Skip to content

Local Certificate Authority

In the context of Run:ai, the cluster and control-plane need to be aware of this certificate for consumers to be able to connect to the system.

Preparation

You will need to have the public key of the local certificate authority.

Control-Plane Installation

  • Create the runai-backend namespace if it does not exist.
  • Add the public key to the runai-backend namespace:

    kubectl -n runai-backend create secret generic runai-ca-cert \ 
        --from-file=runai-ca.pem=<ca_bundle_path>
    

  • As part of the installation instructions you need to create a secret for runai-backend-tls. Use the local certificate authority instead.

  • Install the control plane, add the following flag to the helm command --set global.customCA.enabled=true

Cluster Installation

  • Create the runai namespace if it does not exist.
  • Add the public key to the runai namespace:
    kubectl -n runai create secret generic runai-ca-cert \
        --from-file=runai-ca.pem=<ca_bundle_path>
    
  • In case you're using Openshift, add the public key to the openshift-monitoring namespace:
    kubectl -n openshift-monitoring create secret generic runai-ca-cert \
        --from-file=runai-ca.pem=<ca_bundle_path>
    
  • Install the Run:ai operator, add the following flag to the helm command --set global.customCA.enabled=true