You can create a secret with a certificate for HTTPS operation using one of the following options:
Installation via the internet
Method 1. Use a certificate issued by a trusted CA
To create a secret with a certificate for HTTPS operation, you can either purchase a certificate issued by one of the trusted certificate authorities or use an existing one.
начало внимание
The secret with the certificate must be created in the same namespace in which the target application is running or will be installed, for which the certificate is being issued.
For the ELMA365 application, the standard namespace is elma365
.
For built-in databases the standard namespace is elma365-dbs
.
конец внимание
In the namespace with the target application, create a tls-type secret with the name elma365-onpremise-tls
by executing the command:
kubectl create secret tls elma365-onpremise-tls \
--cert=path/to/cert/file \
--key=path/to/key/file [-n namespace]
where:
--cert
is the path to the file with an open certificate of the .pem or .crt format;--key
is the path to the file with a private key.
Method 2. Use Let’s Encrypt certificate
For more information on issuing a certificate, refer to Create Let’s Encrypt certificate.
Installation without internet access
Method 1: Use a self-signed certificate or a certificate issued by a local CA
You can use an existing certificate issued by a local certificate authority or create a self-signed certificate using OpenSSL. For more information, refer to Create SSL certificates for TLS/SSL with OpenSSL.
начало внимание
The secret with the certificate must be created in the same namespace in which the target application is running or will be installed, for which the certificate is being issued.
For the ELMA365 application, the standard namespace is elma365
.
For built-in databases the standard namespace is elma365-dbs
.
конец внимание
In the namespace with the target application, create a tls-type secret with the name elma365-onpremise-tls
by executing the command:
kubectl create secret tls elma365-onpremise-tls \
--cert=path/to/cert/file \
--key=path/to/key/file [-n namespace]
where:
--cert
is the path to the file with an open certificate of the .pem or .crt format;--key
is the path to the file with a private key.
Configuring trust support for a user CA certificate issued by a local CA
If ELMA365 and embedded databases require support for trusting a user CA certificate, install the Kyverno add-on module. Kyverno allows automatically adding a volume containing custom CA certificates to containers with a specific label.
If trust support is only required for the ELMA365 application, it can be enabled in the ELMA365 helm chart. To learn more, see Enable network encryption (TLS) in ELMA365 Enterprise. To enablesupport in the helm-chart follow these steps:
|
In the namespace where the ELMA365 application is installed, create a ConfigMap from the CA certificate file with the name elma365-onpremise-ca
, by executing the command:
kubectl create configmap elma365-onpremise-ca \
--from-file=path/to/rootCA [-n namespace]
Method 2. Use a self-signed certificate with Cert-manager
For more information on issuing a certificate, refer to Create SSL certificates for TLS/SSL using Cert-manager.
Found a typo? Highlight the text, press ctrl + enter and notify us