examples/lbaas examples need requirements documentation on needed LB certificates #8
Description
The provided example creates a LB with a certificate that has a reference to pre-existing local certificates folder:
"l7_lb_certificates" = {
"LB-1-CERT-1-KEY" = {
"ca_certificate" = "/certs/ca.crt" <----------/certs/my_cert.key"<----------
"certificate_name" = "lb1-cert1" <----------
"id" = "loadBalancers/ocid1.loadbalancer.oc1.eu-frankfurt-1.aaaaaaaas2rvttptgse2bqmsxfvrrcrobsq4ii67jkhlzdbwxajmbdnxwufq/certificates/lb1-cert1"
"l7lb_certificate_key" = "LB-1-CERT-1-KEY"
"l7lb_id" = "ocid1.loadbalancer.oc1.eu-frankfurt-1.aaaaaaaas2rvttptgse2bqmsxfvrrcrobsq4ii67jkhlzdbwxajmbdnxwufq"
"l7lb_key" = "EXAMPLE-011_LB_KEY"
"l7lb_name" = "example-01-tst"
"load_balancer_id" = "ocid1.loadbalancer.oc1.eu-frankfurt-1.aaaaaaaas2rvttptgse2bqmsxfvrrcrobsq4ii67jkhlzdbwxajmbdnxwufq"
"network_configuration_category" = "production"
"passphrase" = tostring(null)
"private_key" = "
"public_certificate" = "~/certs/my_cert.crt"<----------
"state" = "SUCCEEDED"
"timeouts" = null /* object */
}
}
We should indicate the need to have valid PEM certificates for the Load Balancer. For educational purposes, and if the user has not trusted CA certificates we can point to a public reference with instructions on how to setup self-signed certificates in the MD documentation or a link to a secondary MD with some instructions like:
a. Create a Self-Signed Root CA:
openssl req -x509 -sha256 -days 1825 -newkey rsa:2048 -keyout ca.key -out ca.crt
b. Create a cert key and certificate signing request (CSR):
openssl req -nekey rsa:2048 -nodes -keyout my_cert.key -out my_cert.csr
c. Sign the certificate CSR with Root CA:
cat my_cert.txt
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
subjectAltName = @alt_names [alt_names]
DNS.1 = oe01.com
openssl x509 -req -CA ca.crt -CAkey ca.key -in my_cert.csr -out my_cert.crt -days 365 -CAcreateserial -extfile my_cert.txt
d. Check the cert:
openssl x509 -text -noout -in my_cert.crt