Creating Kubernetes Docker Hub and TLS Secrets
Before installing the WebHMI Helm chart, we recommend creating Docker Hub and Transport Layer Security (TLS) secrets for secure access.
Creating a Docker Hub Secret
A Docker Hub secret stores an access token. Since the WebHMI image is public, using the secret is optional, but it is recommended due to rate limits on unauthenticated pulls from Docker Hub.
When creating the secret, provide your Docker Hub credentials. For security reasons, it is recommended to use a Docker Hub access token instead of your account password.
To create a Docker Hub secret, run:
To verify that the secret was created, run:
Creating a TLS Secret Containing the Kubernetes Cluster Certificate
To enable secure HTTPS communication between web browsers and applications running in the Kubernetes cluster, a TLS certificate must be added to the cluster. While it is possible to use the unsecured HTTP protocol, this approach is not recommended, except in isolated or test environments.
You can either add an existing certificate issued for the cluster’s domain, or generate your own self-signed certificate.
To create a TLS secret with the Kubernetes cluster certificate:
-
(Optional) Generate a self-signed certificate for your domain. Make sure that you have OpenSSL installed on your machine, and then use the following command:
openssl req -x509 -newkey rsa:2048 -nodes -days 36500 -subj "/CN=WebHMI.example.com" -addext "subjectAltName=DNS:WebHMI.example.com" -keyout "cert.key" -out "cert.pem"Adjust the hostname (webhmi.example.com) and validity period as needed.
This command generates two files—cert.key (the private key) and cert.pem (the certificate)—with a validity of roughly 100 years. -
Create the Kubernetes TLS Secret using the following command from the directory that contains the certificate (cert.key) and the corresponding private key (cert.pem) files of the certificate for the cluster’s domain, either self-signed or issued by the Certificate Authority.
kubectl create secret tls webhmi-tls --cert=cert.pem --key=cert.keyIn this example, the secret is named webhmi-tls. If you choose a different name, make sure to use the same name in your values.yaml file.
-
Run the following to confirm that the secret was created successfully.
kubectl get secretskubectl describe secret webhmi-tls
What's Next?