How do I enable mTLS on the NSP mediation interface?
Purpose
Perform this procedure to enable mutual TLS authentication, or mTLS, on the network mediation interface of an NSP cluster.
Note: You must perform the procedure in each NSP cluster.
Steps
1 |
Log in as the root or NSP admin user on the NSP deployer host. |
2 |
Open the following file using a plain-text editor such as vi: /opt/nsp/NSP-CN-DEP-release-ID/NSP-CN-release-ID/config/nsp-config.yml |
3 |
Configure the following parameters in the nsp—modules—mdm section of the file: mtls: enabled: true mtlsKeyAlgorithm: "RSA" |
4 |
Save and close the file. |
5 |
Open a console window. |
6 |
Enter the following: # cd /opt/nsp/NSP-CN-DEP-release-ID/bin ↵ |
7 |
Enter the following to update the mTLS Kubernetes server secret: # ./nspdeployerctl secret -s mediation-mtls-key -n "*" -f tls.key=mtlsKey -f tls.crt=mtlsClientCert -f ca.crt=mtlsCACert update where mtlsKey is the full path of the client private key file mtlsClientCert is the full path of the client public certificate file mtlsCACert is the full path of the CA public certificate file Messages like the following are displayed as the server secret is updated: secret/mediation-mtls-key patched The following files may contain sensitive information. They are no longer required by NSP and may be removed. customKey customCert customCaCert |
8 |
Enter the following to put the configuration change into effect: Note: The command causes a restart of each MDM pod in the cluster, but is not service-affecting. # ./nspdeployerctl install --config --deploy ↵ mTLS is enabled on the cluster mediation interface. |
9 |
Close the console window. End of steps |