node-feature-discovery/v0.16/deployment/tls.html

<!DOCTYPE html> <html lang="en" dir="auto"> <head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5, user-scalable=no"> <meta name="description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta name="revised" content=""> <meta name="author" content="Kubernetes SIGs"> <meta name="generator" content="jekyll-rtd-theme v2.0.10"><meta name="theme-color" content="#2980b9"> <title>TLS authentication · Node Feature Discovery</title> <meta name="twitter:title" content="TLS authentication · Node Feature Discovery"> <meta name="twitter:description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@Kubernetes SIGs"> <meta name="twitter:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"> <meta name="twitter:creator" content="@jekyll-rtd-theme v2.0.10"> <meta property="og:title" content="TLS authentication · Node Feature Discovery"> <meta property="og:description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta property="og:locale" content="en"> <meta property="og:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"> <meta property="og:type" content="article"> <meta property="article:author" content="Kubernetes SIGs"> <meta property="article:published_time" content="2016-07-23T05:07:52+00:00"> <meta property="article:modified_time" content="2024-10-14T19:19:16+00:00"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html" }, "headline": "TLS authentication · Node Feature Discovery", "image": [], "author": { "@type": "Person", "name": "Kubernetes SIGs" }, "datePublished": "2016-07-23T05:07:52+00:00", "dateModified": "2024-10-14T19:19:16+00:00", "publisher": { "@type": "Organization", "name": "Kubernetes SIGs", "logo": { "@type": "ImageObject", "url": "https://avatars.githubusercontent.com/u/36015203?v=4" } }, "description": "Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..." } </script> <link rel="dns-prefetch" href="https://cdn.jsdelivr.net"><link rel="prev" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/operator.html"><link rel="next" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/uninstallation.html"><link rel="canonical" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"><link rel="icon" type="image/svg+xml" href="/node-feature-discovery/v0.16/assets/images/favicon.svg"><link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-96x96.png" sizes="96x96"><link rel="mask-icon" href="/node-feature-discovery/v0.16/assets/images/favicon.svg" color="#2980b9"><link rel="apple-touch-icon" href="/node-feature-discovery/v0.16/assets/images/apple-touch-icon-300x300.jpg"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/css/theme.min.css"><style>@media (min-width: 1280px){.content-wrap{max-width:1200px}}</style><script> window.ui = { title: "Node Feature Discovery", baseurl: "/node-feature-discovery/v0.16", i18n: { search_results: "Search Results", search_results_found: "Search finish
</code></pre>  </div></div> <p>Alternatively, you can refer to cert-manager documentation for other installation methods such as the Helm chart they provide.</p> <p>When using the Helm chart to deploy NFD, override <code class="language-plaintext highlighter-rouge notranslate">values.yaml</code> to enable both the <code class="language-plaintext highlighter-rouge notranslate">tls.enabled</code> and <code class="language-plaintext highlighter-rouge notranslate">tls.certManager</code> options. Note that if you do not enable <code class="language-plaintext highlighter-rouge notranslate">tls.certManager</code>, helm will successfully install the application, but deployment will wait until certificates are manually created, as demonstrated below.</p> <p>See the sample installation commands in the Helm <a href="/node-feature-discovery/v0.16/deployment/helm.html#deployment">Deployment</a> and <a href="/node-feature-discovery/v0.16/deployment/helm.html#configuration">Configuration</a> sections above for how to either override individual values, or provide a yaml file with which to override default values.</p> <h2 id="manual-tls-certificate-management">Manual TLS certificate management</h2> <p>If you do not with to make use of cert-manager, the certificates can be manually created and stored as secrets within the NFD namespace.</p> <p>Create a CA certificate</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-x509</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> ca.key <span class="nt">-nodes</span> <span class="se">\</span>
        <span class="nt">-subj</span> <span class="s2">"/CN=nfd-ca"</span> <span class="nt">-days</span> 10000 <span class="nt">-out</span> ca.crt
</code></pre>  </div></div> <p>Create a common openssl config file.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; nfd-common.conf
[ req ]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C = XX
ST = some-state
L = some-city
O = some-company
OU = node-feature-discovery

