Skip to content

Installing dependencies using bash script

To install all dependencies, create the following files and run the setup script.

Get the IP address of the Ubuntu VM with the following command.

bash ip addr show

link/ether field of the output is the MAC address, both for Wi-fi and ethernet connections, MAC address is represented by link/ether. Most of the time this will be in the second line.

1. Save the below kind config file as kind-cluster.yml

Update the host IP address before executing the yml file.

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
  apiServerAddress: "host-ip" #update ip address of your host machine
  apiServerPort: 6443
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 80
    hostPort: 80
    listenAddress: "host-ip" #update ip address of your host machine
    protocol: TCP
  - containerPort: 443
    listenAddress: "host-ip" #update ip address of your host machine
    protocol: TCP
    hostPort: 443
  extraMounts:
  - hostPath: .
    containerPath: /app

2. Generate Certificates for IEM

Before running the script, make sure you have the certificates needed to onboard an IEM. You can either use your own TLS certificates that are used to terminate TLS traffic on the gateway, or you can create them using openssl commands.

Code Example Generating Certificates:

Create the ca.conf file.

basicConstraints = CA:TRUE
keyUsage = cRLSign, keyCertSign
[req]
distinguished_name = req_distinguished_name
prompt = no

[req_distinguished_name]
C   = DE
ST  = Dummy
L   = Dummy
CN  = My Personal Root CA

create cert.conf file

IEM = ""

[req]
default_md = sha512
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
default_keyfile    = myCert.key
x509_extensions    = v3_ca
prompt             = no
authorityKeyIdentifier=keyid,issuer
distinguished_name = req_distinguished_name
req_extensions     = req_ext


[req_distinguished_name]
C=DE
ST=Dummy
L=Dummy
O=Dummy
CN=localhost

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

create cert-ext.conf file

basicConstraints = CA:FALSE
nsCertType = server
nsComment = "My Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

Create the gen_with_ca.sh file

    #!/bin/bash

    # Copyright (c) 2018-2022, Siemens AG (http://www.siemens.com)
    # All rights reserved.
    # THIS IS PROPRIETARY SOFTWARE OWNED BY SIEMENS AG.
    # USE ONLY PERMITTED ACCORDING TO LICENSE AGREEMENT.
    # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    # ARE DISCLAIMED. IN NO EVENT SHALL SIEMENS AG OR ITS CONTRIBUTORS BE LIABLE
    # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
    # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
    # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
    # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


    path=$(dirname "$0")

    IEM_IP=$1

    mkdir -p "${path}"/out

    openssl genrsa -out "${path}"/out/myCA.key 4096

    openssl req -x509 -new -nodes -key "${path}"/out/myCA.key -sha256 -days 825 -out "${path}"/out/myCA.crt -config "${path}"/ca.conf

    openssl genrsa -out "${path}"/out/myCert.key 4096

    openssl req -new -key "${path}"/out/myCert.key -out "${path}"/out/myCert.csr -subj "/C=DE/ST=Dummy/L=Dummy/O=Dummy/CN=$IEM" -config <(cat "${path}"/cert.conf <(printf "\\n[alt_names]\\nIP.1=%s" "${IEM_IP}"))

    openssl x509 -req -in "${path}"/out/myCert.csr -CA "${path}"/out/myCA.crt -CAkey "${path}"/out/myCA.key -CAcreateserial -out "${path}"/out/myCert.crt -days 825 -sha256 -extfile <(cat "${path}"/cert-ext.conf <(printf "\\n[alt_names]\\nIP.1=%s" "${IEM_IP}"))

    cat "${path}"/out/myCert.crt "${path}"/out/myCA.crt > "${path}"/out/certChain.crt

    rm "${path}"/out/myCert.csr "${path}"/out/myCA.srl
    cp "${path}"/out/myCert.crt "${path}"/out/certChain.crt "$(pwd)"/

Execute the gen_with_ca.sh file with the following command. Replace the IP address with your host's IP address here:

bash +x gen_with_ca.sh {host-ip}

3. Create a shell script file at same location with kind-cluster.yml with the name setup.sh

#!/bin/bash

certkey=""
cert=""
kindversion='v0.14.0'
kubectlversion='v1.26.0'
helmversion='v3.9.2'
namespace="deviem"
while getopts k:c:h:r:t:n: flag; do
 case "$flag" in
  k)
   kindversion=${OPTARG};;
  c)
   kubectlversion=${OPTARG};;
  h)
   helmversion=${OPTARG};;
  r)
   certkey=${OPTARG};;
  t)
   cert=${OPTARG};;
  n)
   namespace=${OPTARG};;
 esac
done
echo "kindversion: $kindversion";
echo "kubectlversion: $kubectlversion";
echo "helmversion: $helmversion";
sudo chown -R $(whoami) /usr/local;
if  [ ! -f /usr/bin/curl ]; then
 sudo apt-get install -y curl
fi
curl -fsSL https://get.docker.com -o get-docker.sh
if [ ! -f /usr/bin/docker ]; then
 sudo sh ./get-docker.sh
 sudo groupadd docker || true
 sudo usermod -aG docker "$USER" || true
 sudo chown $USER /var/run/docker.sock || true
 newgrp docker <<EONG
 echo ""
EONG
fi
if [ ! -f /usr/bin/docker-compose ]; then
 sudo apt install -y docker-compose
fi
if [ ! -f /usr/local/bin/kind ]; then
 curl -LO https://go.dev/dl/go1.19.5.linux-amd64.tar.gz
 rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.5.linux-amd64.tar.gz
 export PATH=$PATH:/usr/local/go/bin
 go install sigs.k8s.io/kind@$kindversion
 mv $(go env GOPATH)/bin/kind /usr/local/bin/kind
fi

if [ ! -f /usr/local/bin/helm ]; then
 curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
 chmod 700 get_helm.sh
 bash +x ./get_helm.sh --version "$helmversion"
fi

if [ ! -f /usr/local/bin/kubectl ]; then
 curl -LO "https://dl.k8s.io/release/$kubectlversion/bin/linux/amd64/kubectl"
 sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
fi
kubectl cluster-info
if [ ! $? -eq 0 ]; then
 kind create cluster --config "./kind-cluster.yml"
fi
kubectl create namespace $namespace
kubectl -n $namespace create secret tls kongcert --key $certkey --cert $cert
kubectl -n default create secret tls defaultcert --key $certkey --cert $cert


After the above step is completed, execute the script using following command:

bash +x setup.sh -r "out/myCert.key" -t "out/myCert.crt" -n "deviem"

This script will setup all the necessary tools and set up the KIND cluster with a namespace for the IEM installation. Use the same namespace as in the IEM manifest file.

Required parameters:

  • r : path/to/cert.key
  • t : path/to/cert.crt

Optional parameters:

  • k : kindversion
  • c : kubectlversion
  • h : helmversion
  • n : namespace

4. Download IECTL

The IECTL must be downloaded manually from the IEHUB. Click here to learn more.