Configure Certificates
A signed certificate is needed on the NGNIX pods for the Slack and Teams integrations.
The AutomationUIConfig instance controls the certificates and the NGINX pods that use them.
🚀 TASK: Create valid Ingress certificates
🌏 Documentation for the Task: nline starter installation of CP4AIOPSCreate valid Ingress Certificates as described in the Documentation.
Patch NetworkPolicy
Run the following command to patch the NetworkPolicy
export AIOPS_NAMESPACE=$(oc get po -A|grep aiops-orchestrator-controller |awk '{print$1}')cat <<EOF | oc apply -f -apiVersion: networking.k8s.io/v1kind: NetworkPolicymetadata:name: allow-all-egress-and-ingressannotations:argocd.argoproj.io/sync-wave: "3"
Run the following command to patch the Ingress Certificates
PROJECT_CP4AIOPS=ibm-aiopsAUTO_UI_INSTANCE=$(oc get AutomationUIConfig -n ${PROJECT_CP4AIOPS} --no-headers -o custom-columns=":metadata.name")ingress_pod=$(oc get secrets -n openshift-ingress | grep tls | grep -v router-metrics-certs-default | awk '{print $1}')oc get secret -n openshift-ingress -o 'go-template={{index .data "tls.crt"}}' ${ingress_pod} | base64 -d > cert.crtoc get secret -n openshift-ingress -o 'go-template={{index .data "tls.key"}}' ${ingress_pod} | base64 -d > cert.keyoc get secret -n ${PROJECT_CP4AIOPS} external-tls-secret -o yaml > external-tls-secret.yaml
To check that the nginx Pods are back up, run the following:
export AIOPS_NAMESPACE=$(oc get po -A|grep aiops-orchestrator-controller |awk '{print$1}')while :; do clear; echo "Checking..."; echo "Exit with Ctrl-C"; oc get po -n $AIOPS_NAMESPACE | grep nginx|grep -v ibm-nginx-tester|grep -v setup-nginx-job ; sleep 2; doneThis will list the Pods that are Ready.
Wait until you get two pods with
1/1
statusibm-nginx-xxxxx-xxx 1/1 Running 0 4h9mibm-nginx-xxxxx-xxx 1/1 Running 0 4h9m
Page last updated: 03 November 2022