Configuring SSL for helm
The following section is added for testing purposes and is not recommended for the production environment. Currently, ingress is configured with SSL only for authorization service as a backend.
- Procedure
- To create a root certificate, run the following command:
openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -subj "/CN=test/O=TIBCO" -keyout lab-caroot.key -out lab-caroot.crt
- To create CSR for a service certificate, run the following command:
openssl req -out om-auth.csr -newkey rsa:2048 -nodes -keyout om-auth.key -subj "/CN = om-auth.test / O=auth-svc organization"
- To sign the certificate with the root CA, run the following command:
openssl x509 -req -days 365 -CA lab-caroot.crt -CAkey lab-caroot.key -set_serial 0 -in om-auth.csr -out om-auth.crt
- To create K8s secret, run the following command:
kubectl create secret tls tls-om-auth --key=om-auth.key --cert=om-auth.crt
- Add the secrets in the auth ingress yaml file:
```yaml tls: - hosts: - om-auth.test # This should match a DNS name in the Certificate secretName: tls-om-auth # This should match the Certificate secretName ```