SSL setup
To allow the application handle SSL encryption you must provide a certificate and private key
To generate a self-signed certificate you can use the integrated OpenSSL tools on Linux/UNIX
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
Using a self-signed certificate will raise a warning in the browser. It is used here as an example.
Eventually, you need to require an official certificate and private key according to your company processes.
Open the values.yaml
file with an editor of your choice and add the certificate and key values and set sslEnabled: true
and enabled: true
to enable the SSL config
Note: Do not set a pass-phrase when creating the certificate and key pair.
(PEM-encoded X.509, RSA)
ingressConfig:
sslEnabled: true
cert:
enabled: true
crt: |-
-----BEGIN CERTIFICATE-----
MIIE+zCCAuOgAwIBAgIJALDfTocI8wPHMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
...
KJyCsKzx6QRjJZ3PSFEfgvJh3NuVz66Mb14V9zJilg==
-----END CERTIFICATE-----
key: |-
-----BEGIN RSA PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDJ88nJD4zPTKDo
...
ShQIDwZ/32M3xWogXqPBT6U0DwlftABnwg8ABSwP2wbzHAU4Fb6CU9LHH/poq8TD
-----END RSA PRIVATE KEY-----
Update the helm-chart with the new values:
./helm upgrade -i order-management -f ./configure/values-on-premise.yaml -f=values.yaml chart/order-management-*.tgz && kubectl -n default rollout restart deployment backend button3d evaljs revproxy yoda