Advanced
Published 08 December 2022
Contents
Security
Change the original shared password
Upon initial installation, the Admin Console is secured with a single shared password for all users.
You can change the password to the one of your choice, by running the below command in host machine:
kubectl kots reset-password --namespace default
Upload/Reset TLS Certificate
Considering that Admin Console Configuration page may store your sensitive business information (i.e. SMB file-share access details), you can choose to secure Admin Console with the TLS certificate.
The instructions below also applies if you have previously had Admin Console secured with TLS, but the certificate expired and needs renewing.
Warning
Adding the acceptAnonymousUploads
annotation temporarily creates a vulnerability for an attacker to maliciously upload TLS certificates. After TLS certificates have been uploaded, the vulnerability is closed again.
We recommend that you complete this upload process quickly to minimize the vulnerability risk.
To reset the TLS certificate, run:
kubectl annotate secret kotsadm-tls acceptAnonymousUploads=1 -n default --overwrite kubectl delete pods $(kubectl get pods -A | grep kurl-proxy | awk '{print $2}')
After executing the above commands, please locate to http://<ip>:8800/tls
, where <ip>
is the IPv4 address of your Virtual Machine. This should open the TLS set-up page (see picture below), where you can upload your new TLS certificates.