I have an existing IBM Cloud Private 2.1.0.2 cluster and I want to apply an updated ssl certificate to the docker registry, tiller, and the ICP Management Console UI. The goal is for end-users to connect without setting "--tls", "insecure-registry", etc...
What is the best way to accomplish this and how do I rollback if they go wrong? Can I use an existing wildcard ssl certificate for this?
Thank you!
I THINK you mean the Kubernetes cluster... not the Cloud Foundry install...(yes ICP has a CF version =P) You can just edit the config file as described in the first link below, and "reinstall". At that point, terraform will recognize that you just want to add the certs and it will do that.
So do this first(skip all the stuff you've already done to make the certs and etc, I'm assuming you got that already by your post and a CA lined up and all that... if not, feel free to correct me):
https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.2/installing/create_ca_cert.html
The just re-run the "install" and it should set you up, only thing changed is the new certs added.
https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.2/installing/install.html
As far as wildcard certs, Im thinking no, but hey, I havent tried. Just done canonical/literal so far. If its doable, please test and let us know! Thanks!
