...
| Code Block | ||
|---|---|---|
| ||
kubectl apply -f example-issuer.yaml |
Load Balancer SSL Certificate
With ClusterIssuer setup properly, we can proceed to generate SSL Certificate and import into OCI Certificate Service.
To generate certificate, create a yaml file named certificate.yaml with the following contents:
| Code Block |
|---|
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: lb-cert
spec:
commonName: <cluster_dns_zone_name listed in the terraform output>
dnsNames:
- <cluster_dns_zone_name listed in the terraform output>
- desktop-online.<cluster_dns_zone_name listed in the terraform output>
- platform.<cluster_dns_zone_name listed in the terraform output>
- ingress.<cluster_dns_zone_name listed in the terraform output>
- grafana.<cluster_dns_zone_name listed in the terraform output>
issuerRef:
kind: ClusterIssuer
name: example-issuer
secretName: lb-cert |
execute the yaml file,
| Code Block |
|---|
kubectl apply -f certificate.yaml -n uepe |
Wait for a while and confirm certificate has been generated successfully.
| Code Block |
|---|
kubectl get certificate -n uepe |
The output shows the certificate named lbcert’s status is ready
| Code Block |
|---|
NAME READY SECRET AGE
lb-cert True lb-cert 46h |
Extract the server certificate and CA certificate from secret lbcert
| Code Block |
|---|
kubectl get secrets lb-cert -n uepe -o yaml | yq '.data' | grep "tls.crt" | awk -F : '{print $2}'| tr -d " "|base64 -d > tls.crt |
Extract the private key from secret lbcert
| Code Block |
|---|
kubectl get secrets lb-cert -n uepe -o yaml | yq '.data' | grep "tls.key" | awk -F : '{print $2}'| tr -d " "|base64 -d > tls.key |
Install Helm Chart
Although the number of helm value combinations to set is virtually endless, some values should more or less always be set.
...