[ req_ext ]
subjectAltName = @alt_names

[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alt_names
</span><span class="no">EOF
</span></code></pre>  </div></div> <p>Now, create the nfd-master certificate.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; nfd-master.conf
.include nfd-common.conf

[ dn ]
CN = nfd-master

[ alt_names ]
DNS.1 = nfd-master
DNS.2 = nfd-master.node-feature-discovery.svc.cluster.local
DNS.3 = localhost
</span><span class="no">EOF

</span>openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-master.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-master.csr <span class="nt">-config</span> nfd-master.conf
</code></pre>  </div></div> <p>Create certificates for nfd-worker and nfd-topology-updater</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> &gt; nfd-worker.conf
.include nfd-common.conf

[ dn ]
CN = nfd-worker

[ alt_names ]
DNS.1 = nfd-worker
DNS.2 = nfd-worker.node-feature-discovery.svc.cluster.local
</span><span class="no">EOF

</span><span class="c"># Config for topology updater is identical except for the DN and alt_names</span>
<span class="nb">sed</span> <span class="nt">-e</span> <span class="s1">'s/worker/topology-updater/g'</span> &lt; nfd-worker.conf <span class="o">&gt;</span> nfd-topology-updater.conf

openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-worker.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-worker.csr <span class="nt">-config</span> nfd-worker.conf
openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-topology-updater.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-topology-updater.csr <span class="nt">-config</span> nfd-topology-updater.conf
</code></pre>  </div></div> <p>Now, sign the certificates with the CA created earlier.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="k">for </span>cert <span class="k">in </span>nfd-master nfd-worker nfd-topology-updater<span class="p">;</span> <span class="k">do
  </span><span class="nb">echo </span>signing <span class="nv">$cert</span>
  openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> <span class="nv">$cert</span>.csr <span class="nt">-CA</span> ca.crt <span class="nt">-CAkey</span> ca.key <span class="se">\</span>
    <span class="nt">-CAcreateserial</span> <span class="nt">-out</span> <span class="nv">$cert</span>.crt <span class="nt">-days</span> 10000 <span class="se">\</span>
    <span class="nt">-extensions</span> v3_ext <span class="nt">-extfile</span> <span class="nv">$cert</span>.conf
<span class="k">done</span>
</code></pre>  </div></div> <p>Finally, turn these certificates into secrets.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="k">for </span>cert <span class="k">in </span>nfd-master nfd-worker nfd-topology-updater<span class="p">;</span> <span class="k">do
  </span><span class="nb">echo </span>creating secret <span class="k">for</span> <span class="nv">$cert</span> <span class="k">in </span>node-feature-discovery namespace
  <span class="nb">cat</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> | kubectl create -n node-feature-discovery -f -
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: </span><span class="k">${</span><span class="nv">cert</span><span class="k">}</span><span class="sh">-cert
data:
  ca.crt: </span><span class="si">$(</span> <span class="nb">cat </span>ca.crt | <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">
  tls.crt: </span><span class="si">$(</span> <span class="nb">cat</span> <span class="nv">$cert</span>.crt | <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">
  tls.key: </span><span class="si">$(</span> <span class="nb">cat</span> <span class="nv">$cert</span>.key | <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">
</span><span class="no">EOF

