Configuring TLS for Sametime mux on Kubernetes
Before you begin
- Obtain a third-party certificate. You can use a self-signed certificate or a third-party certificate to configure TLS for Sametime mux.
- Obtain a private key with a subject that contains the host name assigned to the mux Kubernetes service. If you do not know the mux Kubernetes service IP address, issue the kubectl get svc | grep mux command.
About this task
These are the steps to secure the connection between the Sametime Connect client and Sametime embedded client inside of HCL Notes to the Sametime mux using TLS.
The changes in this task apply to the following pods:
- community
- mux
Procedure
-
Create a secret that contains your trust store.
kubectl create secret generic mux-secret --from-literal=KeyStorePassword=samet1me --from-file=./keystore.p12
- In the values.yaml file remove the comment tag (#) surrounding the muxTlsConfigSecret: mux-secret parameter.
- Save and close the values.yaml file.
-
Apply your changes to the environment.
Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. The default for Sametime Premium version 12 is sametime.
helm upgrade sametime_deployment_name .
Note: Be sure to include the dot at the end. It is part of the command.If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings. -
Restart the pods with the changes. Use the kubectl scale
command to scale the pods to zero and then to one that have been changed. You
must run the commands for each pod that the change affects.