Change the gateway administrator password by updating the CR and reinstalling the
subsystem.
About this task
Updating the administrator password for the gateway subsystem requires no measurable reduction in
API enforcement performance (gateways remain "up"); however, services such as SNMP will experience a
disconnect until the password is updated on all pods.
Procedure
-
Get the name of the secret that is used in the gateway CR.
- Run the following command to get the gateway's
secretName
:
kubectl -n <namespace> get gatewaycluster <gw-cluster-name> -o yaml
where <namespace>
is the namespace where you installed the
gateway subsystem, and <gw-cluster-name>
is the name of the
gateway cluster.
In the CR, the gateway's secretName
is in the adminUser
section.
- Note down the secret name for use in a later step.
- Scale the
<gw-cluster-name>
to 0 pods.
- Using the following example as a guide, set
replicaCount=0
for the
<gw-cluster-name>
.
kubectl -n <namespace> patch gatewaycluster <gw-cluster-name> --type json -p='[{"op": "add", "path": "/spec/replicaCount", "value": 0 }]'
- Validate that
statefulset READY = 0/0
.
Run the following command:
kubectl -n <namespace> get statefulset <gw-cluster-name>
A successful response looks like the following example:
NAME READY AGE
gwv6 0/0 18h
-
Update the gateway's secret.
- Run the following command to edit the gateway's
secretName
:
kubectl -n <namespace> edit secret secretName
- Change the value of
.data.password
to be the base64-encoded value of
a new password. The new password can be any string you want but you must encode it to
base64.
- Scale the gateway back up to the correct number of pods.
- Using the following example as a guide, set
replicaCount=3
for
<gw-cluster-name>
.
kubectl -n <namespace> patch gatewaycluster <gw-cluster-name> --type json -p='[{"op": "add", "path": "/spec/replicaCount", "value": 3 }]'
- Validate that
statefulset READY = 3/3
(this step might take few
minutes to complete).
Run the following command:
kubectl -n <namespace> get statefulset <gw-cluster-name>
A successful response looks like the following example:
NAME READY AGE
gwv6 3/3 18h
-
Verify that the gateway subsystem is fully updated.
Run the following command, replacing <namespace>
with the
appropriate namespace.
kubectl -n namespace get GatewayCluster
The update is complete when the READY
status is True
, and the
SUMMARY
reports that all services are online ( 2/2
) for all the
Gateway subsystems that were updated. Example:
NAME READY SUMMARY VERSION RECONCILED VERSION AGE
gwv5 True 2/2 10.0.8.0 10.0.8.0-1219 7m31s
gwv6 True 2/2 10.0.8.0 10.0.8.0-1219 7m32s