Generate Minikube Kubernetes cluster Certificate

Hello,
I am trying to generate Minikube Kubernetes cluster certificate defined in the certificate-authority on my minikube server.

I was able to generate certificates defined in client-certificate and client-key ~/.kube/config file using openssl with the command (openssl pkcs12 -passout pass: -export -out /tmp/client.pfx -in ~/.minikube/client.crt -inkey ~/.minikube/client.key)

Please how do I generate the Minikube Kubernetes cluster certificate defined in the certificate-authority on my minikube server?

Hi @oladapob,

Thanks for reaching out.

As these seem like Minikube specific questions unrelated to Octopus, I think you will get better support if you speak with Minikube directly.

Here is where I would start:

Please let me know if I misread the situation.

Best,
Jeremy

Thank you Jeremy

I followed a course on Octopus deploy here (Deploy a Java application to Kubernetes using Octopus, Jenkins, and Docker Registry - Octopus Deploy) and was advised to upload 2 certificates but the course facilitator only showed how to generate the first one but didn’t complete the steps on how to generate the second one. Kindly assist.

Thank You

Hey @oladapob,

Thanks for the clarification.

You actually don’t need to generate that certificate.

If you look at the minikube configuration file in ~/.kube/config, you will see the spot where it defines the location of that certificate. This certificate was generated when installing Minikube itself. Here is an example:

You would keep following the screenshot instructions and upload this certificate when required.

Please let me know if that gets you unstuck from this step of the guide.

Best,
Jeremy

Thank you Jeremy, I will conclude the steps and get back to you.

Thank You

You’re very welcome! I look forward to hearing back.

Hello Jeremy,
Please find the error below when I tried connecting to my minikube cluster from Octopus Deploy without the certificate authority is there something that i’m missing?

Do I need to configure a tentacle on the Minikube host before this can work?

Hi @oladapob
Apologies for the late reply.

Since the issue of the cert doesn’t appear to be an issue any more as the error is pointing to a connectivity problem, I am reproducing the configuration as outlined in the docs to make sure I have all the moving parts and can trace where you are seeing the issue exactly.

This will take some time and I will report back when I have a fully working environment and can trace the step you are having issues with.

Kind Regards,
Paraic

Thank You Paraic, I would be expecting your response.

Hello Paraic, any update on this?
I just need to connect to a minikube kubernetes cluster, kindly assist.
Thank You

Hi @oladapob,

Sorry about that, Paraic was offline for the day.

Taking a look at your screenshot, it looks like your minikube cluster is setup with a local IP address. For that to work, you will need to install a worker on the local network that can access that IP address to do the work on the cluster.

Please let me know how that goes.

Best,
Jeremy

Dear Jeremy,
But local IP Address was also used in your tutorial that was sent to you.
Right now, all I need are the steps required to run a full CI/CD pipeline from Teamcity to Kubernetes through octopus deploy. I have searched everywhere on the internet but didn’t get anything.

Do you have any resource?

Hi @oladapob,

The guide you linked outlines using a local version of Octopus Deploy and MSSQL. If you want to use the cloud version of Octopus and follow along, you will need to create a dedicated worker on your network where you are hosting minikube so that it will have access to it and use that as part of your process. The dynamic workers won’t have access to your local network.

Please let me know if I explained that okay.

Best,
Jeremy

Thank you Jeremy, my minikube is running on GCP. I also used the public IP Address of the GCP on octopus deploy but it still shows the error message. Do you suggest I install the worker on GCP as well and try again?

Hi @oladapob,

I believe that will likely mitigate networking issues. If you use Listening tentacles you will have to do some networking to open that up to the Octopus cloud. Polling will require less work.

You could potentially look at the logs of your GCP network firewall to see which rules are failing. To get the IP range of your octopus cloud you will need to login to www.octopus.com, click your profile in the upper right then control center, then click into your cloud instance, then click configuration on the left.

Please let me know how it goes.

Best,
Jeremy