TCA provide an option to renew the expired Harbor certs by using CNF K8s workflow.

Procedure

  1. Login to TCA-M, navigate to Inventory > Network Function and select Harbor CNF.
  2. Select Run Workflow and choose Renew harbor certificates workflow.
  3. Provide New Base64 encoded CERT_KEY and CERT.
  4. Provide the namespace where Harbor helm chart is deployed.
  5. Execute the Workflow to renew the cert and run the following command to validate that the new cert has been applied: 
    admin [ ~ ]$ kubectl get secret harbor-tls-secret -n harborcnf -o jsonpath='{.data.tls\.crt}'                 

LS0tLS1CRUdJTiBDRVJUSUZ==
...
    Note:

    • The New cert should have the same CN, SAN (if configured), and IP (if configured) as of old Cert.

    • If Cert or Harbor passwords are changed as part of day-1 activity, then user has to edit the harbor partner system and update the password and certs in TCA.