This topic describes how to configure SSL/TLS with Digital.ai Deploy. As an example, we have demonstrated the configuration of TLS with Digital.ai Deploy using a self-signed certificate. However, you’ll want to replace it with your own, trusted one for production environments. You can do that by creating a new Secret object in Kubernetes that contains your certificate and then updating the ingress controller to use it.
Note: If you have already registered a domain name and a valid trusted certificate then skip Step1 and Step 2 and proceed from Step 3
To begin with, we need to have a registered domain name. You can create your own domain using the route53 service on AWS. Please refer to the official AWS documentation link, given below:
We have already created a domain named
We will create a self-signed certificate named
app.digitalai-testing.com using OpenSSL for the subdomain below:
openssl req -x509 \ -newkey rsa:2048 \ -keyout tls.key \ -out tls.crt \ -days 365 \ -nodes \ -subj "/C=IN/ST=MH/L=PUN/O=MyCompany/CN=app.digitalai-testing.com"
kubectl create secret to save your TLS certificate and key as a Secret in the cluster. The key and cert fields refer to the local files where you’ve saved your certificate and private key.
kubectl create secret tls ssl-secret \ --key=" tls.key " \ --cert=" tls.crt "
values.yaml file of the helm chart, update the ingress configuration section by uncommenting the
tls-acme annotation and change the
Also uncomment the tls section and provide the secret name which was created in Step 3
Install the chart using the following command:
helm install [NAME] [CHART]
kubectl get services command to see the ingress loadbalancer configured by AWS and map the ingress loadbalancer entry in the route53 service by creating an ‘A’ record.
See the AWS documentation for information on creating an ‘A’ record set on route53:
We have already created the following ‘A’ record in route53.
kubectl get ingress command to see the ingress configured in your cluster.
Access the application from the browser and check the configured certificate from the browser. You’ll get the warning message shown in the image below, as the certificate is self-signed. Click the Advanced button to proceed to the Digital.ai Deploy webUI