3.6.2 Starting the Services Using Certificates

This section shows you how to set up the Platform API Server and Platform Agent services to use your own certificates, which have been copied to each node. This example assumes the certificates are available on all nodes in the /etc/olcne/configs/certificates/production/ directory.

To set up and start the services using certificates:

  1. On the operator node, use the /etc/olcne/bootstrap-olcne.sh script to configure the Platform API Server to use the certificates. Use the bootstrap-olcne.sh --help command for a list of options for this script. For example:

    $ sudo /etc/olcne/bootstrap-olcne.sh \
        --secret-manager-type file \
        --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
        --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
        --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
        --olcne-component api-server

    The Platform API Server is configured to use the certificates, and started.

  2. On each Kubernetes node, use the /etc/olcne/bootstrap-olcne.sh script to configure the Platform Agent to use the certificates. For example:

    $ sudo /etc/olcne/bootstrap-olcne.sh \
        --secret-manager-type file \
        --olcne-node-cert-path /etc/olcne/configs/certificates/production/node.cert \
        --olcne-ca-path /etc/olcne/configs/certificates/production/ca.cert \
        --olcne-node-key-path /etc/olcne/configs/certificates/production/node.key \
        --olcne-component agent

    The Platform Agent is configured to use the certificates, and started.