IBM
watsonx.data™ needs a valid
signer certificate to establish a connection with the object stores secured with
https.
Procedure
- Import the certificate from the object store server.
export STORE_ENDPOINT=<endpoint>:<port number>
export CERT=$(echo QUIT | openssl s_client -showcerts -connect $STORE_ENDPOINT | awk '/-----BEGIN CERTIFICATE-----/ {p=1}; p; /-----END CERTIFICATE-----/ {p=0}' | awk '{printf "%s\\n", $0}')
- Patch the watsonx.data service
instance with the new certificate.
Warning: Updating the watsonx.data truststore is a disruptive action.
Updating the truststore causes the watsonx.data pods, including engines performing
workloads to restart. To minimize the impact, it is recommended to wait for any long-running
workloads to complete before updating the truststore.
oc patch wxd/lakehouse --type=merge -n ${PROJECT_CPD_INST_OPERANDS} -p "{ \"spec\": {
\"update_ca_certs\": true,
\"extra_ca_certs_secret\": \"$CERT\"
} }"
- Wait for the pods to restart with the updated truststore.
Note: If you restart the pods in ibm-cert-manager or the entire cluster, patch the
watsonx.data service instance with the
new certificate again and wait for the pods to restart with the updated truststore.