levis/help365
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
production
help365/platform/ssl-certificates-with-cert-manager.html
koziavin 00717a92fb
All checks were successful
Deploy Static Site / deploy (push) Successful in 6m6s
Details
update
2025-05-29 16:42:45 +04:00

252 lines
22 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<title>Create SSL certificates for TLS/SSL using Cert-manager</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="A self-signed SSL certificate is used for dynamic test environments or when using an external load balancer that terminates SSL traffic." />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="infrastructure-preparation.html">Prepare infrastructure</a> &gt; TLS/SSL certificates / Create SSL certificates for TLS/SSL using Cert-manager</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Create SSL certificates for TLS/SSL using Cert-manager</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">A self-signed SSL certificate is used for dynamic test environments or when using an external load balancer that terminates SSL traffic.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">начало&nbsp;внимание</span></p>
<p class="p_Normal">A self-signed SSL certificate does not provide robust data protection against malicious actors. It is recommended to use commercial SSL certificates from trusted certificate authorities such as Comodo, Symantec, Thawte, etc.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">конец&nbsp;внимание</span></p>
<p class="p_Normal">To create a certificate with the SAN attribute, follow these steps:</p>
<ol style="list-style-type:upper-roman">
<li value="1" class="p_Normal">Install <a href="install-cert-manager.html" class="topiclink">Cert-manager</a> add-on component.</li><li value="2" class="p_Normal">Create yaml-file <span style="font-weight: bold;">selfsigned-cluster-issuer.yaml</span>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">nano&nbsp;selfsigned-cluster-issuer.yaml</span></p>
<p class="p_Normal">To initiate the certificate issuance procedure in a Kubernetes cluster, certification authority (CA) resources must be declared. These resources are used to sign Certificate Signing Requests (CSRs) for issuing certificates. Depending on the required scope, you can declare the following resources:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><span style="font-weight: bold;">Issuer</span> can be used in one namespace.</li><li class="p_Normal"><span style="font-weight: bold;">ClusterIssuer</span> is the cluster<span style="color: #202122; background-color: #ffffff;"></span>s global object.</li></ul>
<ol style="list-style-type:upper-roman">
<li value="3" style="line-height: 1.20; background: #ffffff; margin-top: 10px; margin-right: 0; margin-bottom: 0;">In the <span style="font-weight: bold;">selfsigned-cluster-issuer.yaml</span> file, insert the following values:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">apiVersion:&nbsp;cert-manager.io/v1</span><br />
<span class="f_CodeExample">kind:&nbsp;ClusterIssuer</span><br />
<span class="f_CodeExample">metadata:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;name:&nbsp;elma365-selfsigned-certificate</span><br />
<span class="f_CodeExample">spec:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;selfSigned:&nbsp;{}</span></p>
<ol style="list-style-type:upper-roman">
<li value="4" style="line-height: 1.20; background: #ffffff; margin-top: 10px; margin-right: 0; margin-bottom: 0;">Apply the <span style="font-weight: bold;">selfsigned-cluster-issuer.yaml</span> file to the cluster:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;apply&nbsp;-f&nbsp;selfsigned-cluster-issuer.yaml</span></p>
<ol style="list-style-type:upper-roman">
<li value="5" style="line-height: 1.20; background: #ffffff; margin-top: 10px; margin-right: 0; margin-bottom: 0;">Create a yaml-file for the certificate <span style="font-weight: bold;">create-selfsigned-elma365-certificate.yaml</span>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">nano&nbsp;create-selfsigned-elma365-certificate.yaml</span></p>
<ol style="list-style-type:upper-roman">
<li value="6" style="line-height: 1.20; background: #ffffff; margin-top: 10px; margin-right: 0; margin-bottom: 0;">Modify the file <span style="font-weight: bold;">create-selfsigned-elma365-certificate.yaml</span>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">apiVersion:&nbsp;cert-manager.io/v1</span><br />
<span class="f_CodeExample">kind:&nbsp;Certificate</span><br />
<span class="f_CodeExample">metadata:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;name:&nbsp;elma365-selfsigned-tls-certificate</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;namespace:&nbsp;[namespace]</span><br />
