Extract the Ingress CA or Server Certificate
- Determine the provider of the server certificate:Log into the cluster node and examine
/var/appd/globals.yaml.gotmpl. If the value ofingress.defaultCertis true, this indicates that the On-Premises Virtual Appliance provided the CA and a server certificate. Otherwise, you provided a custom TLS certificate.Note: The upgrade process setsingress.defaultCertto false. - If the On-Premises Virtual Appliance provided the CA certificate, run this command to extract a copy of it:
kubectl get secret ingress-cert-secret -n ingress-master -o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt - If you provided a custom TLS certificate, run this command to extract a copy of it:
kubectl get secret custom-ingress-secret -n ingress-master -o jsonpath="{.data.tls\.crt}" | base64 --decode > certificate.crt