TLS Certificates
To create new certificates or rotate existing ones or to fix an invalid or rename your TLS secret, refer to the sections below.
New or Rotating Certificates
Note: If you are renewing the TLS certificates, you must first delete the existing Kubernetes
secret before continuing.
$ kubectl delete secret datainsightcerts
If you have TLS certificates, you may load them into Kubernetes as a secret and configure SevOne Data Insight to utilize them.
- Using a text editor of your choice, edit /opt/SevOne/chartconfs/di_custom.yaml file to
enable TLS certificates and then, save it.Important: If /opt/SevOne/chartconfs/di_custom.yaml file does not exist, please create one and add the following to it.
Enable the certificates
Important: Please make sure to copy and paste the configuration below as-is in /opt/SevOne/chartconfs/di_custom.yaml file. Spacing is very important and it must match when copied into /opt/SevOne/chartconfs/di_custom.yaml file.ingress: hosts: - "di.customer.com" tls: - secretName: datainsightcerts hosts: - "di.customer.com"
- Load your TLS certificates as a Kubernetes
secret.
$ ls /home/sevone/tls tls.crt tls.key $ kubectl create secret tls datainsightcerts \ --key /home/sevone/tls/tls.key \ --cert /home/sevone/tls/tls.crt
- Apply the change made to /opt/SevOne/chartconfs/di_custom.yaml
file.
$ sevone-cli playbook up --tags apps
Fix an Invalid TLS Secret Name
SevOne Data Insight expects the TLS certificate secret to be specifically named datainsightcerts.
If you find that your secret is named something else, please rename it to the expected name to avoid any issues.
Find your Config File
SevOne Data Insight Version | Config File Location |
---|---|
SDI 3.4.x and below | /opt/datainsight/values-override.yaml |
SDI 3.5.x and above | /opt/SevOne/chartconfs/di_custom.yaml |
Find your Secret Name
- In the config file, TLS secret name will be present in the location
<SECRET_NAME>.Important: Please make sure to copy and paste the configuration below as-is in the configuration file location (for SDI 3.4.x and below, in /opt/datainsight/values-override.yaml file and for SDI 3.5.x and above, in /opt/SevOne/chartconfs/di_custom.yaml file). Spacing is very important and it must match when copied into the appropriate configuration file.
ingress: hosts: - "di.customer.com" tls: - secretName: <SECRET_NAME> hosts: - "di.customer.com"
If <SECRET_NAME> is datainsightcerts, you are all set and you do not need to perform any other steps. If it does not say datainsightcerts, proceed to the next section, Rename your Secret.
Rename your Secret
- Copy the existing certificates to a file.
Example
$ kubectl get secret <SECRET_NAME> -o yaml > datainsightcerts.yaml
- Replace all instances of <SECRET_NAME> with datainsightcerts.
Example
$ sed -i 's/<SECRET_NAME>/datainsightcerts/g' datainsightcerts.yaml
- Add your new secret to Kubernetes.
Example
$ kubectl apply -f datainsightcerts.yaml