Configure HTTPS/TLS for External Repositories
This guide explains how to configure HTTPS/TLS for external repositories that use a self-signed certificate. Note these steps are not required for external repositories such as huggingface.co
or s3.amazonaws.com
, which use valid SSL/TLS certificates issued by trusted certificate authorities (CAs) for their website.
Before You Start #
- Obtain the external repository’s self-signed certificate
How to Configure HTTPS/TLS for External Repositories #
1. Create a Kubernetes Secret #
-
Create a Kubernetes secret with the root CAs:
AIOLI_EXTERNAL_CA_CERT_SECRET_NAME=<your-secret-name> kubectl create secret generic ${AIOLI_EXTERNAL_CA_CERT_SECRET_NAME} --from-file=<path-to-cert-file> -n <namespace>
NoteFile names must end with .crt
. Specify additional--from-file
options for each root CA to be added. -
Verify that the secret was created:
kubectl get secret ${AIOLI_EXTERNAL_CA_CERT_SECRET_NAME} -n <namespace>
2. Update the MLIS Deployment #
- Update the MLIS deployment to use the secret:
helm install mlis --values values.yaml --set externalCaCertSecretName=${AIOLI_EXTERNAL_CA_CERT_SECRET_NAME} -n <namespace>
Using Cert Management Tools #
If you are managing CA certificate bundles using trust-manager or other similar tools, you can deploy these bundles to HPE Machine Learning Inferencing Software by specifying the ConfigMap
name during the Helm installation process. This approach provides a more automated and scalable way to manage trusted CA certificates across your cluster.
- Obtain the
ConfigMap
name that contains the CA certificate bundle:kubectl get configmaps
- Specify the
ConfigMap
name during the Helm installation process:helm install ... --set trustedCAsConfigMap=<configmap-name> ...
- Once deployed, the certificates in the bundle will be automatically mounted into:
- The controller
- All newly created deployment pods
ConfigMap
containing your CA certificates. Just ensure the ConfigMap
is created in the same namespace as your MLIS deployment before running the Helm install/upgrade command.