Configure Certificates

Patch NetworkPolicy

1. Run the following command to patch the NetworkPolicy

   export AIOPS_NAMESPACE=$(oc get po -A|grep aiops-orchestrator-controller |awk '{print$1}')
   
   cat <<EOF | oc apply -f -
   apiVersion: networking.k8s.io/v1
   kind: NetworkPolicy
   metadata:
     name: allow-all-egress-and-ingress
     annotations:
       argocd.argoproj.io/sync-wave: "3"
   Copy to clipboardCopied!

2. Run the following command to patch the Ingress Certificates

   PROJECT_CP4AIOPS=ibm-aiops
   
   AUTO_UI_INSTANCE=$(oc get AutomationUIConfig -n ${PROJECT_CP4AIOPS} --no-headers -o custom-columns=":metadata.name")
   
   ingress_pod=$(oc get secrets -n openshift-ingress | grep tls | grep -v router-metrics-certs-default | awk '{print $1}')
   
   oc get secret -n openshift-ingress -o 'go-template={{index .data "tls.crt"}}' ${ingress_pod} | base64 -d > cert.crt
   oc get secret -n openshift-ingress -o 'go-template={{index .data "tls.key"}}' ${ingress_pod} | base64 -d > cert.key
   oc get secret -n ${PROJECT_CP4AIOPS} external-tls-secret -o yaml > external-tls-secret.yaml
   Copy to clipboardCopied!

3. To check that the nginx Pods are back up, run the following:

   export AIOPS_NAMESPACE=$(oc get po -A|grep aiops-orchestrator-controller |awk '{print$1}')
   while :; do clear; echo "Checking..."; echo "Exit with Ctrl-C"; oc get po -n $AIOPS_NAMESPACE | grep nginx|grep -v ibm-nginx-tester|grep -v setup-nginx-job ; sleep 2; done
   Copy to clipboardCopied!

   This will list the Pods that are Ready.

   Wait until you get two pods with 1/1 status

   ibm-nginx-xxxxx-xxx                                       1/1     Running     0               4h9m
   ibm-nginx-xxxxx-xxx                                       1/1     Running     0               4h9m
   Copy to clipboardCopied!