Creating Kubernetes Docker Hub and TLS Secrets
Before installing the WebHMI Helm chart, we recommend creating Docker Hub and Transport Layer Security (TLS) secrets for secure access.
Creating a Docker Hub Secret
A Docker Hub secret stores an access token. Since the WebHMI image is public, using the secret is optional, but it is recommended due to rate limits on unauthenticated pulls from Docker Hub.
When creating the secret, provide your Docker Hub credentials. For security reasons, it is recommended to use a Docker Hub access token instead of your account password.
To create the Docker Hub secret in Rancher:
-
Open your cluster view, navigate to Storage > Secrets , and click Create .
-
Select Registry .
-
Enter the following details, and then click Create .
-
Leave namespace as default .
-
Enter a name, such as dockerhub-secret .
-
In Data , select DockerHub .
-
Enter your Docker Hub username and password.
-
-
In your cluster view, verify that you can see the newly created secret under Storage > Secrets .
Creating a TLS Secret Containing the Kubernetes Cluster Certificate
To enable secure HTTPS communication between web browsers and applications running in the Kubernetes cluster, a TLS certificate must be added to the cluster. While it is possible to use the unsecured HTTP protocol, this approach is not recommended, except in isolated or test environments.
You can either add an existing certificate issued for the cluster’s domain, or generate your own self-signed certificate.
To create a TLS secret with the Kubernetes cluster certificate in Rancher:
-
(Optional) Generate a self-signed certificate for your domain. Make sure that you have OpenSSL installed on your machine, and then use the following command:
openssl req -x509 -newkey rsa:2048 -nodes -days 36500 -subj "/CN=WebHMI.example.com" -addext "subjectAltName=DNS:WebHMI.example.com" -keyout "cert.key" -out "cert.pem"Adjust the hostname (webhmi.example.com) and validity period as needed.
This command generates two files—cert.key (the private key) and cert.pem (the certificate)—with a validity of roughly 100 years. -
In Rancher, open your cluster view, navigate to Storage > Secrets , and select Create .
-
Select TLS Certificate .
-
Enter the following details, and then click Create .
-
Leave namespace as default .
-
Enter a name, such as webhmi-tls . If you choose a different secret name than webhmi-tls, make sure to use the same name for your Helm values in the values.yaml file.
-
Below the Private Key field, click Read from file and browse for the cert.key file to add the private key.
-
Below the Certificate field, click Read from file and browse for the cert.pem file to add the certificate.
-
-
In your cluster view, verify that you can see the newly created secret under Storage > Secrets .
What's Next?