After kURL install has completed, you'll be prompted to set up the KOTS Admin Console by directing your browser to
http://<ip>:8800. Only after initial install you'll be presented a warning page:
The next page allows you to configure your TLS certificates:
To continue with the preinstalled self-signed TLS certificates, click "skip & continue". Otherwise upload your signed TLS certificates as describe on this page. The hostname is an optional field, and when its specified, its used to redirect your browser to the specified host.
Once you complete this process then you'll no longer be presented this page when logging into the KOTS Admin console. If you direct your browser to
http://<ip>:8800 you'll always be redirected to
kURL will set up a Kubernetes secret called
kotsadm-tls. The secret stores the TLS certificate, key, and hostname. Initially the secret will have an annotation set called
acceptAnonymousUploads. This indicates that a new TLS certificate can be uploaded as described above.
If you've already gone through the setup process once, and you want to upload new TLS certificates, you must run this command to re-add the ability to upload new TLS certificates:
kubectl -n default annotate secret kotsadm-tls acceptAnonymousUploads=1
Warning: adding this annotation opens the door for anyone to upload TLS certificates.
Then direct your browser to
http://<ip>:8800 and run through the upload process as described above. Its best to complete this process as soon as possible to avoid anyone uploading a TLS cert.