Skip to main content

Installation

  1. Install the following utilities on a computer that is able to connect to the IBM Kubernetes cluster and MariaDB.

    #Install system updates
sudo yum update -y

#Install kubectl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client

#Install helm
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

  2. Retrieve the Kubeconfig file from the Kubernetes cluster.

  3. Verify connectivity to Kubernetes cluster from this computer.

    #Verify connection to kubernetes cluster
kubectl get svc

#Install mysql client
sudo yum install mysql -y

#Verify connection to mariadb instance
mysql -h <mariadbEndPoint> -P 3306 -u root -p

  4. Make following configuration changes in MariaDB for DigiCert ONE.

    SET GLOBAL log_bin_trust_function_creators = 1; 
SET GLOBAL max_connections=1000; [Required]
SET GLOBAL max_allowed_packet = 536870912;

  5. Create DigiCert ONE configuration files using ./dcone config, and follow the prompts to create dcone-sql-init-script.sql, dcone-secrets.yaml, dcone-deployment-values.yaml, and dcone-namespace.yaml files.

  6. Create the DigiCert ONE database in MariaDB by applying the dcone-sql-init-script.sql you already generated.

  7. Add DigiCert ONE Helm repository.

    helm repo add dcone https://repo.pkiplatform.digicert.com/chartrepo/dcone
helm repo update

  8. Deploy DigiCert ONE applications.

     #Run the following command to create the Kubernetes namespace:
kubectl create -f dcone-namespace.yaml

#Run the following command to add the Kubernetes secrets:
kubectl apply -f dcone-secrets.yaml

#Run the following command to install the TLS certificate:
kubectl create secret tls dcone-tls --cert=<path to the TLS certificate> --key=<path to the TLS private key> -n ambassador
kubectl create secret tls dcone-clientauth-tls --cert=<path to the clientauth TLS certificate> --key=<path to the clientauth TLS private key> -n ambassador

#Install nginx
helm install ingress-nginx ingress-nginx/ingress-nginx --wait --timeout 50m
kubectl patch configmap/ingress-nginx-controller -n default --type merge -p '{"data":{"enable-underscores-in-headers":"true"}}'
kubectl patch configmap/ingress-nginx-controller -n default --type merge -p '{"data":{"hsts-include-subdomains":"false"}}'

#Run the following command to create install the infrastructure:
helm upgrade --install dcone-infra dcone/dcone-infra --values dcone-deployment-values.yaml --namespace ambassador

#Run the following command to install the Digicert One application:
helm upgrade --install dcone dcone/dcone --values dcone-deployment-values.yaml --namespace dcone

  9. Access the DigiCert ONE platform at https://<your-dcone-host>/.

  10. Enter the license code you received.

  11. Create the initial admin user.

    You can now use DigiCert ONE in this environment.

Nesta secção: