Cloudera AI Registry requires its own dedicated TLS certificate as
it operates through a separate Istio gateway that does not support shared
certificates.
After successfully installing the Cloudera AI Registry follow
these steps to update the certificates for Cloudera AI Registry:
-
Generate a certificate for the Cloudera AI Registry domain
using the root CA that was updated on the Cloudera Management Console.
The Domain name can be found in .
For example:
model-registry.apps.ecs-cluster-1.cloudera.com
-
Apply the certificate by using the following comand:
kubectl get secret ingress-default-cert-mr -n istio-ingress -o yaml > backup_mr_cert_secret.yaml
kubectl delete secret ingress-default-cert-mr -n istio-ingress
kubectl create secret tls ingress-default-cert-mr --cert=/path/to/mycert.crt --key=/path/to/cert.key -o yaml --dry-run=client | kubectl -n istio-ingress apply -f -
