Feature Description
This feature enables you to configure certificates signed by your own CA or external CA for path-based ingress URLs.
You can provision the certificates used for both REST APIs and K8s APIs through cluster manager and Ops-center. The recommended method to configure a certificate and its corresponding private key is to provision the certificate as a TLS secret using the existing yang container.
Certificate Expiry Check
The provisioned certificates must be monitored for expiry. The kube-certificate-expiring alert is automatically raised in advance to renew and update the certificate and key.
The alerts have the following severity levels:
-
30 days before expiry—Raise alert with Info severity
-
20 days before expiry—Raise alert with Major severity
-
15 days before expiry—Raise alert with Critical severity