Copying secrets and configmaps to tethered projects in Watson Query
Watson
Query uses zenExtension to copy secrets and
configmaps to tethered projects. After you create or modify the
ca-connection-certs
secret or the krb5-conf-files configmap, use this feature to copy them to tethered
projects.
Before you begin
Procedure
Complete the following tasks:
Add the krb5.conf configmap or ca-connection-certs secret
to zenExtension
- Run the following command to modify the zenextension
CR:
oc -n ${PROJECT_CPD_INST_OPERANDS} edit zenextension dv-rescopy-extension - Modify the details section to add the new configmap or
secret:
"details": { "configmap_list": [ "krb5-config-files", "cpd-dv-aux-ckpt-cm", "dv-aux-br-cm" ], "secret_list": [ "ca-connection-cert" ] } -
Note:You must use the following names in the zenextension CR:
Name for krb5 configmap file :
For more information aboutkrb5-config-fileskrb5-config-files, see Enabling Kerberos authentication in Watson Query.Name for ca-connection cert secret:
For more information about how to create the secret, see ../cpd/admin/post-install-ca-cert-internal.html.connection-ca-certs
Refresh the secret or configmap
Run the following command to trigger a refresh of the secret or configmap. This command idempotent. You must run it every time you update the ca-connection-certs secret or the krb5-config-files configmap.
Run this command from the CLI on the cluster.
last_update_ts=$(oc -n ${PROJECT_CPD_INST_OPERANDS} get zenextension/dv-rescopy-extension -o jsonpath='{.spec.extensions}' | jq '.[0].last_update_ts' | tr -d '"')
new_timestamp=$(date -u '+%Y%m%d%H%M%S')
oc -n ${PROJECT_CPD_INST_OPERANDS} get zenextension/dv-rescopy-extension -o yaml > dv-rescopy-extension$last_update_ts.yaml
sed -i "s/${last_update_ts}/${new_timestamp}/" dv-rescopy-extension$last_update_ts.yaml
oc apply -f dv-rescopy-extension$last_update_ts.yaml
rm -f dv-rescopy-extension$last_update_ts.yaml