The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
If you are using your own certificates, you should copy them to
a directory under /etc/olcne/certificates/
on the operator node. For example:
CA Certificate:
/etc/olcne/configs/certificates/restrict_external_ip/production/ca.certNode Key:
/etc/olcne/configs/certificates/restrict_external_ip/production/node.keyNode Certificate:
/etc/olcne/configs/certificates/restrict_external_ip/production/node.cert
You should copy these certificates to a different location on the operator node than the certificates and keys used for the Kubernetes nodes as set up in Section 3.5, “Setting up X.509 Certificates”. This makes sure you do not overwrite those certificates and keys. You need to generate certificates for two nodes, named:
externalip-validation-webhook-service.externalip-validation-system.svc
externalip-validation-webhook-service.externalip-validation-system.svc.cluster.local
The certificates for these two nodes should be saved as a single
file as node.cert.
Make sure the permissions of the output directory where the
certificates are located can be read by the user on the operator
node that you intend to use use to run the
olcnectl commands to install Kubernetes. In
this example the opc user is to be used on
the operator node, so ownership of the directory is set to the
opc user:
sudo chown -R opc:opc /etc/olcne/configs/certificates/restrict_external_ip/