Before you install Content Collector for SAP Applications, create secrets manually to
protect the configuration data you are going to enter, for creating a keystore that you configured
in preparation for use with Content Collector for SAP Applications.
Procedure
- Prepare your
ibm-iccsap-secret
. Using your password value,
run the following
command:
kubectl create secret generic ibm-iccsap-secret --from-literal=keystorePassword="<password>"
The
secret you create, ibm-iccsap-secret
, is the value for the parameter
iccsap_secret_name
.
- Configure the root Certificate Authority (CA) secret and trusted certificate
list.
The custom YAML file also requires values for the root_ca_secret
and
trusted_certificate_list
parameters. The Transport Layer Security (TLS) secret
contains the root CA's key value pair. You have the following choices for the root CA:
- You can generate a self-signed root CA.
- You can allow the operator (or ROOTCA ansible role) to generate the secret with a self-signed
root CA (by not specifying one).
- You can use a signed root CA. In this case, you create a secret that contains the root CA's key
value pair in advance.
The list of the trusted certificate secrets can be a TLS secret or an opaque secret. An
opaque secret must contain a tls.crt file for the trusted certificate. The TLS
secret has a tls.key file as the private key.
What to do next
To enable the IBM Content Collector P8 Content Search Services
Support, see Preparing to enable IBM Content Collector P8 Content Search Services Support.