1. Cloud Native Core Console Installation Guide
  2. CNC Console IAM Installation Instructions
  3. CNCC IAM Secret Configuration to Enable HTTPS

CNCC IAM Secret Configuration to Enable HTTPS

This section describes how to create secret configuration for enabling HTTPS. This section must be executed before enabling HTTPS in CNCC Core Ingress gateway.

Note:

The passwords for TrustStore and KeyStore are stored in respective password files.

To create kubernetes secret for HTTPS, following files are required:

  • ECDSA private key and CA signed certificate of CNCC (if initialAlgorithm is ES256)
  • RSA private key and CA signed certificate of CNCC (if initialAlgorithm is RSA256)
  • TrustStore password file
  • KeyStore password file
  • CA certificate

This section explains how to create the secrets for enabling HTTPS after required certificates and password files are generated:

  1. Create a secret by executing the following command:
    $ kubectl create secret generic <secret-name> --fromfile=<ssl_ecdsa_private_key.pem>
      --from-file=<rsa_private_key_pkcs1.pem> --fromfile=<ssl_truststore.txt>
      --from-file=<ssl_keystore.txt> --from-file=<caroot.cer> --fromfile=<ssl_rsa_certificate.crt>
      --from-file=<ssl_ecdsa_certificate.crt> -n <Namespace of CNCC IAM Ingress Gateway
    secret>

    Example:

    $ kubectl create secret generic cncc-iam-ingress-secret
      --fromfile=ssl_ecdsa_private_key.pem  --from-file=rsa_private_key_pkcs1.pem
      --fromfile=ssl_truststore.txt --from-file=ssl_keystore.txt --from-file=caroot.cer
      --fromfile=ssl_rsa_certificate.crt --from-file=ssl_ecdsa_certificate.crt -n
    cncc
  2. On successfully executing the above command, the following message will be displayed:

    secret/cncc-iam-ingress-secret created

  3. Execute the following command to verify the secret creation: :
    $ kubectl describe secret cncc-iam-ingress-secret -n cncc

This section explains how to update the secrets for enabling HTTPS, if they already exist:

  1. Create a secret by executing the following command:
    $ kubectl create secret generic <secret-name> --fromfile=<ssl_ecdsa_private_key.pem>
      --from-file=<rsa_private_key_pkcs1.pem> --fromfile=<ssl_truststore.txt>
      --from-file=<ssl_keystore.txt> --from-file=<caroot.cer> --fromfile=<ssl_rsa_certificate.crt>
      --from-file=<ssl_ecdsa_certificate.crt> --dry-run -o yaml -n <Namespace of CNCC IAM Ingress
      Gateway secret> | kubectl replace -f - -n <Namespace of CNCC IAM Ingress Gateway
    secret>

    Example:

    $ kubectl create secret generic cncc-iam-ingress-secret
      --fromfile=ssl_ecdsa_private_key.pem  --from-file=rsa_private_key_pkcs1.pem
      --fromfile=ssl_truststore.txt --from-file=ssl_keystore.txt --from-file=caroot.cer
      --fromfile=ssl_rsa_certificate.crt --from-file=ssl_ecdsa_certificate.crt --dry-run -o yaml -n
      cncc | kubectl replace -f - -n cncc
  2. On successfully executing the above command, the following message will be displayed:

    secret/cncc-iam-ingress-secret replaced