<span class="f_CodeExample">spec:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;secretName:&nbsp;elma365-onpremise-tls</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;secretTemplate:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;annotations:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reflector.v1.k8s.emberstack.com/reflection-allowed:&nbsp;&quot;true&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces:&nbsp;&quot;kube-system&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reflector.v1.k8s.emberstack.com/reflection-auto-enabled:&nbsp;&quot;true&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;reflector.v1.k8s.emberstack.com/reflection-auto-namespaces:&nbsp;&quot;kube-system&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;duration:&nbsp;8760h</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;renewBefore:&nbsp;720h</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;isCA:&nbsp;false</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;subject:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;organizations:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;-&nbsp;&quot;YOUR_NAME_ORGANIZATIONS&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;privateKey:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;algorithm:&nbsp;ECDSA</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;size:&nbsp;384</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;encoding:&nbsp;PKCS8</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;rotationPolicy:&nbsp;Always</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;issuerRef:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;kind:&nbsp;ClusterIssuer</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;&nbsp;&nbsp;name:&nbsp;elma365-selfsigned-certificate</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;commonName:&nbsp;&quot;elma365_server.your_domain&quot;</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;dnsNames:</span><br />
<span class="f_CodeExample">&nbsp;&nbsp;-&nbsp;&quot;elma365_server.your_domain&quot;</span></p>
<p class="p_Normal">Where:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>metadata.namespace</b></code> is the name of the target namespace where the certificate should be placed.</li></ul>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">начало&nbsp;примечание</span></p>
<p class="p_Normal"><span style="font-weight: bold;">Note</span></p>
<p class="p_Normal">The secret with the certificate must be created in the same namespace in which the target application is running or will be installed, for which the certificate is being issued.</p>
<p class="p_Normal">For the <a href="installing-elma365-enterprise.html" class="topiclink">BRIX</a> application, the standard namespace is <code><b>elma365</b></code>.</p>
<p class="p_Normal">For <a href="embedded-databases-settings.html" class="topiclink">embedded databases</a> the standard namespace is <code><b>elma365-dbs</b></code>.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">конец&nbsp;примечание</span></p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>spec.duration</b></code> is the validity period of the certificate in hours.</li><li class="p_Normal"><code><b>spec.subject.organizations</b></code><span style="font-weight: bold;"> </span>is the name of your company (replace <code><b>"YOUR_NAME_ORGANIZATIONS"</b></code>).</li><li class="p_Normal"><code><b>spec.commonName</b></code> and <code><b>dnsNames</b></code> is the fully qualified domain name (FQDN) for which the certificate should be issued (replace <code><b>"elma365_server.your_domain"</b></code>).</li></ul>
<ol style="list-style-type:upper-roman">
<li value="7" class="p_Normal">Apply the <span style="font-weight: bold;">create-selfsigned-elma365-certificate.yaml</span> file to the cluster:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;apply&nbsp;-f&nbsp;create-selfsigned-elma365-certificate.yaml</span></p>
<ol style="list-style-type:upper-roman">
<li value="8" style="line-height: 1.20; background: #ffffff; margin-top: 10px; margin-right: 0; margin-bottom: 0;">To install and update <a href="installing-elma365-enterprise.html" class="topiclink">BRIX</a> or the <a href="embedded-databases-settings.html" class="topiclink">embedded databases</a> use the secret <code><b>elma365-onpremise-tls</b></code> (the name specified in the parameter <code><b>spec.secretName</b></code>).</li></ol>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="certificate-lets-encrypt.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">certificate-lets-encrypt.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="ssl-certificates.html">
<span class="bottom-nav__link">ssl-certificates.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink