Creating a Secret

Create an array Secret YAML file to define the storage credentials (username and password) and address for use with Ceph File Systems (CephFS) for Ceph-CSI driver.

Before you begin

Be sure that you have the following permissions before creating a Secret.
  • Kubernetes Administrator permissions.
  • Ceph Manager (ceph-mgr) permissions. For more information, see User roles and permissions.
  • userID and userKey for your username or role. If needed, get the unique generated key, by using the ceph auth get-or-create and ceph auth get-or-create-key commands. Encode the generated values with the following Base64 commands:
    echo -nUSER_ID| base64
    echo -nUSER_KEY| base64
    For more information about getting the unique generated values, see Adding Ceph user in the IBM Storage Ceph documentation.

About this task

Important: When your storage system password is changed, be sure to also change the passwords in the corresponding Secrets, particularly when LDAP is used on the storage systems.

Failing to do so causes mismatched passwords across the storage systems and the Secrets, causing the user to be locked out of the storage systems.

Procedure

  1. Create the Secret file, similar to the following cephfs-secret.yaml file.
    kind: Secret
    metadata:
     name: cephfs-admin
     namespace: default
    data:
     userID:USER_ID
     userKey:USER_KEY
     adminID:ADMIN_ID
     adminKey:ADMIN_KEY
    Replace the following values:
    USER_ID
    Base64 encoded string for admin.

    For example, YWRtaW4=.

    USER_KEY
    Base64 encoded key that was generated when the admin user was created.

    For example, QVFCZXhZQm54aVY5QVJBQWRRdmE2YzBDUHpnclI4S053ZEJ2WXc9PQ==

    ADMIN_ID
    Encoded admin ID.
    ADMIN_KEY
    Encoded admin key.
  2. Apply the Secret, by using the kubectl apply command.
    kubectl apply -fFILENAME.YAML
    The secret/SECRET_NAME created message is emitted.

What to do next

Verify that the Secret has been applied, by using the kubectl get secret command.
For example,
host01$ kubectl get secret
NAME             TYPE                           DATA AGE
cephfs-secret    Opaque                         4    7d1h
dockerhub-secret kubernetes.io/dockerconfigjson 1    7d

After the Secret is created and applied, create the StorageClass. For more information, see Creating a StorageClass.