- Release Notes
- Requirements
- Installation
- About Installation
- Support
- Upgrade AI Fabric
- Updating AI Fabric Certificate
- Getting Started
- Projects
- Datasets
- ML Packages
- Pipelines
- ML Skills
- ML Logs
- Document Understanding in AI Fabric
- Basic Troubleshooting Guide
AI Center
Updating AI Fabric Certificate
During installation you have the choice between using your own certificate or just skip that step and use a self-signed certificate. If you need to change certificate afterward here are the steps to follow.
First, make sure that you have certificate with you, you will need the SSL file and private key as two separated files.
The next step is to connect to AI Fabric linux machine and run the following command
kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1
kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1
Then you need to restart kurl proxy server. To do that first retrieve the name of this proxy server using this command:
kubectl get pods -A | grep kurl-proxy | awk '{print $2}'
kubectl get pods -A | grep kurl-proxy | awk '{print $2}'
This will output the name of the kurl proxy server that should look like kurl-proxy-kotsadm-XXX. So the next step is to delete this pod (it will automaticaly be restarted).
kubectl delete pods kurl-proxy-kotsadm-XXX
kubectl delete pods kurl-proxy-kotsadm-XXX
You can check if pod is restarted by running get pods command:
kubectl get pods
kubectl get pods
Next to the pod, you should see 1/1 and Running.
Once it's ready you can remove configmap:
kubectl -n aifabric delete configmap is-client-config
kubectl -n aifabric delete configmap is-client-config
Then connect to KotsAdmin UI, remember Url should be something like https://<aif-machine>:8800/tls. The page wil let you upload the new certificate (and if needed change associated domain name):.
Click Upload & continue button and then go to config page. Change HostIP/FQDN if needed, generate a fresh access token and then click on save and once preflight check are done click on deploy to redeploy AI Fabric application. Once installed new certificate will be used by AI Fabric.
Once AI Fabric is redeployed, run this command for change to take effect:
kubectl -n istio-system rollout restart deployment istio-ingressgateway
kubectl -n istio-system rollout restart deployment istio-ingressgateway
Starting with 20.10.2 certificates are handled automatically using cert manager by our installer but if you first installed 20.10.1 your certificate may expire at some point in order to remediate that you need to follow the steps described below, start by downloading and opening new installer bundle (we are not doing new bundle installation):
curl -O https://download.uipath.com/aifabric/online-installer/v2020.10.2/aifabric-installer-v20.10.2.tar.gz
tar -xvf aifabric-installer-v20.10.2.tar.gz
cd ./aifabric-installer-v20.10.2/infra/azure/aks-arm
curl -O https://download.uipath.com/aifabric/online-installer/v2020.10.2/aifabric-installer-v20.10.2.tar.gz
tar -xvf aifabric-installer-v20.10.2.tar.gz
cd ./aifabric-installer-v20.10.2/infra/azure/aks-arm
Then create script file update_cert.sh like this
USER_EMAIL=<enter certificate owner email here>
sed -i "s/email.address@org.com/$USER_EMAIL/g" cert-manager-crd/letsencrypt-clusterissuer.yaml
INGRESS_HOST=$(kubectl -n istio-system get svc istio-ingressgateway -o json | jq -r ".status.loadBalancer.ingress[0].ip")
IP_NAME="$(az network public-ip list --query "[?ipAddress=='$INGRESS_HOST']|[0].name" | sed 's/"//g')"
INGRESS_DOMAIN="$(az network public-ip list --query "[?ipAddress=='$INGRESS_HOST']|[0].dnsSettings.fqdn" | sed 's/"//g')"
sed "s/{{INGRESS_DOMAIN}}/${INGRESS_DOMAIN}/g" cert-manager-crd/letsencrypt-istiocert.yaml > cert-manager-crd/letsencrypt-istiocert-temp.yaml
kubectl apply -f cert-manager-crd/letsencrypt-clusterissuer.yaml
kubectl apply -f cert-manager-crd/letsencrypt-istiocert-temp.yaml
kubectl -n istio-system \)\)
patch gateway istio-autogenerated-k8s-ingress --type=json \)\)
-p='[{"op": "replace", "path": "/spec/servers/1/tls", "value": {"credentialName": "aifabric-ingressgateway-certs", "mode": "SIMPLE", "privateKey": "sds", "serverCertificate": "sds"}}]'
kubectl -n istio-system rollout restart deployment istio-ingressgateway
USER_EMAIL=<enter certificate owner email here>
sed -i "s/email.address@org.com/$USER_EMAIL/g" cert-manager-crd/letsencrypt-clusterissuer.yaml
INGRESS_HOST=$(kubectl -n istio-system get svc istio-ingressgateway -o json | jq -r ".status.loadBalancer.ingress[0].ip")
IP_NAME="$(az network public-ip list --query "[?ipAddress=='$INGRESS_HOST']|[0].name" | sed 's/"//g')"
INGRESS_DOMAIN="$(az network public-ip list --query "[?ipAddress=='$INGRESS_HOST']|[0].dnsSettings.fqdn" | sed 's/"//g')"
sed "s/{{INGRESS_DOMAIN}}/${INGRESS_DOMAIN}/g" cert-manager-crd/letsencrypt-istiocert.yaml > cert-manager-crd/letsencrypt-istiocert-temp.yaml
kubectl apply -f cert-manager-crd/letsencrypt-clusterissuer.yaml
kubectl apply -f cert-manager-crd/letsencrypt-istiocert-temp.yaml
kubectl -n istio-system \)\)
patch gateway istio-autogenerated-k8s-ingress --type=json \)\)
-p='[{"op": "replace", "path": "/spec/servers/1/tls", "value": {"credentialName": "aifabric-ingressgateway-certs", "mode": "SIMPLE", "privateKey": "sds", "serverCertificate": "sds"}}]'
kubectl -n istio-system rollout restart deployment istio-ingressgateway
then just execute this script:
./update_cert.sh
./update_cert.sh