Prepare AxoRouter hosts

When using AxoRouter with an on-premises Axoflow Console deployment, you have to complete the following steps on the hosts you want to deploy AxoRouter on. These steps are specific to on-premises Axoflow Console deployments, and are not needed when using the SaaS Axoflow Console.

1. If the domain name of Axoflow Console cannot be resolved from the AxoRouter host, add it to the /etc/hosts file of the AxoRouter host in the following format. Use and IP address of Axoflow Console that can be accessed from the AxoRouter host.

   <AXOFLOW-CONSOLE-IP-ADDRESS> <AXOFLOW-CONSOLE-BASE-URL> kcp.<AXOFLOW-CONSOLE-BASE-URL> telemetry.<AXOFLOW-CONSOLE-BASE-URL> idp.<AXOFLOW-CONSOLE-BASE-URL> authenticate.<AXOFLOW-CONSOLE-BASE-URL>
   

2. Import Axoflow Console certificates to AxoRouter hosts.

   1. On the Axoflow Console host: Run the following command to extract the Axoflow Console CA certificate. The AxoRouter host will need this certificate to download the installation binaries.

      kubectl get secret -n axoflow pomerium-certificates -o=jsonpath='{.data.ca\.crt}'|base64 -d > axoflow-ca.crt
      

      Copy this file to the AxoRouter hosts.

   2. On the AxoRouter hosts: Copy the certificate file extracted from the Axoflow Console host.

      • On Red Hat: Copy the files into the /etc/pki/ca-trust/source/anchors/ folder, then run sudo update-ca-trust extract. (If needed, install the ca-certificates package.)
      • On Ubuntu: Copy the files into the /usr/local/share/ca-certificates/ folder, then run sudo update-ca-certificates

3. curl -I https://<your-host.your-domain> should give you a valid HTTP/2 302 response

4. Now you can deploy AxoRouter on the host.