Tuesday, 2 January 2018

IBM DataPower on IBM Cloud Private - Wrapping it up

I'm using IBM Cloud Private (ICP) to spin up a container running IBM DataPower Gateway (IDG), via a Helm chart.

Right now, I'm cheating using the ICP admin UI: -

rather than the Helm command-line interface, as per my normal practice.

The Helm chart has two mandatory values - frontsideKey and frontsideCert - which contain a private key and a personal certificate.

I generated the key and certificate using openssl : -

openssl req -subj '/C=GB/O=IBM/CN=davehay.uk.ibm.com' -new -newkey rsa:2048 -days 365 -nodes -x509  -sha256 -keyout server.key -out server.crt

When I clicked the button to instal the Helm chart, I saw this exception in the UI : -

Internal service error : release DaveH failed: Secret in version "v1" cannot be handled as a Secret: v1.Secret: Data: decode base64: illegal base64 data at input byte 64, parsing 1177 ...X375XW1M="... at {"apiVersion":"v1","data":{"cert.pem":"MIIDQzCCAiugAwIBAgIJAMNFpd9mxNckMA0GCSqGSIb3DQEBCwUAMDgxCzAJBgNV BAYTAkdCMQwwCgYDVQQKDANJQk0xGzAZBgNVBAMMEmRhdmVoYXkudWsuaWJtLmNv 
G6rTAsZcFxBukcRxfCk4CmRR1C16dlsiz64rKVkdGO9IUTF0GchNAobYcAEK+dbW v+jU2J13dMnmzYfOz9QZkpM="},"kind":"Secret","metadata":{"labels":{"app":"DaveH-ibm-datapower-dev","chart":"ibm-datapower-dev-1.0.3","heritage":"Tiller","release":"DaveH"},"name":"DaveH-ibm-datapower-dev-secret","namespace":"default"}}

Reading this: -

I realised that the requisite values should be base64-encoded.

However, it's my understanding that X509 certificates already base-64 encoded.

I fiddled about for a bit …. and then realised where I was going wrong.

The .cer and .key files that are generated by the openssl command are written to files that are automatically formatted as …. 64-column files :-)

That may be the base64 encoding :-)

However, the ICP/Helm UI doesn't like the resulting wrapped text in the frontsideKey and frontsideCert parameters.

So I manually stripped away the CR/LF characters at the end of each 64-bit row, and pasted the result into each of the requisite fields.

This got me further, but I then saw this: -

Internal service error : release DaveH failed: Secret "DaveH-ibm-datapower-dev-secret" is invalid: metadata.name: Invalid value: "DaveH-ibm-datapower-dev-secret": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

which is easier to fix.

This is what ICP says: -

and this is what I had for my Release Name: -


Can you say "Doofus" ?

Once I changed it to daveh, we're good to go: -

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...