You can enable an encrypted connection using one of the following methods, depending on your service environment:

  1. Using LoadBalancer
  2. Using NodePort — commonly used with local clusters such as kind, or minikube

After setting the connection, you will get a CA certificate to connect to the Supply Chain Security Tools - Store using the CLI or API.

Using LoadBalancer

If you are using a LoadBalancer configuration, you need to find the external IP of the metadata-store-app service. For all kubectl commands, use the --namespace metadata-store flag. Run:

$ kubectl get service/metadata-store-app --namespace metadata-store -o yaml
...
spec:
  ports:
  - name: http
    nodePort: 32712
    port: 8443
    protocol: TCP
    targetPort: PORT
...
status:
  loadBalancer:
    ingress:
    - ip: IP-ADDRESS 

Where:

  • IP-ADDRESS is your IP address.
  • PORT is your port number.

Obtaining the CA Certificate

The CA certificate is generated by cert manager. Run the following command to get the CA certificate:

$ kubectl get secret app-tls-cert -n metadata-store -o json | jq -r '.data."ca.crt"' | base64 -d > PATH

Where:

  • PATH is the location where you want to save the CA certificate. This file is used later when you configure the CLI.

Editing /etc/hosts

To add the IP entry mapping to metadata-store-app.metadata-store.svc.cluster.local in /etc/hosts, run:

10.186.124.220 metadata-store-app.metadata-store.svc.cluster.local

Using NodePort

To use NodePort, obtain the CA cert, configure portforwarding, and modify the /etc/hosts file.

Obtaining the CA Cert

The CA Certificate is generated by cert manager. Run the following command to get the CA certificate:

$ kubectl get secret app-tls-cert -n metadata-store -o json | jq -r '.data."ca.crt"' | base64 -d > PATH

Where:

  • PATH is the location where you want to save the CA certificate. This file is used later when you configure the CLI.

Configuring Portforwarding

When using NodePort, you need to configure port forwarding for the service in order for the CLI to access the Supply Chain Security Tools - Store. Run:

$ kubectl port-forward service/metadata-store-app 8443:8443 -n metadata-store

Run this command in a separate terminal window, since it takes over the terminal.

Modifying your /etc/hosts file

Add the following entry to /etc/hosts by running:

127.0.0.1 metadata-store-app.metadata-store.svc.cluster.local
check-circle-line exclamation-circle-line close-line
Scroll to top icon