Versions Compared

Old Version 8

changes.mady.by.user Kam Heng Choy

Saved on

compared with

New Version 9

changes.mady.by.user Kam Heng Choy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

With ClusterIssuer setup properly, we can proceed to generate SSL Certificate and import into OCI Certificate Certificates Service.

To generate certificate, create a yaml file named certificate.yaml with the following contents:

Code Block
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: lb-cert
spec:
  commonName: <cluster_dns_zone_name listed in the terraform output>
  dnsNames:
    - <cluster_dns_zone_name listed in the terraform output>
    - desktop-online.<cluster_dns_zone_name listed in the terraform output>
    - platform.<cluster_dns_zone_name listed in the terraform output>
    - ingress.<cluster_dns_zone_name listed in the terraform output>
    - grafana.<cluster_dns_zone_name listed in the terraform output>
  issuerRef:
    kind: ClusterIssuer
    name: example-issuer
  secretName: lb-cert

...

  1. Execute the yaml file

...

Code Block
kubectl apply -f certificate.yaml -n uepe

  1. Wait for a while and confirm certificate has been generated successfully.

Code Block
kubectl get certificate -n uepe

  1. The output shows the certificate named lbcert’s status is ready

Code Block
NAME                                                 READY   SECRET                              AGE
lb-cert                                              True    lb-cert                             46h

  1. Extract the server certificate and CA certificate from secret lbcert

Code Block
kubectl get secrets lb-cert -n uepe -o yaml | yq '.data' | grep "tls.crt" | awk -F : '{print $2}'| tr -d " "|base64 -d > tls.crt

...

  1. Separate server certificate and CA certificate into two files

Code Block
kubectlcsplit get secrets lb-cert -n uepe -o yaml | yq '.data'tls.crt '/^-----BEGIN CERTIFICATE-----$/'

  1. Rename first generated file as server certificate file

Code Block
mv xx00 tls.crt

  1. Rename second generated file as CA certificate file

Code Block
mv xx01 ca.crt

  1. Extract the private key from secret lbcert

Code Block
kubectl get secrets lb-cert -n uepe -o yaml | yq '.data' | grep "tls.key" | awk -F : '{print $2}'| tr -d " "|base64 -d > tls.key

By now, server certificate, CA certificate and private key are stored in tls.crt, ca.crt and tls.key respectively. Next step is to import into OCI Certificates Service.

Import into OCI Certificates Service

Go to OCI console management, search for Certificates service. On the Certificates service page, click Create Certificate and follow these steps

  1. Select Certificate Type Imported and give it a unique name

  2. Click Next and come to Certificate Configuration page.

  3. Upload tls.crt, ca.crt and tls.key to the Certificate Configuration

OCI Certificates Configuration

file to upload

Certificate

tls.crt

Certificate Chain

ca.crt

Private Key

tls.key

  1. Click Next and proceed to Create Certificate

  2. Wait for the certificate to be created. Copy the certificate’s ocid and set it to oci.certificates.id

Install Helm Chart

Although the number of helm value combinations to set is virtually endless, some values should more or less always be set.

...