Modify the TLS Certificate of an instance on Kubernetes

This page describes how to modify the TLS certificate of a Cyberwatch instance on Kubernetes.

Technical Prerequisites

Ensure you have the tls.crt and tls.key files corresponding to the certificate and key.

The key must not be encrypted.

Modify the TLS certificate of the instance

  1. Create a Kubernetes secret for the ingress controller:

    kubectl create secret tls cyberwatch-tls --cert=tls.crt --key=tls.key -n cyberwatch

  2. Modify the following section in the Helm values.yml file:

    ingress:
  enabled: true
  ingressClassName: nginx
  host: cyberwatch.local # FQDN
  tls:
    enabled: true # Replaces the selfSigned line
    secret: cyberwatch-tls

  3. Execute the command to delete Cyberwatch deployments:

    for deployment in $(kubectl -n cyberwatch get deployments.apps -o jsonpath='{.items[*].metadata.name}'); do
  kubectl -n cyberwatch delete deployments.apps $deployment;
done
kubectl -n cyberwatch delete statefulsets.apps db redis

  4. Verify that all pods have been deleted:

    kubectl -n cyberwatch get pods

  5. Apply the changes using Helm:

    helm -n cyberwatch upgrade cyberwatch oci://harbor.cyberwatch.fr/cbw-on-premise/cyberwatch-chart -f values.yml

Back to top