Upload new TLS certificate for the KOTS admin page

if you've already gone through the setup process once, and you want to upload new tls certificates, run this command to restore the ability to upload new tls certificates kubectl n default annotate secret kotsadm tls acceptanonymousuploads=1 adding this annotation will temporarily create a vulnerability for an attacker to maliciously upload tls certificates once tls certificates have been uploaded then the vulnerability is void after adding the annotation, you will need to restart the kurl proxy server the simplest way is to delete the kurl proxy pod (the pod will automatically get restarted) kubectl delete pods proxy server the following command will provide the name of the kurl proxy server kubectl get pods a | grep kurl proxy | awk '{print $2}' after the pod has been restarted, direct your browser to \<http //\<ip> 8800> and run through the upload process it's best to complete this process as soon as possible to avoid anyone from nefariously uploading tls certificates after this process has completed, the vulnerability will be closed, and uploading new tls certificates will be disallowed again please repeat the steps above in order to upload new tls certificates