• In Automic Workload Automation, the AAKE install operator overwrites the custom certificate secret (awi-cert).

• This issue is triggered during the installation pipeline run.

• Users have reported that this behavior was not present in earlier releases, such as version 21.0.15.

• Product: Automic Automation Kubernetes Edition

• Version: 24.x (specifically noted in 24.4.3)

• Component: Kubernetes / Container-Based Systems Installation

   

• During installation, the pipeline checks if the awi-cert already exists.

• It recreates the certificate if the custom certificate does not include the required Message Queue (MQ) names.

• Within the cluster, connections do not always point directly to the main AWI.

• Depending on the active MQ set for Zero Downtime Upgrades (ZDU) or non-ZDU setups, connections point to specific versions, such as awi-0.

   

To prevent the install operator from overwriting the certificate secret, you must ensure that your custom certificates accommodate the internal cluster routing.

• Certificates must be generated not only for the AWI host but also for the awi-0, awi-1, and awi-2 hosts.

• These additional hosts must be included as Subject Alternative Names (SANs).

• Any of the following formats are acceptable for the SAN configuration:

rfc822Name 
dNSName 
uniformResourceIdentifier 

Alternative Configuration Note: * The awi-cert is owned by the install operator and should generally remain unchanged.

• To apply custom certificates, you should modify the custom ingress secret instead, which is referenced as tls-secret in the AAKE environment.