To use TLS certificate based authentication in a Db2 or Db2 Warehouse instance in
OpenShift, you must create a secret to provide your certificate to the Db2 REST service. Follow these steps:
Procedure
-
Encode your certificate in base64, replacing myCert.pem with the fully qualified path to your
certificate:
REST_CERT=$(base64 myCert.pem | tr -d '[:space:]')
-
Create a secret:
cat << EOF | oc apply -f -
apiVersion: v1
kind: Secret
metadata:
name: db2rest-internal-tls
namespace: zen
type: Opaque
data:
ca.crt: $(echo -n $REST_CERT)
EOF
- Add secret to deployment:
Run the following command and note the REST
deployment name:
oc get deployment | grep rest
Next,
run:
oc edit deployment <REST_DEPLOYMENT_NAME>
In the volumeMounts
section add:
- mountPath: /secrets/db2ssl
name: db2ssl
readOnly: true
In the volumes section, add:
- name: db2ssl
secret:
defaultMode: 420
optional: false
secretName: db2rest-internal-tls
Save and exit editing the REST deployment.
The existing REST pod will be terminated and a new one is created with the certificate shared with
the pod.