When you secure your servers and APIs, you need SSL certificates. Since they don't last for ever, you will have to update them every year, or every other year.
In OKE (Kubernetes on Oracle Cloud), there are two slightly different ways of doing this, depending on the kind of component you are using. Unfortunately, the Oracle documentation does not describe how to update SSL certificates in Kubernetes.
Update an Ingress controller
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: my-ing annotations: kubernetes.io/ingress.class: "nginx" spec: tls: - secretName: my-ssl-secret-name rules: - http: paths: - backend: serviceName: my-backend-svc servicePort: 8088
Update a service of type Load Balancer
kind: Service apiVersion: v1 metadata: name: my-frontend-service annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-tls-secret: my-ssl-secret-name
- Create a new secret with a new certificate and private key
- Update the service yaml to point to the new secret
- Apply the updated service yaml (don't create the service, just apply the updated yaml on the existing service) using kubectl apply -f [name of your yaml]
- Delete the previous secret.
I hope the documentation will be updated by Oracle to include an instruction for updating SSL certificates. In the mean time I hope this post helps you when you need to update your SSL certificates.
Happy coding! 😀