How can I enable HTTPS for the REST and Okera Portal for a running ODAS cluster?
Note: The contents of this FAQ may be outdated. Please refer to the Okera documentation here for more information about configuring SSL.
Disclaimer: The below steps are for experienced administrators only. Consult with the Okera support staff in case of question BEFORE you attempt to change a cluster.Steps:
1. Add SSL Certificate
Path 1: OKERA_S3_STAGING_DIR + "/etc"
Okera recommends to use the latter as the location to put the SSL certificate and key files.
2. Edit Kubernetes Deployments
- name: SSL_CERTIFICATE_FILE
- name: SSL_KEY_FILE
- name: CEREBRO_REST_FQDN
The following commands allow you to edit the settings of the running cluster:
% sudo kubectl edit deployments cdas-rest-server
% sudo kubectl edit deployments cerebro-web
The pods are automatically restarted when you save your changes.
Important: The FQDN is needed, must resolve to any minion in the ODAS cluster, and must match the certificate's common name field. It is used by the Okera Portal to communicate with the REST server using TLS/SSL.
$ vi /etc/cerebro/env.sh
# Configure SSL certs/key to enable HTTPS
export CEREBRO_SSL_CERTIFICATE_FILE="/etc/cerebro.crt" export CEREBRO_SSL_KEY_FILE="/etc/cerebro.key" export CEREBRO_SSL_FQDN=rest.odas15.foobar.com