Command Summary | Utimaco Integration Guides

Command	Purpose
`# mkdir /var/lib/kmsplugin`	To create a directory for socket files.
`# mkdir k8s_plugin`	To create a directory for plugin files.
`# mkdir certs`	To create a dircectory for certificates.
`# mkdir logs`	To create a directory for plugin log file.
`# docker load -i k8s-kms-plugin_1.0.tar`	To load a Docker image.
`# openssl genrsa -out kms_plugin_client.key 2048`	To create a private key.
`# cat << EOF \| openssl req -new -key kms_plugin_client.key -out kms_plugin_client.csr -sha256` `US` `California` `Campbell` `Utimaco` `Atalla` `kms_plugin_user` `eskm@utimaco.com` `EOF`	To generate a CSR.
`# cat /home/admin/k8s_plugin/certs/kms_plugin_client.csr`	To view the generated CSR.
`# vim plugin-config.yaml`	To create/edit the plugin-config.yaml file
`# kubectl create configmap kms-plugin-config --from-file=/home/admin/k8s_plugin/plugin-config.yaml`	To create the kube configmap for plugin-config.yaml.
`# kubectl create secret generic kms-plugin-certs --from-file=/home/admin/k8s_plugin/certs/kms_plugin_client.crt --from-file=/home/admin/k8s_plugin/certs/kms_plugin_client.key --from-file=/home/admin/k8s_plugin/certs/ESKMLocalCA.crt -n kube-system`	To create the kube secret for certificates.
`# vim kms-plugin.yaml`	To create/edit the kms-plugin.yaml daemonset file.
`# kubectl apply -f kms_plugin.yaml`	To apply the kms-plugin.yaml file.
`# kubectl get daemonset -A`	To view the kube system daemonset.
`# kubectl get pods -A`	To view the kube system pods.
`# vim /etc/kubernetes/encryption-config.yaml`	To create/edit the encryption-config.yaml file.
`# vin /etc/kubernetes/manifests/kube-apiserver.yaml`	To edit the kube-apiserver.yaml file.
`# kubectl create secret generic test-secret --from-literal=mykey=mydata`	To create a secret.
`# etcdctl get /registry/secrets/default/test-secret --print-value-only`	To verify encryption in etcd.
`# kubectl get secret test-secret -o yaml`	To verify the description.
`# kubectl delete configmap kms-plugin-config -n kube-system.`	To delete the configmap.
`# kubectl rollout restart daemonset/kms-plugin-ds -n kube-system`	To restart the kms-plugin daemonset.
`# kubectl get secrets -- all-namespces -o json \| kubectl replace --force -f -`	To re-encrypt existing secrets.

CLI Commands