7 Migrating to OCCM Managed Certificates

Caution:

  • It is expected that there will be downtime when the services are migrated to use the new certificates generated by the OCCM. The amount of downtime will depend on the method of migration performed as described below.
  • This procedure is applicable when certificates are being migrated within the same release.
  • Migration supported only for current release version

This section provides information on how to migrate the certificates initially created by following the section "Configuring SSL or TLS Certificates" during OCNADD installation.

The below steps can be followed to use certificates created by OCCM:

7.1 Upgrading the Helm Charts

Caution:

No configuration or existing data will be lost. The expected downtime will be equal to the time taken to upgrade the relay agent group, the mediation group, the consumer adapter, and correlation, plus the time required for the Kafka broker and KRaft controller to stabilize. The Kafka broker and KRaft controller must be stabilized for all available groups.

To manually create certificates for OCNADD, follow these steps:

  1. Follow the steps to create secrets for OCCM for each management and worker group (relay agent and mediation) namespace as specified in the "OCCM Pre-requisites for Installing OCNADD" section in the Oracle Communications Network Analytics Suite Security Guide.
  2. Enable the OCCM based certificate management in the Management and Worker group (relay agent and mediation) custom-values. For descriptions of the Helm parameters required for enabling OCCM, see Helm Parameter Configuration for OCCM.
  3. Upgrade the Management group helm chart:
    helm upgrade <management-release-name> -f ocnadd-common-custom-values.yaml -f ocnadd-management-custom-values.yaml --namespace <management-group-namespace> <helm_chart>
    For example:
    helm upgrade dd-mgmt -f ocnadd-common-custom-values.yaml -f ocnadd-management-custom-values.yaml --namespace dd-mgmt-group ocnadd_mgmt
  4. Upgrade the Relay Agent group helm chart:
    helm upgrade <relayagent-release-name> -f ocnadd-common-custom-values.yaml -f ocnadd-relayagent-custom-values.yaml --namespace <relayagent-group-namespace> <helm_chart>
    For example:
    helm upgrade dd-rea -f ocnadd-common-custom-values.yaml -f ocnadd-relayagent-custom-values.yaml --namespace ocnadd-relay ocnadd
  5. Upgrade the Mediation group helm chart:
    helm upgrade <mediation-release-name> -f ocnadd-common-custom-values.yaml -f ocnadd-mediation-custom-values.yaml --namespace <mediation-group-namespace> <helm_chart> --set global.ocnaddmediation.env.admin.OCNADD_INGRESS_ADAPTER_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_ADAPTER_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_CORR_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_STORAGE_ADAPTER_UPGRADE_ENABLE=true
    For example:
    helm upgrade dd-med -f ocnadd-common-custom-values.yaml -f ocnadd-mediation-custom-values.yaml --namespace ocnadd-med ocnadd --set global.ocnaddmediation.env.admin.OCNADD_INGRESS_ADAPTER_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_ADAPTER_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_CORR_UPGRADE_ENABLE=true,global.ocnaddmediation.env.admin.OCNADD_STORAGE_ADAPTER_UPGRADE_ENABLE=true
  6. If multiple mediation groups are present repeat steps 5 for each mediation group