</span><span class="k">done</span>
</code></pre>  </div></div> </div> </div> <div class="navigation-bottom d-flex flex-justify-between py-3" role="navigation" aria-label="footer navigation"> <div class="prev"><a href="/node-feature-discovery/v0.16/deployment/operator.html" class="btn" title="NFD Operator" accesskey="p" rel="prev"> <i class="fa fa-arrow-circle-left"></i> Previous </a></div> <div class="next"><a href="/node-feature-discovery/v0.16/deployment/uninstallation.html" class="btn" title="Uninstallation" accesskey="n" rel="next"> Next <i class="fa fa-arrow-circle-right"></i> </a></div> </div><hr> <div class="copyright text-center text-gray" role="contentinfo"> <i class="fa fa-copyright"></i> <span class="time">2016-2024,</span> <a class="text-gray" href="https://github.com/kubernetes-sigs" rel="noreferrer" target="_blank">Kubernetes SIGs</a> Revision <a class="text-gray" href="https://github.com/kubernetes-sigs/node-feature-discovery/commit/" title="" rel="noreferrer" target="_blank"></a> <br> <div class="generator"> Built with <a href="https://pages.github.com" rel="noreferrer" target="_blank" title="github-pages v228">GitHub Pages</a> using a <a href="https://github.com/rundocs/jekyll-rtd-theme" rel="noreferrer" target="_blank" title="jekyll-rtd-theme v2.0.10">theme</a> provided by <a href="https://rundocs.io" rel="noreferrer" target="_blank">RunDocs</a>. </div> </div> </div> </div> <div class="addons-wrap d-flex flex-column overflow-y-auto"> <div class="status d-flex flex-justify-between p-2"> <div class="title p-1"> <i class="fa fa-book"></i> Node Feature Discovery </div> <div class="branch p-1"> <span class="name"> v0.16 </span> <i class="fa fa-caret-down"></i> </div> </div> <div class="addons d-flex flex-column height-full p-2 d-none"> <dl id="versions"> <dt>Versions</dt> <script src="/node-feature-discovery/versions.js"></script> <script> var dt = document.getElementById('versions'); var items = getVersionListItems(); for (var i=0; i < items.length; i++) { var dd = document.createElement('dd'); var a = dd.appendChild(document.createElement('a')); a.appendChild(document.createTextNode(items[i].name)); a.href = items[i].url; dt.appendChild(dd); } </script> </dl> <dl> <dt>GitHub</dt> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery" title="Stars: 776"> <i class="fa fa-github"></i> Homepage </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/issues" title="Open issues: 48"> <i class="fa fa-question-circle-o"></i> Issues </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/zipball/gh-pages" title="Size: 105890 Kb"> <i class="fa fa-download"></i> Download </a> </dd> </dl> <hr> <div class="license f6 pb-2"> This <a href="/node-feature-discovery/v0.16/" title="Node Feature Discovery">Software</a> is under the terms of <a href="https://github.com/kubernetes-sigs/node-feature-discovery">Apache License 2.0</a>. </div> </div> </div> <script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/theme.min.js"></script> </body> </html>
Update documentation for v0.16 Auto-generated from v0.16.5-2-gcce709fb by 'update-gh-pages.sh' 2024-10-14 19:19:23 +00:00			<!DOCTYPE html> <html lang="en" dir="auto"> <head><meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=5, user-scalable=no"> <meta name="description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta name="revised" content=""> <meta name="author" content="Kubernetes SIGs"> <meta name="generator" content="jekyll-rtd-theme v2.0.10"><meta name="theme-color" content="#2980b9"> <title>TLS authentication · Node Feature Discovery</title> <meta name="twitter:title" content="TLS authentication · Node Feature Discovery"> <meta name="twitter:description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta name="twitter:card" content="summary"> <meta name="twitter:site" content="@Kubernetes SIGs"> <meta name="twitter:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"> <meta name="twitter:creator" content="@jekyll-rtd-theme v2.0.10"> <meta property="og:title" content="TLS authentication · Node Feature Discovery"> <meta property="og:description" content="Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..."