Configuring SSL/TLS

This topic describes how to configure SSL/TLS with Digital.ai Release. For demonstration purpose, we shown the configuration of TLS with Digital.ai Release using a self-signed certificate. However, you’ll want to replace it with your own, trusted one for production environments, which you can do by creating a new Secret object in Kubernetes that contains your certificate and then updating the ingress controller to use it.

Note: If you have already registered a domain name and a valid trusted certificate then skip Step1 and Step 2 and proceed from Step 3

Step 1

Add your custom domain name to Azure AD.

We have already created a domain named digitalai-testing.com.

Step 2

We will create a self-signed certificate named app.digitalai-testing.com using OpenSSL for the subdomain below:

openssl req -x509 \
-newkey rsa:2048 \
-keyout tls.key \
-out tls.crt \
-days 365 \
-nodes \
-subj "/C=IN/ST=MH/L=PUN/O=MyCompany/CN=app.digitalai-testing.com"

Step 3

Use the kubectl create secret to save your TLS certificate and key as a Secret in the cluster. The key and cert fields refer to the local files where you’ve saved your certificate and private key.

kubectl create secret tls ssl-secret \
  --key=" tls.key " \
  --cert=" tls.crt "

Step 4

In the values.yaml file of the helm chart, update the ingress configuration section by uncommenting the tls-acme annotation and change the ssl-redirect from false to true.

Also uncomment the tls section and provide the secret name which was created in Step 3

image

Step 5

Install the chart using the following command:

helm install [NAME] [CHART]

Step 6

Run the kubectl get services command to see the ingress loadbalancer configured by Azure and map the ingress loadbalancer entry in the Azure DNS service.

See the Azure documentation for information on Manage DNS records and record sets by using the Azure portal.

Step 7

Run the kubectl get ingress command to see the ingress configured in your cluster.

image

Step 8

Access the application from the browser and check the configured certificate from the browser. You’ll get the warning message shown in the image below, as the certificate is self-signed. Click the Advanced button to proceed to the Digital.ai Release webUI

image

image

image

Next Step