Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Universal DiscoveryContent Pack 28.00 (CP28)

Use > Discovery Modules > Cloud and Virtualization > Virtualization > Kubernetes Discovery > How to Generate the Key Store File for Kubernetes Discovery Credential

How to Generate the Key Store File for Kubernetes Discovery Credential

This task contains the following steps:

Enable the TLS verification in Kubernetes
1. Generate a server.crt and a server.key by running the following command in the shell terminal of the Kubernetes master node:
  1. Generate a ca.key with 2048-bit.
    
    openssl genrsa -out ca.key 2048
  2. According to the ca.key, generate a ca.crt (use -days to set the certificate effective time).
    
    openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt
  3. Generate a server.key with 2048-bit.
    
    openssl genrsa -out server.key 2048
  4. Generate the certificate server.csr signing request.
    
    openssl req -new -key server.key -subj "/CN=${MASTER_IP}" -out server.csr
  5. Generate a server.crt by using the ca.key, ca.crt, and server.csr.
    
    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 5000
2. Add the server.crt and server.key files that you generated to the kube-apiserver service by using the following strings: --client-ca-file, --tls-private-key-file, and --tls-cert-file. For details, see kube-apiserver.
Convert the cert and key to the Key Store file used by UCMDB
1. Generate the key in PKCS12 format.
  1. Enter the following command in the shell terminal of the Kubernetes master node:
    
    openssl pkcs12 -export -in <your cert> -inkey <your key> -out <pkcs12 formated key>
    
    For example,
    
    openssl pkcs12 -export -in server.crt -inkey server.key -out mycert.pk12
    
    server.crt is the cert that you retrieved from Step 1 to access Kubernetes.
    
    server.key is the key that you retrieved from Step 1 to access Kubernetes.
    
    mycert.pk12 is the PKCS12 file that you want to generate.
  2. The command will prompt you as follows:
    
    Enter Export Password: (Type the Key Password that you want .This is the Key Password to be configured in UCMDB HTTP protocol.)
    Verifying - Enter Export Password: (Confirm the above one)
  3. Note down the PKCS12 file that is generated and the Key Password to be configured in UCMDB HTTP protocol.
2. Convert the key into JKS format using keytool (from Java JDK).
  1. Enter the following command in the shell terminal of the Kubernetes master node:
    
    keytool -importkeystore -destkeystore <Java keystore file> -srcstoretype PKCS12 -srckeystore <pkcs12 formated key>
    
    For example,
    
    keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore mycert.pk12
    
    The keystore.jks file is the Key Store file to be used in UCMDB HTTP protocol.
    
    mycert.pk12 is the PKCS12 file that is generated in Step a.
  2. The command will prompt you as follows:
    
    Enter destination keystore password: (Type the Key Store Password that you want. This is the Key Store Password to be configured in UCMDB HTTP protocol.)
    Re-enter new password: (Confirm the above one)
    Enter source keystore password: (Type the Key Password that is entered in Step a)
  3. Copy the Key Store file that is generated to Data Flow Probe machine.
  4. Note down the full path of the Key Store file and the Key Store Password to be configured in UCMDB HTTP protocol.

Related information:

https://kubernetes.io/docs/concepts/cluster-administration/certificates/#openssl

Send Help Center feedback