RoadmapFrends

Configuring SSL Certificates for Kubernetes

How to use your own SSL certificates for your Frends.

By default the Frends Agent generates self signed certificates for API and HTTP endpoints.

It is also possible to secure API and HTTP endpoints with your own SSL certificates. To do this, you need to add a Default external address for new agents and modify the Agent configuration before deployment.

Add a Default external address for new agents

Under the target Agent Group enter the external address into the Default External Address e.g. https://myagentfqdn.frendsapp.com and save changes.

The option will be visible when Allow new agents to connect to agent group option is enabled for the Agent Group.

External address for Kubernetes deployments.

The next time you deploy an Agent to this Agent Group this will be used as the External address.

Set Kubernetes configuration options

Download and extract the Agent Kubernetes Configuration from the Frends Control Panel to include the new external address in it. We need to make couple of changes to the default config to enable the certificates.

Secrets changes

To add your own certificate to the configuration, edit /app/secrets/appsettings.secrets.json and add your certificates thumbprint to certificateThumbprintOrPath field.

Next, copy your PFX certificate file into the /app/secrets directory.

Deploy file changes

Now edit FRENDS-Agent-Deploy.yaml file, and add the following within the containers section, after the images clause and on the same indendation level:

command: ["/bin/bash","-c"]
args: ["dotnet --roll-forward Major /app/CertTool/GSoft.CertificateTool.dll add -f /app/secrets/<PFX FileName> --password <PFX Password> --store-name My && dotnet Frends.Agent.dll"]

Replace the following values with your certificate details:

  • PFX FileName

  • PFX Password

  • certificateThumbprintOrPath

The file's containers section should now look like the following:

Example FRENDS-Agent-Deploy.yaml file contents for Containers.

These two new lines override the default Agent start-up and run a tool to import the PFX certificate before starting the Agent.

Finally, add the certificate filename to the frends-agent-secrets under volumes section. Under the items list, add a new key and path like this:

- key: <PFX FileName> 
  path: <PFX FileName>

Replace <PFX FileName> with the filename of your PFX file.

It should now look something like this:

Example of FRENDS-Agent-Deploy.yaml file at volumes section.

With these changes made to the secrets and deploy file, your Kubernetes configuration is ready to use your own SSL certificate.

PreviousInstalling Frends AgentNextHow to set up High Availability configuration

Last updated

Was this helpful?