Alauda Container Platform

Rotate TLS Certs of Platform Access Addresses

INFO

For version v4.0.x, apply the same procedure to both the primary cluster and the standby cluster (terms of the Disaster Recovery setup) as described here.

TOC

Prerequisites

  • A pair of TLS certificates and its private key.

Procedures

  1. On any control-plane node in the global cluster, export backups of the TLS certificates used by 's platform access addresses:

    kubectl get certificate -n cpaas-system dex-serving-cert --ignore-not-found=true -o yaml > /cpaas/dex-serving-cert.yaml
kubectl get secret -n cpaas-system dex.tls -o yaml > /cpaas/dex.tls.yaml

  2. Delete the current certificates:

    kubectl delete certificate -n cpaas-system dex-serving-cert --ignore-not-found=true
kubectl delete secret -n cpaas-system dex.tls

  3. Introduce the new certificate:

    kubectl create secret tls dex.tls --cert=/path/to/tls.crt --key=/path/to/tls.key -n cpaas-system