Veritas InfoScale™ for Kubernetes Environments 8.0.100 - Linux
- Overview
- System requirements
- Preparing to install InfoScale on Containers
- Installing Veritas InfoScale on OpenShift- Introduction
- Prerequisites
- Additional Prerequisites for Azure RedHat OpenShift (ARO)
- Installing InfoScale on a system with Internet connectivity
- Installing InfoScale in an air gapped system
 
- Installing Veritas InfoScale on Kubernetes
- Tech Preview: Configuring KMS-based Encryption on an OpenShift cluster
- Tech Preview: Configuring KMS-based Encryption on a Kubernetes cluster
- InfoScale CSI deployment in Container environment- CSI plugin deployment
- Static provisioning
- Dynamic provisioning
- Resizing Persistent Volumes (CSI volume expansion)
- Snapshot provisioning (Creating volume snapshots)
- Managing InfoScale volume snapshots with Velero
- Volume cloning
- Using InfoScale with non-root containers
- Using InfoScale in SELinux environments
- CSI Drivers
- Creating CSI Objects for OpenShift
 
- Installing and configuring InfoScale DR Manager on OpenShift
- Installing and configuring InfoScale DR Manager on Kubernetes
- Disaster Recovery scenarios
- Configuring InfoScale
- Troubleshooting
Adding a custom CA certificate
Complete the following steps
- On the master node, create a directory -  custom-ca. Navigate to this directory to perform the next steps.
- Copy the following content into a file  and save it as vxconfig.json.{ "signing": { "default": { "expiry": "43800h" }, "profiles": { "cluster": { "expiry": "8760h", "usages": [ "signing", "key encipherment", "cert sign", "server auth", "client auth" ], "ca_constraint": { "is_ca": true } } } } }
- Copy the following content into a file  and save it as csr_config.json.{ "CN": "infoscale-ca", "key": { "algo": "rsa", "size": 2048 }, "hosts": [ "kubernetes" ], "names": [ { "O": "system:nodes", "OU": "vx" } ] }
- Run the following command to generate certificates.cfssl genkey csr_config.json | cfssljson -bare infoscale-ca. Review output similar to the following output 2022/02/10 15:09:27 [INFO] generate received request 2022/02/10 15:09:27 [INFO] received CSR 2022/02/10 15:09:27 [INFO] generating key: rsa-2048 2022/02/10 15:09:28 [INFO] encoded CSR 
- Now you must sign the certificate you just generated. Run the following command. cfssl sign -ca /etc/kubernetes/pki/ca.crt -ca-key /etc/kubernetes/pki/ca.key -hostname kubernetes -config ./vxconfig.json -profile cluster ./infoscale-ca.csr | cfssljson -bare infoscale-ca 
- Run ls to list files in the folder.Following files must be created infoscale-ca.csr infoscale-ca-key.pem infoscale-ca.pem Here , infoscale-ca.pemis the external CA certificate.
- Copy the following content into a file  and save it as custom-ca.yaml.apiVersion: v1 kind: Namespace metadata: labels: control-plane: infoscale-sds-operator name: infoscale-vtas --- apiVersion: v1 kind: Secret metadata: name: infoscale-ca namespace: infoscale-vtas type: kubernetes.io/tls data: ca.crt: $(kubectl get cm kube-root-ca.crt -o jsonpath="{.data['ca\.crt']}" | base64 -w0) tls.crt: $(base64 ./infoscale-ca.pem | tr -d '\n') tls.key: $(base64 ./infoscale-ca-key.pem | tr -d '\n')You have to replace content for ca.crt,tls.crt, andtls.key.
- Run kubectl get cm kube-root-ca.crt -o jsonpath="{.data['ca\.crt']}" | base64 -w0. Copy the output of this command as <Content of ca.crt> 
- Modify custom-ca.yamlas underapiVersion: v1 kind: Namespace metadata: labels: control-plane: infoscale-sds-operator name: infoscale-vtas --- apiVersion: v1 kind: Secret metadata: name: infoscale-ca namespace: infoscale-vtas type: kubernetes.io/tls data: ca.crt: <Content of ca.crt> tls.crt: $(base64 ./infoscale-ca.pem | tr -d '\n') tls.key: $(base64 ./infoscale-ca-key.pem | tr -d '\n')
- Similarly, run base64 ./infoscale-ca.pem | tr -d '\n' and update tls.crtincustom-ca.yamlwith the output of this command.
- Run base64 ./infoscale-ca-key.pem | tr -d '\n' and update tls.keyincustom-ca.yamlwith the output of this command.
- Ensure that custom-ca.yamlis as underapiVersion: v1 kind: Namespace metadata: labels: control-plane: infoscale-sds-operator name: infoscale-vtas --- apiVersion: v1 kind: Secret metadata: name: infoscale-ca namespace: infoscale-vtas type: kubernetes.io/tls data: ca.crt: <Content of ca.crt> tls.crt: <Content of tls.crt> tls.key: <Content of tls.key>
- Run kubectl apply -f custom-ca.yaml.
- If you are configuring DR, copy this custom-ca.yamlto the DR cluster.
- Run kubectl apply -f custom-ca.yaml on the DR cluster before applying the license.
After custom-ca.yaml is successfully applied, you can apply iso.yaml. See the Installation section.