Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
How to Generate the Key Store File for Kubernetes Discovery Credential
This task contains the following steps:
-
Enable the TLS verification in Kubernetes
-
Generate a server.crt and a server.key by running the following command in the shell terminal of the Kubernetes master node:
-
Generate a ca.key with 2048-bit.
openssl genrsa -out ca.key 2048
-
According to the ca.key, generate a ca.crt (use
-days
to set the certificate effective time).openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt
-
Generate a server.key with 2048-bit.
openssl genrsa -out server.key 2048
-
Generate the certificate server.csr signing request.
openssl req -new -key server.key -subj "/CN=${MASTER_IP}" -out server.csr
-
Generate a server.crt by using the ca.key, ca.crt, and server.csr.
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 5000
-
-
Add the server.crt and server.key files that you generated to the kube-apiserver service by using the following strings: --client-ca-file, --tls-private-key-file, and --tls-cert-file. For details, see kube-apiserver.
-
-
Convert the cert and key to the Key Store file used by UCMDB
-
Generate the key in PKCS12 format.
-
Enter the following command in the shell terminal of the Kubernetes master node:
openssl pkcs12 -export -in <your cert> -inkey <your key> -out <pkcs12 formated key>
For example,
openssl pkcs12 -export -in server.crt -inkey server.key -out mycert.pk12
- server.crt is the cert that you retrieved from Step 1 to access Kubernetes.
- server.key is the key that you retrieved from Step 1 to access Kubernetes.
- mycert.pk12 is the PKCS12 file that you want to generate.
-
The command will prompt you as follows:
Enter Export Password:
(Type the Key Password that you want .This is the Key Password to be configured in UCMDB HTTP protocol.)Verifying - Enter Export Password:
(Confirm the above one) -
Note down the PKCS12 file that is generated and the Key Password to be configured in UCMDB HTTP protocol.
-
-
Convert the key into JKS format using keytool (from Java JDK).
-
Enter the following command in the shell terminal of the Kubernetes master node:
keytool -importkeystore -destkeystore <Java keystore file> -srcstoretype PKCS12 -srckeystore <pkcs12 formated key>
For example,
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore mycert.pk12
- The keystore.jks file is the Key Store file to be used in UCMDB HTTP protocol.
- mycert.pk12 is the PKCS12 file that is generated in Step a.
-
The command will prompt you as follows:
Enter destination keystore password:
(Type the Key Store Password that you want. This is the Key Store Password to be configured in UCMDB HTTP protocol.)Re-enter new password:
(Confirm the above one)Enter source keystore password:
(Type the Key Password that is entered in Step a) - Copy the Key Store file that is generated to Data Flow Probe machine.
-
Note down the full path of the Key Store file and the Key Store Password to be configured in UCMDB HTTP protocol.
-
-
Related information:
https://kubernetes.io/docs/concepts/cluster-administration/certificates/#openssl
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: