Changing the gateway administrator password

Change the gateway administrator password by updating the CR and reinstalling the subsystem.

About this task

Updating the administrator password for the gateway subsystem requires no measurable reduction in API enforcement performance (gateways remain "up"); however, services such as SNMP will experience a disconnect until the password is updated on all pods.

Procedure

  1. Get the name of the secret that is used in the gateway CR.
    1. Run the following command to get the gateway's secretName:
      kubectl -n <namespace> get gatewaycluster <gw-cluster-name> -o yaml

      where <namespace> is the namespace where you installed the gateway subsystem, and <gw-cluster-name> is the name of the gateway cluster.

      In the CR, the gateway's secretName is in the adminUser section.

    2. Note down the secret name for use in a later step.
  2. Scale the <gw-cluster-name> to 0 pods.
    1. Using the following example as a guide, set replicaCount=0 for the <gw-cluster-name>.
      kubectl -n <namespace> patch gatewaycluster <gw-cluster-name> --type json -p='[{"op": "add", "path": "/spec/replicaCount", "value": 0 }]'
    2. Validate that statefulset READY = 0/0.

      Run the following command:

      kubectl  -n <namespace> get statefulset <gw-cluster-name>

      A successful response looks like the following example:

      NAME   READY   AGE
      gwv6   0/0     18h
      
  3. Update the gateway's secret.
    1. Run the following command to edit the gateway's secretName:
      kubectl -n <namespace> edit secret secretName
    2. Change the value of .data.password to be the base64-encoded value of a new password. The new password can be any string you want but you must encode it to base64.
  4. Scale the gateway back up to the correct number of pods.
    1. Using the following example as a guide, set replicaCount=3 for <gw-cluster-name>.
      kubectl -n <namespace> patch gatewaycluster <gw-cluster-name> --type json -p='[{"op": "add", "path": "/spec/replicaCount", "value": 3 }]'
    2. Validate that statefulset READY = 3/3 (this step might take few minutes to complete).

      Run the following command:

      kubectl  -n <namespace> get statefulset <gw-cluster-name>

      A successful response looks like the following example:

      NAME   READY   AGE
      gwv6   3/3     18h
  5. Verify that the gateway subsystem is fully updated.

    Run the following command, replacing <namespace> with the appropriate namespace.

    kubectl -n namespace get GatewayCluster

    The update is complete when the READY status is True, and the SUMMARY reports that all services are online ( 2/2) for all the Gateway subsystems that were updated. Example:

    NAME   READY   SUMMARY   VERSION    RECONCILED VERSION   AGE
    gwv5   True    2/2       10.0.8.0   10.0.8.0-1219        7m31s
    gwv6   True    2/2       10.0.8.0   10.0.8.0-1219        7m32s