Configure the New Job Scheduling to Run in HTTPS
Depending on your organization's security policy, you may want to have the New Job Scheduling Portal and REST API run over a secured connection.
To configure the New Job Scheduling Portal and REST API to run in HTTPS:
-
Add a Kubernetes TLS secret named jss-tls that contains the private key and public certificate for your computer domain name. For details, see this official Kubernetes documentation page.
-
Run the following command:
kubectl create secret tls jss-tls --key ${KEY_FILE} --cert ${CERT_FILE}
-
Add the following ingress and ingress-nginx sections to your
customer.values.yaml
:cloudshell-core:
job-scheduling-portal:
jobSchedulingPortal:
ingress:
tls:
enabled: true
hosts:
- portal_dns.com
ingress-nginx:
controller:
config:
force-ssl-redirect: "true"
extraArgs:
default-ssl-certificate: $(POD_NAMESPACE)/jss-tls -
Save the file and redeploy the helm chart, as explained in Deploy the New Job Scheduling Infrastructure using Helm.
All future HTTP traffic, by domain name and IP, should be redirected to HTTPS, as expected.
noteWhen connecting to the New Job Scheduling Portal using its private IP address over HTTPS, the browser may return a "Certificate invalid" warning if the IP address has changed (dynamic IP). Skipping this warning should fix this issue as this will force the browser to redirect to the Portal's domain name.