Creating an ingress certificate secret

An ingress certificate secret is a secret that holds Transport Layer Security (TLS) certificate to be used as identity for ingress or routes. The ingress or route URL presents the TLS certificate to the clients.

About this task

You can either create your own ingress certificate secret by obtaining the ingress certificate from the host where your application is exposed or by using the CertificateManager custom resource.

Important: All the required secrets including ingress certificate secret, JWT issuer secret must be created in the same namespace where the Operator is installed.

Procedure

Create an ingress certificate secret, by using any of the following ways.
Using your own certificate:
- Create a secret by adding the TLS certificate as shown in the following example, <ingress_cert_secret>.yaml.
```
kind: Secret
apiVersion: v1
metadata:
  name: sample-oms
  namespace: <sip_installation_namespace>
data:
  tls.crt: >-
    <tls.crt>
  tls.key: >-
    <provide_the_private_key>
  tls.p12: >-
    <provide_p12_format_of the trustore>
  tls.p12.password: <password_for_truststore>
type: kubernetes.io/tls
```
Using CertificateManager:
- You can use this custom resource to generate a certificate for Ingress so that Sterling Intelligent Promising can be exposed on https at your custom domain.
- Configure the CertificateManager YAML with the following host name. For more information on complete YAML example, see CertificateManager custom resource parameters.
```
hostName: 'sipservice-<namespace>.<ingress host>' or <'*.<ingress_host>'>
```
- Ensure that the <ingress_host> in hostName matches with the ingress.host that is configured in common parameter of the SIPEnvironment.
Note: The certificate generated by the Operator is self-signed and is not advisable to use for production purposes.
Run the <ingress_cert_secret>.yaml or <ingress_certificate_manager>.yaml to create an ingress certificate secret.
```
oc create -f <file_name>.yaml -n <sip_installation_namespace>
```