Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Bridge Suite2017.08

Administer > Administer the Container Deployment Foundation > Security > Network and communication

Network and communication

This section provides information on network and communication security.

Secure topology

The CDF is designed to be part of a secure architecture, and can meet the challenge of dealing with the security threats to which it could potentially be exposed.

To securely deploy the CDF, HPE recommends to use the TLS/SSL communication protocol.

Replace the ingress service certificate with a custom certificate

To replace the certificate and private key of Ingress Service with a custom certificate and private key, follow the steps below:

Generate a certificate and private key for the host on which the Ingress Service is running on. Put it somewhere on the master node.
on the master node, delete a secret with the following command:

kubectl delete secret nginx-default-secret -n core

on the master node, recreate the secret with a new certificate and private key:

Note: You must keep the format of the following commands as it is, especially the indented spaces.

echo "

apiVersion: v1

kind: Secret

metadata:

  name: nginx-default-secret

  namespace: core

data:

  tls.crt: `base64 <your custom certificate file directory> |tr -d \"\n\"`

  tls.key: `base64 <your custom private key file directory> |tr -d \"\n\"`

" | kubectl create -f -

on the master node, delete and recreate the ingress service:

kubectl delete -f ${K8S_HOME}/objectdefs/nginx-ingress.yaml

kubectl create -f ${K8S_HOME}/objectdefs/nginx-ingress.yaml

Renew the client.crt, client.key, server.crt and server.key

Follow the steps below to replace the client.crt, client.key, server.crt, and server.key with custom certificates.

Generate new server certificates or client certificates with the following commands:

cd ${K8S_HOME}/scripts

./renewCert.sh

Restart the kubelete service with the following commands:

cd ${K8S_HOME}/bin

./ kube-restart.sh

Delete three default tokens in the core, default, and suite namespaces with the following commands:

kubectl get secrets --all-namespaces

kubectl get delete secret xxxx -n default-token-xxxx

Recreate the yaml files with the following commands:

cd ${K8S_HOME}/objectives

kubectl delete -f kube-vault.yaml

kubectl delete -f mng-portal.yaml

kubectl delete -f nginx-ingress.yaml

kubectl create -f kube-vault.yaml

kubectl create -f mng-portal.yaml

kubectl create -f nginx-ingress.yaml

kubectl delete -f ingress yaml
Recreate the suite ingress yaml with the following commands:

cd /var/vols/itom/core/suite-install/{suite_ingress _yaml_directory}/objectives

kubectl delete -f xxxx-nginx-ingress.yaml

kubectl create -f xxxx-nginx-ingress.yaml

FAQ

Question

Do I have to add exceptions to the firewall?

Answer

Browsers access HPE CDF via the HTTPS ports (TCP/5443). End users need to add it to the firewall exception policy.

Send Help Center feedback