When a user creates a connection, they can provide their
credentials by entering them directly or by specifying a secret. A Red Hat® OpenShift® administrator can configure Cloud Pak for Data to enforce the exclusive use of secrets from an
external vault (such as CyberArk or
HashiCorp).
- Who needs to complete this task?
- To complete this task, you must be either:
- A cluster administrator
- An instance administrator
- When do you need to complete this task?
- You can complete this task anytime after Cloud Pak for Data is installed. However, it is recommended that
you complete this task before you give users access to the web client.
Before you begin
Best practice: You can run the commands in
this task exactly as written if you set up environment variables. For instructions, see
Setting up installation environment variables.
Ensure that you source the environment variables
before you run the commands in this task.
About this task
A Red Hat OpenShift project (namespace) administrator can edit the common core services custom resource to set the wdp_connect_connection_allow_only_vaulted_password
parameter to true
.
Procedure
- Log in to Red Hat OpenShift Container Platform as a user with sufficient permissions to
complete the
task.
- Set the
wdp_connect_connection_allow_only_vaulted_password
parameter to
true
:
oc patch ccs ccs-cr \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
--type=merge \
--patch '{"spec": {"wdp_connect_connection_allow_only_vaulted_password
": "true"}}'
- Restart the following pods:
- Restart the
wdp-connect-connection pods
pods:
oc delete pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l app=wdp-connect-connection \
- Restart the
wdp-connect-connector
pods:
oc delete pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l app=wdp-connect-connector
- Verify that the pods return and are running:
- Verify that the
wdp-connect-connection pods
pods are running:
oc get pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l app=wdp-connect-connection
- Verify that the
wdp-connect-connector
pods are running:
oc get pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l app=wdp-connect-connector
Results
Cloud Pak for Data is
configured for the exclusive use of external vault secrets for connections.