Update the TLS Certs for
DX Platform
Ingresses

This section describes the steps to update the TLS certificates.
dxp10
Perform the following steps to update the expired TLS certificates and keys that you defined in the Kubernetes secrets for the DX Platform ingresses.
Follow these steps:
  1. Navigate to the install directory.
    cd <install_dir>
  2. Navigate to the
    tls_certs
    folder.
    cd tls_certs
  3. Run the following command to create a secret.
    kubectl create secret <secret name> --key <key name> --cert <Certificate name> -n <namespace> For Example: kubectl create secret tls tls-secret2 --key tls.key --cert tls.crt -n dxi-0424
  4. Run the following command to verify if the secret is created.
    kubectl get secret <secret name> -n <namespace>
  5. Update all the ingresses in the namespace:
    chmod +x dxi_update_ingress_secret.sh # Help ./dxi_update_ingress_secret.sh -h # Update secret ./dxi_update_ingress_secret.sh -n=<namespace> -s=<new secret name> -o=<old secret name>
    For example,
    [[email protected] dxi-installer]# sh ./dxi_update_ingress_secret.sh -n=dxi-0424 -s=tls-secret -o=tls-secret-2 [VALIDATE] Checking if namespace dxi-0424 is present ... [VALIDATE] Tls is enabled in dxi installer [VALIDATE] Checking if New secret tls-secret is in the namespace dxi-0424 ... [VALIDATE] Checking if old secret tls-secret-2 is in the namespace dxi-0424 ... [INFO] Updating old tls secrets on all the ingresses in the namespace dxi-0424 ... [SUCCESS] ingress.extensions "apm-em-10-983529-tls" patched [SUCCESS] ingress.extensions "apm-em-12-897037-tls" patched [SUCCESS] ingress.extensions "apm-em-14-905885-tls" patched [SUCCESS] ingress.extensions "apm-em-16-914257-tls" patched [SUCCESS] ingress.extensions "apm-em-18-919323-tls" patched [SUCCESS] ingress.extensions "apmservices-cloudgw" patched [SUCCESS] ingress.extensions "apmservices-gateway" patched [SUCCESS] ingress.extensions "axaservices-adminui" patched [SUCCESS] ingress.extensions "axaservices-dxc" patched [SUCCESS] ingress.extensions "doi-adminui-ingress" patched [SUCCESS] ingress.extensions "doi-cpa-ingress" patched [SUCCESS] ingress.extensions "doi-genericapiconnector-ingress" patched [SUCCESS] ingress.extensions "doi-incidentmanagement-ingress" patched [SUCCESS] ingress.extensions "doi-integrationgateway-ingress" patched [SUCCESS] ingress.extensions "doi-kibana-ingress" patched [SUCCESS] ingress.extensions "doi-logcollector-ingress" patched [SUCCESS] ingress.extensions "doi-nim-ingress" patched [SUCCESS] ingress.extensions "doi-normalized-alarm-ingress" patched [SUCCESS] ingress.extensions "doi-servicemanagement-ingress" patched [SUCCESS] ingress.extensions "doi-tenantmanagement-ingress" patched [SUCCESS] ingress.extensions "jaf-clientnodemanager" patched [SUCCESS] ingress.extensions "jaf-namenode" patched [SUCCESS] ingress.extensions "jaf-resourcemanager1" patched [SUCCESS] ingress.extensions "jaf-resourcemanager2" patched [SUCCESS] ingress.extensions "jarvis-apis" patched [SUCCESS] ingress.extensions "jarvis-es" patched [SUCCESS] ingress.extensions "jarvis-ldds-web-ingress" patched [SUCCESS] ingress.extensions "ng-acc-configserver-ingress-8088" patched [SUCCESS] ingress.extensions "ng-acc-repository-ingress-8081" patched
  6. Verify if the ingresses are updated. Run the following command and check the secret path. The secret path should reflect the updated ingress.
    kubectl edit ingress <ingress_name>
    Alternatively, you can verify the SSL certificate through the browser.
  7. Confirm if the secretName field is updated.
    # This will list all ingresses in the dxi namespace. Choose anyone to check for the updated secret field. kubectl get ingress -n <dxi namespace> # Check if the field secretName is changed with your recently created secret. kubectl edit ingress <ingress name> -n <dxi namespace> For Example: kubectl edit ingress services-adminui -n dxi-0424 tls: - hosts: - adminui.10.175.21.95.nip.io secretName: tls-secret status: