Installation
Install the following utilities on a computer that is able to connect to the IBM Kubernetes cluster and MariaDB.
#Install system updates sudo yum update -y #Install kubectl curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin kubectl version --short --client #Install helm curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh
Retrieve the Kubeconfig file from the Kubernetes cluster.
Verify connectivity to Kubernetes cluster from this computer.
#Verify connection to kubernetes cluster kubectl get svc #Install mysql client sudo yum install mysql -y #Verify connection to mariadb instance mysql -h <mariadbEndPoint> -P 3306 -u root -p
Make following configuration changes in MariaDB for DigiCert ONE.
SET GLOBAL log_bin_trust_function_creators = 1; SET GLOBAL max_connections=1000; [Required] SET GLOBAL max_allowed_packet = 536870912;
Create DigiCert ONE configuration files using
./dcone config
, and follow the prompts to createdcone-sql-init-script.sql
,dcone-secrets.yaml
,dcone-deployment-values.yaml
, anddcone-namespace.yaml
files.Create the DigiCert ONE database in MariaDB by applying the dcone-sql-init-script.sql you already generated.
Add DigiCert ONE Helm repository.
helm repo add dcone https://repo.pkiplatform.digicert.com/chartrepo/dcone helm repo update
Deploy DigiCert ONE applications.
#Run the following command to create the Kubernetes namespace: kubectl create -f dcone-namespace.yaml #Run the following command to add the Kubernetes secrets: kubectl apply -f dcone-secrets.yaml #Run the following command to install the TLS certificate: kubectl create secret tls dcone-tls --cert=<path to the TLS certificate> --key=<path to the TLS private key> -n ambassador kubectl create secret tls dcone-clientauth-tls --cert=<path to the clientauth TLS certificate> --key=<path to the clientauth TLS private key> -n ambassador #Install nginx helm install ingress-nginx ingress-nginx/ingress-nginx --wait --timeout 50m kubectl patch configmap/ingress-nginx-controller -n default --type merge -p '{"data":{"enable-underscores-in-headers":"true"}}' kubectl patch configmap/ingress-nginx-controller -n default --type merge -p '{"data":{"hsts-include-subdomains":"false"}}' #Run the following command to create install the infrastructure: helm upgrade --install dcone-infra dcone/dcone-infra --values dcone-deployment-values.yaml --namespace ambassador #Run the following command to install the Digicert One application: helm upgrade --install dcone dcone/dcone --values dcone-deployment-values.yaml --namespace dcone
Access the DigiCert ONE platform at
https://<your-dcone-host>/
.Enter the license code you received.
Create the initial admin user.
You can now use DigiCert ONE in this environment.