> <meta property="og:locale" content="en"> <meta property="og:url" content="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"> <meta property="og:type" content="article"> <meta property="article:author" content="Kubernetes SIGs"> <meta property="article:published_time" content="2016-07-23T05:07:52+00:00"> <meta property="article:modified_time" content="2024-10-14T19:19:16+00:00"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Article", "mainEntityOfPage": { "@type": "WebPage", "@id": "https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html" }, "headline": "TLS authentication · Node Feature Discovery", "image": [], "author": { "@type": "Person", "name": "Kubernetes SIGs" }, "datePublished": "2016-07-23T05:07:52+00:00", "dateModified": "2024-10-14T19:19:16+00:00", "publisher": { "@type": "Organization", "name": "Kubernetes SIGs", "logo": { "@type": "ImageObject", "url": "https://avatars.githubusercontent.com/u/36015203?v=4" } }, "description": "Communication security with TLS Table of contents Automated TLS certificate management using cert-manager Manual TLS certificate management DEPRECA..." } </script> <link rel="dns-prefetch" href="https://cdn.jsdelivr.net"><link rel="prev" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/operator.html"><link rel="next" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/uninstallation.html"><link rel="canonical" href="https://kubernetes-sigs.github.com/node-feature-discovery/v0.16/deployment/tls.html"><link rel="icon" type="image/svg+xml" href="/node-feature-discovery/v0.16/assets/images/favicon.svg"><link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-32x32.png" sizes="32x32"> <link rel="icon" type="image/png" href="/node-feature-discovery/v0.16/assets/images/favicon-96x96.png" sizes="96x96"><link rel="mask-icon" href="/node-feature-discovery/v0.16/assets/images/favicon.svg" color="#2980b9"><link rel="apple-touch-icon" href="/node-feature-discovery/v0.16/assets/images/apple-touch-icon-300x300.jpg"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/css/theme.min.css"><style>@media (min-width: 1280px){.content-wrap{max-width:1200px}}</style><script> window.ui = { title: "Node Feature Discovery", baseurl: "/node-feature-discovery/v0.16", i18n: { search_results: "Search Results", search_results_found: "Search finish
Update documentation for v0.16 Auto-generated from v0.16.0-2-gad7ec5ab by 'update-gh-pages.sh' 2024-05-27 18:28:09 +00:00			</code></pre> </div></div> <p>Alternatively, you can refer to cert-manager documentation for other installation methods such as the Helm chart they provide.</p> <p>When using the Helm chart to deploy NFD, override <code class="language-plaintext highlighter-rouge notranslate">values.yaml</code> to enable both the <code class="language-plaintext highlighter-rouge notranslate">tls.enabled</code> and <code class="language-plaintext highlighter-rouge notranslate">tls.certManager</code> options. Note that if you do not enable <code class="language-plaintext highlighter-rouge notranslate">tls.certManager</code>, helm will successfully install the application, but deployment will wait until certificates are manually created, as demonstrated below.</p> <p>See the sample installation commands in the Helm <a href="/node-feature-discovery/v0.16/deployment/helm.html#deployment">Deployment</a> and <a href="/node-feature-discovery/v0.16/deployment/helm.html#configuration">Configuration</a> sections above for how to either override individual values, or provide a yaml file with which to override default values.</p> <h2 id="manual-tls-certificate-management">Manual TLS certificate management</h2> <p>If you do not with to make use of cert-manager, the certificates can be manually created and stored as secrets within the NFD namespace.</p> <p>Create a CA certificate</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-x509</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> ca.key <span class="nt">-nodes</span> <span class="se">\</span>
			`<span class="nt">-subj</span> <span class="s2">"/CN=nfd-ca"</span> <span class="nt">-days</span> 10000 <span class="nt">-out</span> ca.crt`
			`</code></pre> </div></div> <p>Create a common openssl config file.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o"><<</span><span class="no">EOF</span><span class="sh"> > nfd-common.conf`
			`[ req ]`
			`default_bits = 4096`
			`prompt = no`
			`default_md = sha256`
			`req_extensions = req_ext`
			`distinguished_name = dn`

