To use an SSL certificate to secure an Agent API/HTTP Endpoints you need to add a "Default external address for new agents" and modify the Agent configuration before deployment.
Add a Default external address for new agents:
Under the target Agent Group enter the external address into the Default External Address e.g. https://myagentfqdn.frendsapp.com and save changes.
The next time you deploy an Agent to this Agent Group this will be used as the External address.
Download and extract the Agent Kubernetes Configuration from the Frends Control Panel
Edit /secrets/appsettings.secrets.json and add your certificates thumbprint to "certificateThumbprintOrPath": ""
Copy your PFX certificate file into the /secrets directory.
Now edit FRENDS-Agent-Deploy.yaml
In the containers: section. At the same level as image
containers:
- name: frends-agent
image: frendsplatform/frends-agent-linux:5.5.2.557
Add the following two lines
command: ["/bin/bash","-c"]
args: ["dotnet /CertTool/GSoft.CertificateTool.dll add -f /secrets/<PFX FileName> --password <PFX Password> --store-name My && dotnet Frends.Agent.dll"]
Replace the following values with your certificate details
<PFX FileName>
<PFX Password>
<certificateThumbprintOrPath>
It should look something like this
These two line override the default Agent start-up and run a tool to import the PFX certificate before starting the Agent.
The final step is to add the certificate filename to the frends-agent-secret secret
In the volumes: section. At the same level as - key: appsettings.secrets.json
volumes:
- name: secrets-storage
secret:
secretName: frends-agent-secrets
items:
- key: appsettings.secrets.json
path: appsettings.secrets.json
Add the following two lines
- key: <PFX FileName>
path: <PFX FileName>
Replace <PFX FileName> with the filename of your PFX file
It should now look something like this