diff --git a/docs/CONFIGURATION_MTLS.md b/docs/CONFIGURATION_MTLS.md index 904f1264..81b0dc91 100644 --- a/docs/CONFIGURATION_MTLS.md +++ b/docs/CONFIGURATION_MTLS.md @@ -1,7 +1,8 @@ # Configuring mTLS: Guidelines and Instructions -**Step-1:** Create a ca-config.cnf file +**Step-1: Create a ca-config.cnf file** +```$xslt [ req ] default_bits = 2048 @@ -49,8 +50,9 @@ DNS.1 = kubviz-client-nats DNS.2 = kubviz-client DNS.3 = kubviz-agent +``` -**Step-2:** Create ca-cert.pem +**Step-2: Create ca-cert.pem** ```bash openssl genrsa -out ca-key.pem 4096 @@ -60,7 +62,7 @@ openssl genrsa -out ca-key.pem 4096 openssl req -new -x509 -days 365 -key ca-key.pem -out ca-cert.pem -subj "/C=IN/ST=Tamil Nadu/L=Chennai/O=Kubviz/CN=KubvizCA" ``` -**Step-3:** Create the Server Certificate +**Step-3: Create the Server Certificate** ```bash openssl genrsa -out server-key.pem 4096 @@ -74,7 +76,7 @@ openssl req -new -key server-key.pem -out server-csr.pem -subj "/C=IN/ST=Tamil N openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem -extfile ca-config.cnf -extensions v3_ca ``` -**Step-4:** Create the Client Certificate +**Step-4: Create the Client Certificate** ```bash openssl genrsa -out client-key.pem 4096 @@ -88,7 +90,7 @@ openssl req -new -key client-key.pem -out client-csr.pem -subj "/C=IN/ST=Tamil N openssl x509 -req -days 365 -in client-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 -out client-cert.pem -extfile ca-config.cnf -extensions v3_ca ``` -**step-5:** Create the agent certificate +**step-5: Create the agent certificate** ```bash openssl genrsa -out agent-key.pem 4096 @@ -101,7 +103,7 @@ openssl req -new -key agent-key.pem -out agent-csr.pem -subj "/C=IN/ST=Tamil Nad ```bash openssl x509 -req -days 365 -in agent-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 -out agent-cert.pem -extfile ca-config.cnf -extensions v3_ca ``` -**step-6:** Create secrets +**step-6: Create secrets** ```bash kubectl create secret generic kubviz-client-ca-cert --from-file=client-cert.pem --from-file=client-key.pem --from-file=ca-cert.pem -n kubviz @@ -115,9 +117,9 @@ kubectl create secret generic kubviz-agent-ca-cert --from-file=agent-cert.pem -- kubectl create secret generic kubviz-server-ca-cert --from-file=server-cert.pem --from-file=server-key.pem --from-file=ca-cert.pem -n kubviz ``` -#### if you want to enable mtls add the secret name in client/values.yaml also mtls.enabled:true +#### if you want to enable mtls add the secret name in client/values.yaml also mtls.enabled: true -**Step-7:** Add the secret name in client/value.yaml +**Step-7: Add the secret name in client/value.yaml** Below is the nats configuration @@ -133,7 +135,7 @@ tls: ... ``` -**Step-8:** Add the secret name in client/value.yaml +**Step-8: Add the secret name in client/value.yaml** ```yaml mtls: @@ -143,7 +145,7 @@ mtls: ... ``` -**Step-9:** Add the secret name in agent/value.yaml +**Step-9: Add the secret name in agent/value.yaml** ```yaml mtls: