Secrets

For deploying Control Center using manifest files, following secrets needs to be created:
  1. For all passwords like database, admin, certificate etc.
  2. For keystore and truststore certificate files
  3. For TLS certificate if ingress will be used
  4. For accessing docker images from secure registry
Following are the sample files or commands for secrets:
# sccm-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: sccm-secret
type: Opaque
data:
  .ccDBPassword: <base64 encoded database passwords>
  .adminUserId: <base64 encoded control center admin username>
  .adminUserPassword: <base64 encoded control center admin password>
  .trustStorePassword: <base64 encoded truststore password>
  .keyStorePassword: <base64 encoded keystore password>
  .emailPassword: <base64 encoded email password>
  .jmsUserId: <base64 encoded JMS user id>
  .jmsPassword: <base64 encoded jms password>
  .userKey: <base64 encoded user key for control center>
After creating the file, following command needs to be used:
# kubectl create -f sccm-secret.yaml -n ibm-sccm
For creating certificate secret of keystore and truststore, use following commands
# kubectl create secret generic ibm-sccm-certs-secret --from-file=keystore=<keystore file path> --from-file=truststore=<truststore file path> -n ibm-sccm
If you will create Ingress resource, For creating TLS certificate for Kubernetes Ingress, use following command:
# kubectl create secret tls sccm-tls --key=<key file path> --cert=<cert file path> -n ibm-sccm
For image pull secret creation, following are different ways whether image will be directly accessed from entitlement registry or will be accessed from private registry. If image will be accessed from entitlement registry, then following will be details:
  1. Create the entitled registry secret: Complete the following steps to create a secret with the entitled registry key value:
    1. Ensure that you have obtained the entitlement key that is assigned to your ID.
      1. Log in to My IBM Container Software Library by using the IBM ID and password that are associated with the entitled software.
      2. In the Entitlement keys section, select Copy key to copy the entitlement key to the clipboard.

      3. III. Save the entitlement key to a safe location for later use.

        To confirm that your entitlement key is valid, click View library that is provided in the left of the page. You can view the list of products that you are entitled to. If IBM Sterling Control Center Monitor is not listed, or if the View library link is disabled, it indicates that the identity with which you are logged in to the container library does not have an entitlement for IBM Sterling Control Center. In this case, the entitlement key is not valid for installing the software.
        Note: For assistance with the Container Software Library (e.g. product not available in the library; problem accessing your entitlement registry key), contact MyIBM Order Support.
        Note: Images with the following tags are available for IBM Sterling Control Center Monitor 6.3.0 under the repository of cp.icr.io/cp/ibm-scc/ibmscc- 6.3.0.0_ifix02_2023-01-15.
    2. Set the entitled registry information by completing the following steps:
      1. Log on to machine from where the cluster is accessible
      2. export ENTITLED_REGISTRY=cp.icr.io
      3. export ENTITLED_REGISTRY_USER=cp
      4. export ENTITLED_REGISTRY_KEY=<entitlement_key>
    3. Create a Docker-registry secret:
      # kubectl create secret docker-registry <any_name_for_the_secret> --dockerusername=$ENTITLED_REGISTRY_USER --docker-password=$ENTITLED_REGISTRY_KEY --dockeremail=<
your_docker_email_address> --docker-server=$ENTITLED_REGISTRY -n ibm-sccm
  2. For private secure registry, following task needs to be executed.
    For creating docker image registry pull secret, use following commands:
    # kubectl create secret docker-registry sccm-image-secret --docker-server=<registry server> --docker-username=<username> --docker-password=<password> -n ibm-sccm