tclehman
commented
1 year ago I have figured out the problem. The cert file contained the private key, and the .key file was in an encoded format. The cert file needs to contain ONLY the cert, and the key file needs to contain the unencoded private key.
Otherwise, the deployment will "complete" but it won't upload the cert properly.
Technolero
I am trying to redeploy Viya with TLS certs I've generated in Azure Key vault. I generated a .pem key and pulled the .key from this to create the below documented files that are listed in the ansible-vars.yaml file.
Ansible-vars.yaml screenshot of TLS configuration:
After running the below deployment script, the deployment succeeds with no errors, however the webapp URL still shows that the site is "unsafe" and when I look at the certificate file in the browser, it shows the "Kubernetes Ingress Controller Fake Certificate" still.
Script used to deploy:
sudo docker run --rm \ --group-add root \ --user $(id -u):$(id -g) \ --volume /deployments:/data \ --volume /home/azureuser/viya4-deployment/ansible-vars.yaml:/config/config \ --volume /home/azureuser/viya4-iac-azure/terraform.tfstate:/config/tfstate \ --volume /home/azureuser/viya4-deployment/pem:/pem \ --volume $HOME/.ssh/id_rsa:/config/jump_svr_private_key \ viya4-deployment --tags "baseline,viya,install"Screenshot showing the install is still using the default certs:
Is there additional steps needed to deploy TLS certs to a Viya deployment?
SAS Track: 7613686188