Create OTEL CertsΒΆ

To generate the required OTEL certificates, follow these steps:

  1. Create otel-certs.yaml file with the content below:

    Note: Make sure you update the spec.issuerRef.name, spec.issuerRef.kind, spec.privateKey based on the cert-manager configuration, see Configure Cert Manager

    vi otel-certs.yaml
    

    Content:

    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
        name: external-f5ingotelsvr
    spec:
        subject:
            countries:
            - US
            provinces:
            - Washington
            localities:
            - Seattle
            organizations:
            - F5 Networks
            organizationalUnits:
            - PD
        emailAddresses:
            - clientcert@f5net.com
        commonName: f5net.com
        # SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource.
        # It will be populated with a private key and certificate, signed by the denoted issuer.
        secretName: external-f5ingotelsvr-secret
        # IssuerRef is a reference to the issuer for this certificate.
        issuerRef:
            name: arm-ca-cluster-issuer
            kind: ClusterIssuer
        # Lifetime of the Certificate is 1 hour, not configurable
        duration: 2160h
        privateKey:
            rotationPolicy: Always
            encoding: PKCS1
            algorithm: RSA
            size: 4096
    ---
    apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
        name: external-otelsvr
    spec:
        subject:
            countries:
            - US
            provinces:
            - Washington
            localities:
            - Seattle
            organizations:
            - F5 Networks
            organizationalUnits:
            - PD
        emailAddresses:
            - clientcert@f5net.com
        commonName: f5net.com
        # SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource.
        # It will be populated with a private key and certificate, signed by the denoted issuer.
        secretName: external-otelsvr-secret
        # IssuerRef is a reference to the issuer for this certificate.
        issuerRef:
            name: arm-ca-cluster-issuer
            kind: ClusterIssuer
        # Lifetime of the Certificate is 1 hour, not configurable
        duration: 2160h
        privateKey:
            rotationPolicy: Always
            encoding: PKCS1
            algorithm: RSA
            size: 4096
    
  2. Apply the otel-certs.yaml in the namespace (either on default or f5-utils) where product needs to be installed.

    kubectl apply -f otel-certs.yaml -n default