Configure Certificates in Keycloak
This topic provides guidance on configuring a self-signed certificate (with TLS) for Keycloak, which serves as the internal authorization provider component for Portworx Backup. This configuration is essential for enabling secure communication between Keycloak and external authorization providers.
To configure a self-signed certificate for Keycloak:
-
Create a secret in the
px-backupnamespace with the external OIDC (for example, LDAP) certificate, assuming the filename-of-the-certificate.pemcontains the certificate:kubectl create secret generic cert-file --from-file=<name-of-the-certificate.pem> -n <pxb-namespace> -
Set the following parameter with the Helm install or upgrade command:
--set caCertsSecretName=cert-fileIf you have added this parameter manually, delete the CronJob and then restart the Portworx Backup Pod by executing the following commands:
kubectl -n <pxb-namespace> get cronjob | grep ^full-main | awk '{print $1}' | xargs kubectl -n <pxb-namespace> delete cronjob
kubectl -n <pxb-namespace> get cronjob | grep ^quick-main | awk '{print $1}' | xargs kubectl -n <pxb-namespace> delete cronjob
kubectl delete pods -n <pxb-namespace> <pxb-pod-name>Example:
kubectl -n px-backup get cronjob | grep ^full-main | awk '{print $1}' | xargs kubectl -n px-backup delete cronjob
kubectl -n px-backup get cronjob | grep ^quick-main | awk '{print $1}' | xargs kubectl -n px-backup delete cronjob
kubectl delete pods -n px-backup px-backup-f56cdcbd9-rvb65Here,
px-backupis the Namespace where you have deployed Portworx Backup.For detailed instructions on install and upgrade of Portworx Backup, see Install Portworx Backup and Upgrade Portworx Backup.