Question
How can I enable HTTPS for the REST and Okera Portal for a running ODAS cluster?
Answer
Note: The contents of this FAQ may be outdated. Please refer to the Okera documentation here for more information about configuring SSL.
Disclaimer: The below steps are for experienced administrators only. Consult with the Okera support staff in case of question BEFORE you attempt to change a cluster.
Steps:1. Add SSL Certificate
CEREBRO_CONTAINER_CONF_DIR: s3://foobar/okera-217/etc/,s3://foobar/okera-217/clusters/1/etc/
Path 1: OKERA_S3_STAGING_DIR + "/etc"
Okera recommends to use the latter as the location to put the SSL certificate and key files.
2. Edit Kubernetes Deployments
- name: SSL_CERTIFICATE_FILE
value: "/etc/cerebro.crt"
- name: SSL_KEY_FILE
value: "/etc/cerebro.key"
- name: CEREBRO_REST_FQDN
value: rest.odas15.foobar.com
The following commands allow you to edit the settings of the running cluster:
% sudo kubectl edit deployments cdas-rest-server
% sudo kubectl edit deployments cerebro-web
The pods are automatically restarted when you save your changes.
Important: The FQDN is needed, must resolve to any minion in the ODAS cluster, and must match the certificate's common name field. It is used by the Okera Portal to communicate with the REST server using TLS/SSL.
$ vi /etc/cerebro/env.sh
...
# Configure SSL certs/key to enable HTTPS
export CEREBRO_SSL_CERTIFICATE_FILE="/etc/cerebro.crt" export CEREBRO_SSL_KEY_FILE="/etc/cerebro.key" export CEREBRO_SSL_FQDN=rest.odas15.foobar.com
...
:wq
$ /opt/cerebro/deployment-manager/bin/deployment-manager
Comments
0 comments
Please sign in to leave a comment.