Configuring custom secrets

IBM Business Automation Insights uses credentials, such as password and certificates, which are provided by default wherever they are needed. For secure communications, you avoid exposing credentials by creating custom Kubernetes secrets.

About this task

The following services use credentials in the form of passwords and certificates.

The management service
The Business Performance Center component

It is a good security practice to create Kubernetes secrets to hold sensitive configuration parameters, which you can later reuse across releases or for release upgrades.

You customize secrets by writing a YAML file that contains the appropriate keys, and then running the kubectl create command.

Keys for bai-secret are optional.: In your custom-bai-secret.yaml file, you do not need to list all the keys. You can choose to list only the keys for which you want a custom value.
File names and secrets names are customizable.: In the following steps, the names of the YAML files of secret definitions and the names of the Kubernetes secrets (metadata.name) are only examples. You can specify whatever names you want.

Procedure

Create the custom Kubernetes secrets.
- Creating custom-bai-secret
After you have created the secret that your Kubernetes deployment needs, edit the YAML file of your custom resource to make sure that it contains all the following configuration parameters.
Configuration parameters for IBM Business Automation Insights custom resources start with the spec.bai_configuration. prefix.
- The bai_secret parameter is set to custom-bai-secret.
For your changes to take effect, update your custom resource as instructed in Updating your Business Automation Insights custom resource.