You can provision an ML workspace with TLS enabled, so that it can be accessed via
https.
You need to obtain a certificate from the Certificate Authority used by your
organization. This may be an internal certificate authority.
Additionally, you need a computer with CLI access to the cluster, and with
kubectl installed.
Provision the ML Workspace. Follow the procedure Provisioning ML
Workspaces.
Obtain the .crt and .key files for the
certificate from your Certificate Authority.
The certificate URL is generally of the form:
<workspaceid>.<cluster>.<domain>.com.
Assuming an example URL for the certificate of
ml-30b43418-53c.cluster.yourcompany.com, check that the
certificate correctly shows the corresponding Common Name (CN) and Subject
Alternative Names (SAN):
CN: ml-30b43418-53c.cluster.yourcompany.com
SAN: *.ml-30b43418-53c.cluster.yourcompany.com
SAN: ml-30b43418-53c.cluster.yourcompany.com
Create a Kubernetes secret inside the previously provisioned ML workspace
namespace, and name the secret cml-tls-secret.
On a machine with access to the .srt and .key files above, and access to the OpenShift cluster,
run this command: kubectl create secret tls cml-tls-secret
--cert=<pathtocrt.crt> --key=<pathtokey.key> -o yaml
--dry-run | kubectl -n <cml-workspace-namespace> create -f
-
You can replace or update certificates in the secret at any time.
In Admin > Security > Root CA configuration, add the root CA certificate to the workspace.
For example:
https://ml-def88113-acd.cluster.yourcompany.com/administration/security"
The command creates routes to reflect the new state of ingress and secret, and
enables TLS.
