3.7.0
What's New in ioFog 3.7.0?Core ConceptsArchitectureQuick Start With Local Deployment
IntroductionDownloadGetting FamiliarResource ManagementConnect/DisconnectLegacy
CLI Reference
iofogctliofogctl attachiofogctl attach agentiofogctl attach edge-resourceiofogctl attach execiofogctl attach exec agentiofogctl attach exec microserviceiofogctl attach volume-mountiofogctl completioniofogctl completion bashiofogctl completion fishiofogctl completion powershelliofogctl completion zshiofogctl configureiofogctl connectiofogctl createiofogctl create namespaceiofogctl deleteiofogctl delete agentiofogctl delete alliofogctl delete application-templateiofogctl delete applicationiofogctl delete catalogitemiofogctl delete certificateiofogctl delete configmapiofogctl delete controlleriofogctl delete edge-resourceiofogctl delete microserviceiofogctl delete namespaceiofogctl delete nats-account-ruleiofogctl delete nats-user-ruleiofogctl delete registryiofogctl delete roleiofogctl delete rolebindingiofogctl delete secretiofogctl delete serviceiofogctl delete serviceaccountiofogctl delete volume-mountiofogctl delete volumeiofogctl deployiofogctl describeiofogctl describe agent-configiofogctl describe agentiofogctl describe application-templateiofogctl describe applicationiofogctl describe certificateiofogctl describe configmapiofogctl describe controlleriofogctl describe controlplaneiofogctl describe edge-resourceiofogctl describe microserviceiofogctl describe namespaceiofogctl describe nats-account-ruleiofogctl describe nats-accountiofogctl describe nats-user-ruleiofogctl describe nats-useriofogctl describe registryiofogctl describe roleiofogctl describe rolebindingiofogctl describe secretiofogctl describe serviceiofogctl describe serviceaccountiofogctl describe system-microserviceiofogctl describe volume-mountiofogctl describe volumeiofogctl detachiofogctl detach agentiofogctl detach edge-resourceiofogctl detach execiofogctl detach exec agentiofogctl detach exec microserviceiofogctl detach volume-mountiofogctl disconnectiofogctl execiofogctl exec agentiofogctl exec microserviceiofogctl getiofogctl legacyiofogctl logsiofogctl moveiofogctl move agentiofogctl move microserviceiofogctl natsiofogctl nats accountsiofogctl nats accounts ensureiofogctl nats operatoriofogctl nats operator describeiofogctl nats usersiofogctl nats users create-mqtt-beareriofogctl nats users createiofogctl nats users credsiofogctl nats users delete-mqtt-beareriofogctl nats users deleteiofogctl pruneiofogctl prune agentiofogctl rebuildiofogctl rebuild microserviceiofogctl rebuild system-microserviceiofogctl renameiofogctl rename agentiofogctl rename applicationiofogctl rename controlleriofogctl rename edge-resourceiofogctl rename microserviceiofogctl rename namespaceiofogctl rollbackiofogctl startiofogctl start applicationiofogctl start microserviceiofogctl stopiofogctl stop applicationiofogctl stop microserviceiofogctl upgradeiofogctl versioniofogctl view
IntroductionPrepare Your NetworkPrepare Realm and OIDC ClientKeycloak DeploymentPrepare Your Remote HostsRemote Control PlaneKubernetes Prepare ClusterExternal Database DeploymentKubernetes iofogctlSetup Your AgentsAirgap Deployment
Securing ClusterRolesRole BindingsCertificates ManagerNATs Account RuleNATs User RuleNATs JWT Authentication
IntroductionAgent ConfigurationAttach/DetachVolumesDocker Image PruningUpgrade/Rollback
IntroductionApplication TemplatesMicroservice Lifecycle ManagementMicroservice LogsMicroservice Move/RenameMicroservice Registry Catalog
YAML KindsControl PlaneAgentApplicationApplication TemplateRegistryCatalogOfflineImageSecretCertificateConfigMapVolumeMountServiceRoleRoleBindingNatsAccountRuleNatsUserRule
ECN Viewer
OverviewConfigurationREST API
OverviewCLI UsageLocal APIConfigurationAgent Logs
HALREST Blue
GuidelinesCode of Conduct

Certificate and CertificateAuthority YAML Specification

iofogctl allows users to deploy and manage secrets.

The Certificate and CertificateAuthority has a very simple definition

Generate self-signed CA

apiVersion: iofog.org/v3
kind: CertificateAuthority
metadata:
  name: test-ca
spec:
  subject: test-ca
  type: self-signed
  expiration: 36

Create CA from existing secret on ioFog cluster

apiVersion: iofog.org/v3
kind: CertificateAuthority
metadata:
  name: test-ca
spec:
  type: direct
  secretName: test-ca

If you are on Kubernetes ControlPlane and would like to Create CA from existing Kubernetes secret inside the same namespace with Controller.

apiVersion: iofog.org/v3
kind: CertificateAuthority
metadata:
  name: test-ca
spec:
  type: k8s-secret
  secretName: test-ca
Field Description
spec.type Type of CA self-signed, direct or k8s-secret
spec.subject CA subject if type is self-signed
spec.expiration CA expiration in months if type is self-signed
spec.secretName The secretName that is going to import as CA if the type is direct or k8s-secret

Generate self-signed tls certificate

apiVersion: iofog.org/v3
kind: Certificate
metadata:
  name: test-server
spec:
  subject: "test-server"
  hosts: "x.x.x.x"
  expiration: 36
  ca:
    type: self-signed

Generate tls certificate signed with CA certificate deployed in ioFog cluster

apiVersion: iofog.org/v3
kind: Certificate
metadata:
  name: test-server
spec:
  subject: "test-server"
  hosts: "x.x.x.x"
  expiration: 36
  ca:
    type: direct
    secretName: test-ca

If you are on Kubernetes ControlPlane and would like to generate tls certificate signed with CA certificate that already deployed as a Kubernetes Secret inside the same namespace with Controller

apiVersion: iofog.org/v3
kind: Certificate
metadata:
  name: test-server
spec:
  subject: "test-server"
  hosts: "x.x.x.x"
  expiration: 36
  ca:
    type: k8s-secret
    secretName: test-ca
Field Description
spec.subject Certificate subject
spec.host Certificate hosts
spec.expiration Certificate expiration in months
spec.ca.type Type of CA that will sign new created certificate. self-signed, direct or k8s-secret
spec.ca.secretName Type CA certificate secretName if the spec.ca.type is direct or k8s-secret