d74b3ee06e
Story: 2011399 Task: 52686 Change-Id: I8760b0a7b9c6fae4b7b4a00ae8ca5f88ac6124ae Signed-off-by: Ngairangbam Mili <ngairangbam.mili@windriver.com>
27 lines
1.5 KiB
ReStructuredText
27 lines
1.5 KiB
ReStructuredText
.. _configure-rest-api-applications-and-web-administration-server-certificates-after-installation-6816457ab95f:
|
|
|
|
=========================================================================
|
|
Configure REST API Applications and Web Administration Server certificate
|
|
=========================================================================
|
|
|
|
|prod| provides support for secure HTTPS external connections to the REST API
|
|
endpoints for services (see
|
|
`https://docs.starlingx.io/api-ref/index.html <https://docs.starlingx.io/api-ref/index.html>`__), the |prod| Web
|
|
administration server, and the Kubernetes API server.
|
|
|
|
During installation, the Platform Issuer (``system-local-ca``) automatically
|
|
issues a certificate to secure access to the REST API endpoints. This allows
|
|
the system to have HTTPS access enabled already from the services start up.
|
|
This certificate is stored in a Kubernetes |TLS| secret in the namespace
|
|
``deployment``, named ``system-restapi-gui-certificate``. The certificate is
|
|
renewed automatically by cert-manager upon expiration and the required services
|
|
are automatically reconfigured by the platform.
|
|
|
|
After bootstrap, this certificate's fields can be updated using the procedure
|
|
:ref:`migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d`. The
|
|
certificate will be managed by cert-manager (auto renewed upon expiration).
|
|
|
|
The certificate will be anchored by ``system-local-ca``'s Root |CA|. For more
|
|
information, refer to
|
|
:ref:`system-local-ca-issuer-9196c5794834`.
|