Reconfiguring Kasten K10 to Use a New Certificate for Dashboard Accessibility

Kasten Dashboard becomes inaccessible due to an expired certificate, resulting in an HTTP ERROR 401, indicating a lack of valid authentication credentials for the requested resource.


Encountering an HTTP ERROR 401 indicates that the request lacks the necessary authentication credentials to access the resource. Debug logs reveal an SSL verification failure with the following error message: "x509: certificate signed by unknown authority." This error strongly suggests a failure in the OIDC configuration.
Use K10 tools to debug the authentication issue: 

./k10tools debug auth 

Resolution Steps: 

To resolve the issue, follow these steps:

1. Create a ConfigMap that contains the new certificate file.

kubectl --namespace kasten-io create configmap custom-ca-bundle-store --from-file=custom-ca-bundle.pem -o yaml --dry-run=client > custom-ca-bundle-store.yaml 


2. Patch the existing ConfigMap with the new certificate information.

kubectl patch configmap custom-ca-bundle-store --namespace kasten-io --patch-file custom-ca-bundle-store.yaml 


3. Restart the deployment in the 'kasten-io' namespace to apply the changes.

kubectl rollout restart deployment -n kasten-io 


By completing these steps, you will ensure that the changes take effect and allow you to access the Kasten Dashboard with the updated certificate.