			`[ dn ]`
			`C = XX`
			`ST = some-state`
			`L = some-city`
			`O = some-company`
			`OU = node-feature-discovery`

			`[ req_ext ]`
			`subjectAltName = @alt_names`

			`[ v3_ext ]`
			`authorityKeyIdentifier=keyid,issuer:always`
			`basicConstraints=CA:FALSE`
			`keyUsage=keyEncipherment,dataEncipherment`
			`extendedKeyUsage=serverAuth,clientAuth`
			`subjectAltName=@alt_names`
			`</span><span class="no">EOF`
			`</span></code></pre> </div></div> <p>Now, create the nfd-master certificate.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o"><<</span><span class="no">EOF</span><span class="sh"> > nfd-master.conf`
			`.include nfd-common.conf`

			`[ dn ]`
			`CN = nfd-master`

			`[ alt_names ]`
			`DNS.1 = nfd-master`
			`DNS.2 = nfd-master.node-feature-discovery.svc.cluster.local`
			`DNS.3 = localhost`
			`</span><span class="no">EOF`

			`</span>openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-master.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-master.csr <span class="nt">-config</span> nfd-master.conf`
			`</code></pre> </div></div> <p>Create certificates for nfd-worker and nfd-topology-updater</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="nb">cat</span> <span class="o"><<</span><span class="no">EOF</span><span class="sh"> > nfd-worker.conf`
			`.include nfd-common.conf`

			`[ dn ]`
			`CN = nfd-worker`

			`[ alt_names ]`
			`DNS.1 = nfd-worker`
			`DNS.2 = nfd-worker.node-feature-discovery.svc.cluster.local`
			`</span><span class="no">EOF`

			`</span><span class="c"># Config for topology updater is identical except for the DN and alt_names</span>`
			`<span class="nb">sed</span> <span class="nt">-e</span> <span class="s1">'s/worker/topology-updater/g'</span> < nfd-worker.conf <span class="o">></span> nfd-topology-updater.conf`

			`openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-worker.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-worker.csr <span class="nt">-config</span> nfd-worker.conf`
			`openssl req <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-keyout</span> nfd-topology-updater.key <span class="nt">-nodes</span> <span class="nt">-out</span> nfd-topology-updater.csr <span class="nt">-config</span> nfd-topology-updater.conf`
			`</code></pre> </div></div> <p>Now, sign the certificates with the CA created earlier.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="k">for </span>cert <span class="k">in </span>nfd-master nfd-worker nfd-topology-updater<span class="p">;</span> <span class="k">do`
			`</span><span class="nb">echo </span>signing <span class="nv">$cert</span>`
			`openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> <span class="nv">$cert</span>.csr <span class="nt">-CA</span> ca.crt <span class="nt">-CAkey</span> ca.key <span class="se">\</span>`
			`<span class="nt">-CAcreateserial</span> <span class="nt">-out</span> <span class="nv">$cert</span>.crt <span class="nt">-days</span> 10000 <span class="se">\</span>`
			`<span class="nt">-extensions</span> v3_ext <span class="nt">-extfile</span> <span class="nv">$cert</span>.conf`
			`<span class="k">done</span>`
			`</code></pre> </div></div> <p>Finally, turn these certificates into secrets.</p> <div class="language-bash highlighter-rouge notranslate"><div class="highlight"><pre class="highlight"><code><span class="k">for </span>cert <span class="k">in </span>nfd-master nfd-worker nfd-topology-updater<span class="p">;</span> <span class="k">do`
			`</span><span class="nb">echo </span>creating secret <span class="k">for</span> <span class="nv">$cert</span> <span class="k">in </span>node-feature-discovery namespace`
			`<span class="nb">cat</span> <span class="o"><<</span><span class="no">EOF</span><span class="sh"> \| kubectl create -n node-feature-discovery -f -`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`type: kubernetes.io/tls`
			`metadata:`
			`name: </span><span class="k">${</span><span class="nv">cert</span><span class="k">}</span><span class="sh">-cert`
			`data:`
			`ca.crt: </span><span class="si">$(</span> <span class="nb">cat </span>ca.crt \| <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">`
			`tls.crt: </span><span class="si">$(</span> <span class="nb">cat</span> <span class="nv">$cert</span>.crt \| <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">`
			`tls.key: </span><span class="si">$(</span> <span class="nb">cat</span> <span class="nv">$cert</span>.key \| <span class="nb">base64</span> <span class="nt">-w</span> 0 <span class="si">)</span><span class="sh">`
			`</span><span class="no">EOF`

