A secret is an object that contains a small amount of sensitive data such as a password,
a token, or a key. Before you install Enterprise Records, create secrets manually to protect the
configuration data you are going to enter, for creating a keystore that you configured in
preparation for use with Enterprise Records.
Procedure
- Prepare your
ibm-ier-secret
. Using your password value, run
the following
command:
kubectl create secret generic ibm-ier-secret --from-literal=keystorePassword="<password>"
The
secret you create, ibm-ier-secret
, is the value for the parameter
ier_secret_name
.
- Configure the root Certificate Authority (CA) secret and trusted certificate
list.
The custom YAML file also requires values for the
root_ca_secret
and
trusted_certificate_list
parameters.
Note that if the root CA is generated by the
operator, you do not need to add it to the trusted_certificate_list
parameter.
The Transport Layer Security (TLS) secret contains the key value pair of root CA and
your options are:
- You can generate a self-signed root CA.
- You can allow the operator (or ROOTCA ansible role) to generate the secret with a self-signed
root CA (by not specifying one).
- You can use a signed root CA. In this case, you create a secret that contains the key value pair
of the root CA in advance.
The list of the trusted certificate secrets can be a TLS secret or an opaque secret. An
opaque secret must contain a tls.crt file for the trusted certificate. The TLS
secret has a tls.key file as the private key.