Updating SSL certificate on single instance
Is there any way of updating the SSL certificates for a Sisense server without having to rerun the ./sisense.sh xxxx.yaml?
Forum Discussion
Hi bpeikes,
1. Copy new public and private keys to /opt/sisense/config/ssl directory.
2. Re-create TLS Secret:
kubectl create secret tls sisense-tls -n sisense --dry-run -o yaml --key /opt/sisense/config/ssl/<private key name> --cert /opt/sisense/config/ssl/<public key name> | kubectl apply -f -
3. Restart nginx-ingress controller pod:
kubectl -n default delete pod -l app.kubernetes.io/name=ingress-nginx --force --grace-period=0
Important note:
This method is not officially supported because it is easy to mess up and forget specifying correct keys pathes in ssl_key_path and ssl_cer_path during next version upgrade or restoration.
So, in case you are going to use this approach, be careful and do not forget to update ssl_key_path and ssl_cer_path with certs names in installer conifg yaml when run next upgrade in order to ensure that new certs will be deployed when it is required to:
- upgrade Sisense to a new version;
- re-install Sisense;
- update sisense when it comes to change other deployment settings.
