# Redeploying TLS Certificates

# Overview

Redploying TLS certificate is process of replacing the current used TLS certificate with a new issues certificate and should be planned well before certificates expire or in the case of a certificate being compromised.
In cnvrg Platform, TLS certificates are used to provide secure connections for its internal components. The follwing will guide you on how to redeploy or rotate your the platform TLS certificate.

# Requirements

  • kubectl and access to the Kubernetes cluster
  • TLS certificate

# Kubernetes TLS Secret

First, we will need to create a Kubernetes TLS secret from the TLS certificate and key files.

kubectl -n cnvrg create secret tls my-tls-secret \
  --cert=path/to/cert/file \
  --key=path/to/key/file

# Update cnvrg Operator

We have two option that we can use in order to update the TLS secret without manually edit the operator.

# Option 1

The first option is use an inline kubectl patch command:

kubectl patch cnvrginfras.mlops.cnvrg.io/cnvrg-infra cnvrgapps.mlops.cnvrg.io/cnvrg-app --type=merge -p '{"spec": {"networking": {"https": {"certSecret": "cnvrg-tls-secret"}}}}' -n cnvrg

Expected output

cnvrginfra.mlops.cnvrg.io/cnvrg-infra patched
cnvrgapp.mlops.cnvrg.io/cnvrg-app patched

# Option 2

The second option is to create a file named patch-secret.yaml that has this content:

--- 
spec: 
  networking: 
    https: 
      certSecret: my-tls-secret
...

Patch cnvrg operator:

kubectl patch cnvrginfras.mlops.cnvrg.io/cnvrg-infra cnvrgapps.mlops.cnvrg.io/cnvrg-app --type=merge -p "$(cat patch-secret.yaml)" -n cnvrg 

Expected output

cnvrginfra.mlops.cnvrg.io/cnvrg-infra patched
cnvrgapp.mlops.cnvrg.io/cnvrg-app patched

# Verification

Verify the progress of the operator reconciliation process:

kubectl -n cnvrg get cnvrgapps.mlops.cnvrg.io/cnvrg-app cnvrginfras.mlops.cnvrg.io/cnvrg-infra

Expected output

NAME                                VERSION                 STATUS   MESSAGE
cnvrgapp.mlops.cnvrg.io/cnvrg-app   cnvrg/app:master-9873   READY    successfully reconciled, ready (100%)

NAME                                    STATUS    MESSAGE
cnvrginfra.mlops.cnvrg.io/cnvrg-infra   HEALTHY   successfully reconciled
Last Updated: 11/15/2021, 6:59:34 AM