The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

3.6.2 Setting up CA Certificates

If you are using your own certificates, you should copy them to a directory under /etc/olcne/certificates/ on the operator node. For example:

  • CA Certificate: /etc/olcne/configs/certificates/restrict_external_ip/production/ca.cert

  • Node Key: /etc/olcne/configs/certificates/restrict_external_ip/production/node.key

  • Node Certificate: /etc/olcne/configs/certificates/restrict_external_ip/production/node.cert

You should copy these certificates to a different location on the operator node than the certificates and keys used for the Kubernetes nodes as set up in Section 3.5, “Setting up X.509 Certificates”. This makes sure you do not overwrite those certificates and keys. You need to generate certificates for two nodes, named:

externalip-validation-webhook-service.externalip-validation-system.svc

externalip-validation-webhook-service.externalip-validation-system.svc.cluster.local

The certificates for these two nodes should be saved as a single file as node.cert.

Make sure the permissions of the output directory where the certificates are located can be read by the user on the operator node that you intend to use use to run the olcnectl commands to install Kubernetes. In this example the opc user is to be used on the operator node, so ownership of the directory is set to the opc user:

sudo chown -R opc:opc /etc/olcne/configs/certificates/restrict_external_ip/