TLS Certificates for Ingress-Issuers in IBM API Connect
TLS certificates describe the certificates used for communications between subsystems and clients in an IBM API Connect deployment.
Ingress (front-end) TLS Certificates
What is an Ingress Controller?
An Ingress controller abstracts away the complexity of Kubernetes application traffic routing and provides a bridge between Kubernetes services and external rones. … Monitor the pods running in Kubernetes and automatically update the load‑balancing rules when pods are added or removed from service.
What is an Ingress Certificate?
The Ingress Operator uses its signing certificate to sign default certificates that it generates for Ingress Controllers for which you do not set custom default certificates. Cluster components that use secured routes may use the default Ingress Controller’s default certificate
List of External Certificates
Following is the list of ingress certificates (issued by the ingress-issuer) with the corresponding secrets. The certificates which is specified in the table use the custom-certs-external.YAML template.
Issuer / CA certificate | Certificate | Usage | Secret |
ingress-issuer | analytics_CR-ac-endpoint | ingress-issuer | analytics_CR-ac-endpoint |
analytics_CR-ai-endpoint | analytics_CR-ai-endpoint | ||
*-api-endpoint-* | *-api-endpoint-* | ||
*-apim-endpoint-* | *-apim-endpoint-* | ||
*-cm-endpoint-* | *-cm-endpoint-* | ||
*-consumer-endpoint-* | *-consumer-endpoint-* | ||
portal_CR-admin | portal_CR-admin | ||
portal_CR-web | portal_CR-web | ||
hub-endpoint | hub-endpoint | ||
turnstile-endpoint | turnstile-endpoint |
Subsystem communication TLS certificates
- The certificates which are specified in the table are created it is created with a yaml with the name custom-certs-external.YAML
- When any certificate is renewed, the corresponding pods must be restarted.
Issuer / CA certificate | Certificate | Usage | Secret |
ingress-issuer | analytics_CR-client-client | client | analytics_CR-client-client |
ingress-issuer | analytics_CR-ingestion-client | client | analytics_CR-ingestion-client |
ingress-issuer | portal_CR-admin-client | client | portal_CR-admin-client |
ingress-issuer | gateway_CR-client-client | client | gateway_CR-client-client |
ingress-issuer | gateway_CR-peering | client, server | gateway_CR-peering |
ingress-issuer | Site-dependent names Example: dc1-mgmt-replication/dc2-mgmt-replication |
server | Site-dependent names. Example: dc1-mgmt-replication/dc2-mgmt-replication |
ingress-issuer | Site-dependent names. Example: dc1-mgmt-replication-client/dc2-mgmt-replication-client |
client | Site-dependent names. Example: dc1-mgmt-replication-client/dc2-mgmt-replication-client |
ingress-issuer | Site-dependent names. Example: dc1-ptl-replication/dc2-plt-replication |
server | Site-dependent names. Example: dc1-ptl-replication/dc2-ptl-replication |
ingress-issuer | Site-dependent names. Example: dc1-ptl-replication-client/dc2-ptl-replication-client |
client | Site-dependent names. Example: dc1-ptl-replication-client/dc2-ptl-replication-client |
What is the main purpose of an ingress resource?
An Ingress is an object that allows access to your Kubernetes services from outside the Kubernetes cluster. You configure access by creating a collection of rules that define which inbound connections reach which services. This lets you consolidate your routing rules into a single resource.