EJBCA-CE helm chart container startup behavior

[kuliktomas]

Hi,

I have recently moved from setup on docker to kubernetes using the EJBCA-CE helm chart. Most of the setup is as expected, however, when starting up the container on docker with docker compose with mysql and setting TLS_SETUP_ENABLED=true, the container generates in logs an enrollment code i could use to get the superadmin cert from the RA Web. So it generates the management CA.

However when doing the initial run on kubernetes with TLS_SETUP_ENABLED=true, I do not get this, just on the CA Web there is a guided way of generating the management CA. Is there a way to get the same behavior as on docker? I want to use the autogenerated management CA for initial bootstrapping and run the final application with TLS terminating within the application server not on an ingress controller.

Thank you!

[primetomas]

@svenska-primekey , any idea?

[svenska-primekey]

To get the management CA created at initial container deployment in kubernetes you need to set the values.yaml to use nodeport and not use nginx, apache, or ingress. Then after the container is up and Management CA is created do a helm upgrade and use a new values.yaml file that does use nginx or apache. There will be a new tutorial coming out that does something like this.