Cloudera Docs

Setting up certificates for Cloudera AI Inference Service

Cloudera AI Inference service requires its own dedicated TLS certificate as it operates through a separate Istio gateway that does not support shared certificates.

After successfully installing the Cloudera AI Inference service follow these steps to update the certificates for Cloudera AI Inference service:

  1. Generate a certificate for the Cloudera AI Inference service domain using the root CA that has been updated on the Cloudera Management Console.

    The Domain name can be found in Cloudera AI > Cloudera AI Inference service > Cloudera AI Inference service name > Domain.

    Figure 1. Check the Domain name for Cloudera AI Inference service
  2. Apply the certificate by using the following comand: 
    kubectl get secret ingress-default-cert-caii -n istio-ingress -o yaml > backup_caii_cert_secret.yaml

kubectl delete secret ingress-default-cert-caii -n istio-ingress

kubectl create secret tls ingress-default-cert-caii --cert=/path/to/mycert.crt --key=/path/to/cert.key -o yaml --dry-run=client | kubectl -n istio-ingress apply -f -