Install certificate

A TLS certificate is required and needs to be installed in your Kubernetes cluster. Make sure that your TLS certificate is valid for the DNS entry you determined when verifying your prerequisites.

The following instructions will guide you through installing or updating the certificate in your Kubernetes cluster.

1. Install certificate

  1. Generate an encoded version of your certificate files.

    1. Generate a Base-64 encoded version of the certificate:

      • Linux:

        cat server.pem | base64 -w 0
      • macOS:

        cat server.pem | base64 | tr -d '\n'
    2. Generate a Base-64 encoded version of the key:

      • Linux:

        cat server-key.pem | base64 -w 0
      • macOS:

        cat server-key.pem | base64 | tr -d '\n'
  2. Create a certificate.yml file with the following content.

    apiVersion: v1
    kind: Secret
    metadata:
      name: saagie-common-tls
      namespace: saagie-common
    type: kubernetes.io/tls
    data:
      tls.crt: <encoded certificate> (1)
      tls.key: <encoded key> (2)
    1 Replace <encoded certificate> and
    2 <encoded key> with the values from your encoded files.
  3. Deploy your certificate.

    kubectl apply -f certificate.yml

2. Update certificate

If you are updating your certificate after Saagie has been installed, you will also need to restart the ingress controllers and verify that the new certificate is now being used.

  1. Restart the ingress controllers to take into account the new certificate.

    kubectl delete pod -n saagie-common -l "app.kubernetes.io/component=controller,app.kubernetes.io/instance=saagie-common,app.kubernetes.io/name=ingress-nginx"
  2. Verify that the new certificate is being used by running the following command, then checking the server certificate section of the output:

    curl -k -v -I "https://<prefix>-<suffix>.<domain>" (1)
    1 Replace <prefix>, <suffix>, and <domain> with the DNS entry components you determined when verifying your prerequisites.