PowerProtect Data Manager 19.11 Kubernetes User Guide

PDF

Kubernetes cluster on Amazon Elastic Kubernetes Service certificate considerations

Running a Kubernetes cluster on Amazon Elastic Kubernetes Service (EKS) requires you to manually copy the cluster root certificate authority and import to the PowerProtect Data Manager trust store. Perform the following steps:

  1. From the Kubernetes node, retrieve the cluster root certificate by running the following command:

    aws eks describe-cluster --region region --name Kubernetes cluster name --query "cluster.certificateAuthority.data" --output certificate file name

  2. Copy the certificate to the PowerProtect Data Manager server.
  3. As an administrator on the PowerProtect Data Manager server, import the certificate to the PowerProtect Data Manager trust store by running the following command:

    ppdmtool -importcert -alias certificate alias -file file with certificate -type BASE64|PEM

    Where:

    i or importcert imports the certificate.

    a or alias certificate alias is used to specify the alias of the certificate, and certificate alias is in the form hostname:port:root

    f or file file with certificate is used to specify the full path of the file with the certificate.

    t or type BASE64|PEM is used to specify the certificate type. The default type is PEM.

    NOTE Since the root certificate is a text file, specify BASE64 format for the type input, as shown in the following example.

Sample command to import certificate to PowerProtect Data Manager trust store

ppdmtool -i -a eks.ap-south-1.amazonaws.com -f aws-certificate.txt -t BASE64

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\