3.5.2 Setting up CA Certificates

This section shows you how to use your own certificates, signed by a trusted CA, without using a secrets manager such as Vault. To use your own certificates, copy them to all Kubernetes nodes, and to the Platform API Server node.

To make sure the Platform Agent on each Kubernetes node, and the Platform API Server have access to certificates, make sure you copy them into the /etc/olcne/certificates/ directory on each node. The path to the certificates is used when setting up the Platform Agent and Platform API Server, and when creating an environment.

The examples in this book use the /etc/olcne/configs/certificates/production/ directory for certificates. For example:

  • CA Certificate: /etc/olcne/configs/certificates/production/ca.cert

  • Node Key: /etc/olcne/configs/certificates/production/node.key

  • Node Certificate: /etc/olcne/configs/certificates/production/node.cert