  1. Copy the existing certificates to a file.

    Example

    $ kubectl get secret <SECRET_NAME> -o yaml > datainsightcerts.yaml
  2. Replace all instances of <SECRET_NAME> with datainsightcerts.

    Example

    $ sed -i 's/<SECRET_NAME>/datainsightcerts/g' datainsightcerts.yaml
  3. Add your new secret to Kubernetes.

    Example

    $ kubectl apply -f datainsightcerts.yaml