			`</span><span class="k">done</span>`
Update documentation for v0.16 Auto-generated from v0.16.5-2-gcce709fb by 'update-gh-pages.sh' 2024-10-14 19:19:23 +00:00			</code></pre> </div></div> </div> </div> <div class="navigation-bottom d-flex flex-justify-between py-3" role="navigation" aria-label="footer navigation"> <div class="prev"><a href="/node-feature-discovery/v0.16/deployment/operator.html" class="btn" title="NFD Operator" accesskey="p" rel="prev"> <i class="fa fa-arrow-circle-left"></i> Previous </a></div> <div class="next"><a href="/node-feature-discovery/v0.16/deployment/uninstallation.html" class="btn" title="Uninstallation" accesskey="n" rel="next"> Next <i class="fa fa-arrow-circle-right"></i> </a></div> </div><hr> <div class="copyright text-center text-gray" role="contentinfo"> <i class="fa fa-copyright"></i> <span class="time">2016-2024,</span> <a class="text-gray" href="https://github.com/kubernetes-sigs" rel="noreferrer" target="_blank">Kubernetes SIGs</a> Revision <a class="text-gray" href="https://github.com/kubernetes-sigs/node-feature-discovery/commit/" title="" rel="noreferrer" target="_blank"></a> <br> <div class="generator"> Built with <a href="https://pages.github.com" rel="noreferrer" target="_blank" title="github-pages v228">GitHub Pages</a> using a <a href="https://github.com/rundocs/jekyll-rtd-theme" rel="noreferrer" target="_blank" title="jekyll-rtd-theme v2.0.10">theme</a> provided by <a href="https://rundocs.io" rel="noreferrer" target="_blank">RunDocs</a>. </div> </div> </div> </div> <div class="addons-wrap d-flex flex-column overflow-y-auto"> <div class="status d-flex flex-justify-between p-2"> <div class="title p-1"> <i class="fa fa-book"></i> Node Feature Discovery </div> <div class="branch p-1"> <span class="name"> v0.16 </span> <i class="fa fa-caret-down"></i> </div> </div> <div class="addons d-flex flex-column height-full p-2 d-none"> <dl id="versions"> <dt>Versions</dt> <script src="/node-feature-discovery/versions.js"></script> <script> var dt = document.getElementById('versions'); var items = getVersionListItems(); for (var i=0; i < items.length; i++) { var dd = document.createElement('dd'); var a = dd.appendChild(document.createElement('a')); a.appendChild(document.createTextNode(items[i].name)); a.href = items[i].url; dt.appendChild(dd); } </script> </dl> <dl> <dt>GitHub</dt> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery" title="Stars: 776"> <i class="fa fa-github"></i> Homepage </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/issues" title="Open issues: 48"> <i class="fa fa-question-circle-o"></i> Issues </a> </dd> <dd> <a href="https://github.com/kubernetes-sigs/node-feature-discovery/zipball/gh-pages" title="Size: 105890 Kb"> <i class="fa fa-download"></i> Download </a> </dd> </dl> <hr> <div class="license f6 pb-2"> This <a href="/node-feature-discovery/v0.16/" title="Node Feature Discovery">Software</a> is under the terms of <a href="https://github.com/kubernetes-sigs/node-feature-discovery">Apache License 2.0</a>. </div> </div> </div> <script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/gh/rundocs/jekyll-rtd-theme@2.0.10/assets/js/theme.min.js"></script> </body> </html>