Change TLS settings between client and CRDP
Steps to enable TLS with mandatory client authentication
In the
values.yaml
file, underconfiguration
, update the value of servermode to tls-cert.Add the below lines to the
data
section ofkind:Secret
in thedeployment.yaml
file.data: server.crt: {{.Values.configuration.servercrt}} server.key: {{.Values.configuration.serverkey}} trustedca: {{.Values.configuration.trustedca}}
Update your CRDP deployment using the following command.
helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>
In your deployment file, in the
data
section ofConfigMap
, setSERVER_MODE
totls-cert
.Add the below lines to the
data
section ofkind:Secret
in thedeployment.yaml
file.data: server.crt: {{.Values.configuration.servercrt}} server.key: {{.Values.configuration.serverkey}} trustedca: {{.Values.configuration.trustedca}}
Update your CRDP deployment using the following command.
kubectl replace -f <deployment_filename> -n <namespace>
Stop the existing container.
In the environment variable, set the
SERVER_MODE
field totls-cert
. WhenSERVER_MODE
is set totls-cert
, you must also specify the following environment variables:CERT_VALUE
KEY_VALUE
TRUSTED_CA
Restart the container using the following command.
docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert -e CERT_VALUE=<> -e KEY_VALUE=<> -e TRUSTED_CA=<> <crdp_image_name>
Now, CRDP will verify the certificate presented by the client.
Steps to enable TLS without client authentication
In the
values.yaml
file, underconfiguration
, update the value of servermode to tls-cert-opt.Add the below lines to the
data
section ofkind:Secret
in thedeployment.yaml
file.data: server.crt: {{.Values.configuration.servercrt}} server.key: {{.Values.configuration.serverkey}}
Update your CRDP deployment using the following command.
helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>
In your deployment file, in the
data
section ofConfigMap
, setSERVER_MODE
totls-cert-opt
.Add the below lines to the
data
section ofkind:Secret
in thedeployment.yaml
file.data: server.crt: {{.Values.configuration.servercrt}} server.key: {{.Values.configuration.serverkey}}
Update your CRDP deployment using the following command.
kubectl replace -f <deployment_filename> -n <namespace>
Stop the existing container.
In the environment variable, set the
SERVER_MODE
field totls-cert-opt
. WhenSERVER_MODE
is set totls-cert-opt
, you must also specify the following environment variables:CERT_VALUE
KEY_VALUE
Restart the container using the following command.
docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=tls-cert-opt -e CERT_VALUE=<> -e KEY_VALUE=<> <crdp_image_name>
Steps to disable TLS
In the
values.yaml
file, underconfiguration
, update the value of servermode to no-tls.Update your CRDP deployment using the following command.
helm upgrade <helm-chart-name> <path-of-helm-chart> -n <namespace>
In your deployment file, in the
data
section ofConfigMap
, setSERVER_MODE
tono-tls
.Update your CRDP deployment using the following command.
kubectl replace -f <deployment_filename> -n <namespace>
Stop the existing container.
In the environment variable, set the
SERVER_MODE
field tono-tls
.Restart the container using the following command.
docker run -e KEY_MANAGER_HOST=<IP_address/host_name> -e REGISTRATION_TOKEN=<registration_token> -p <host-port>:<CRDP_port> -e SERVER_MODE=no-tls <crdp_image_name>