How can I enable HTTPS for the REST and Okera Portal for a running ODAS cluster?
Disclaimer: The below steps are for experienced administrators only. Consult with the Okera support staff in case of question BEFORE you attempt to change a cluster.Steps:
Path 1: OKERA_S3_STAGING_DIR + "/etc"
Okera recommends to use the latter as the location to put the SSL certificate and key files.
- name: SSL_CERTIFICATE_FILE
- name: SSL_KEY_FILE
- name: CEREBRO_REST_FQDN
The following commands allow you to edit the settings of the running cluster:
% sudo kubectl edit deployments cdas-rest-server
% sudo kubectl edit deployments cerebro-web
The pods are automatically restarted when you save your changes.
Important: The FQDN is needed, must resolve to any minion in the ODAS cluster, and must match the certificate's common name field. It is used by the Okera Portal to communicate with the REST server using TLS/SSL.
$ vi /etc/cerebro/env.sh
# Configure SSL certs/key to enable HTTPS
export CEREBRO_SSL_CERTIFICATE_FILE="/etc/cerebro.crt" export CEREBRO_SSL_KEY_FILE="/etc/cerebro.key" export CEREBRO_SSL_FQDN=rest.odas15.foobar.com