...
Excerpt | ||||||
---|---|---|---|---|---|---|
| ||||||
TLS
It is recommended to install Usage Engine Private Edition with TLS enabled, and there are two different ways of providing the required certificate:
Here follows an explanation of the preparations required for each of the two. |
Excerpt | |||
---|---|---|---|
| |||
cert-managerThe most automated and secure way to provide the certificate is to use https://cert-manager.io/ . If it is not already installed in your Kubernetes cluster, follow these instructions on how to install the cert-manager https://cert-manager.io/docs/installation/helm/ chart. Make sure to install a version that is listed in the Compatibility Matrix. Info | Please ensure Cert-manager CRD resources are installed prior to Cert-manager installation. Helm install command assumes service account for Cert-manager already exists.
Service Account name set to http://metadata.name under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section |
Excerpt | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
Cert-manager must be backed by a certificate authority (CA) to sign the certificates. Once configured with a CA, cert-manager will automatically sign and renew certificates for the system as needed. Configuring cert-manager with a CA is done by creating an Refer to https://cert-manager.io/docs/configuration/ for a all the details. It’s also possible to use an issuer specifiction that will issue a self-signed certificate:
Note that this is only recommended for testing purposes and not in production. Regardless of the chosen issuer specification, to create the issuer, simply put the specification in a yaml file (here we call it
Based on the example above the created
|
...