How do I create a public/private key pair?

Purpose

Use this procedure to create a public/private key pair, save the public key to a secret YAML file, and load the secret file to Kubernetes.

This procedure uses the openssl tool, version 3.0.3 or later. The tool should be available by default in a Linux environment.

Author names containing potentially confusing keywords, such as “NSP”, or “N0k1a” are blocked. If a secret file is created with a blocked author name, the signature is invalid and the bundle cannot be installed using the NSP Artifacts function.

Note: Only RSA format is currently supported, using the PCKS standard. The use of any other format will result in a key that is not accepted by the NSP Artifacts function.

Steps
 

Log in as the root or NSP admin user on a Linux system where openssl is available.


Open a console window.


Enter the following to generate a private key:

openssl genrsa -out private.pem 2048 ↵


Enter the following to create a public key:

openssl rsa -in private.pem -pubout -out publickey.pem ↵


Enter the following to encode the public key in base64 format:

cat public.pem | openssl base64 -e -A ↵


Designate a name to appear in the NSP UI as the name of the bundle author. Enter the following to encode the author name in base64:

echo -n author name | openssl base64 ↵

Note: The -n after the echo command is mandatory: without it the author name contains a new line character and the verification of the signed bundles fails.


Enter the following to retrieve the Kubernetes name space of the artifact management application:

kubectl get pods -A | grep -i -e 'cam-server' -e 'NAMESPACE' ↵

The namespace value is output below the NAMESPACE heading.


Create a YAML file as shown in the sample below.

Configure the parameters:

  • author is the encoded author name generated in Step 6

  • public-key is the encoded public key value generated in Step 5

  • type must be public-key

  • name is the unique name for the public key

    Nokia recommends using the convention author name-public-key for easy recognition.

  • namespace is the namespace retrieved in Step 7

Sample YAML:

apiVersion: v1

data:

  author: 

  public key: 

kind: Secret

metadata:

  labels:

    type: public-key 

  name: 

  namespace:  

type: public-key


Enter the following to load the YAML file into the Kubernetes system:

kubectl -n namespace apply -f filename.yaml ↵


10 

If applicable, transfer the YAML file to all standby sites and repeat Step 9 on each site.


11 

Close the console window.

End of steps