Creating a secret
A secret is used for setting sensitive information when installing IBM® Sterling Intelligent Promising through the Operator. It contains sensitive information such as truststore password, credentials for middleware services if you are not deploying Sterling Intelligent Promising in development mode, and other configurations.
Procedure
- Create a <sample_secret_file>.yaml file as illustrated in the
following example: The
truststore_password
is a mandatory attribute. It is used to create the final truststore, where you can choose to add the trusted certificates or import the truststore to the truststore that the Sterling Intelligent Promising creates to trust the connection between itself and external services. So, when you provide your own truststore, then you must provide the same password that is used for creating the truststore in this truststore.apiVersion: v1 kind: Secret metadata: name: <Release-name>-sip-secret type: Opaque stringData: truststore_password: <password for TrustStore> # This password is used to create a truststore.
- If your middleware services (Cassandra, Elasticsearch, and Kafka) are not installed by the
Operator, add the following properties to the <sample_secret_file>.yaml
file.
# Cassandra cassandra_username: <username for cassandra> cassandra_password: <password for cassandra> # Elasticsearch elasticsearch_username: <username for elasticsearch> elasticsearch_password: <password for elasticsearch> # Kafka - required secret kafka_security_protocol: <security protocol for kafka> # Kafka - optional secret kafka_sasl_jaas_config: <sasl jaas cofing for kafka> kafka_user: <username for kafka> kafka_password: <password for kafka > kafka_sasl_mechanism: <sasl mechanism for kafka> # MongoDB - required secret mongodb_optimizer_metadata_db_username: <username for optimizerMetadataDB in MongoDB> mongodb_optimizer_metadata_db_password: <password for optimizerMetadataDB in MongoDB> mongodb_optimizer_db_username: <username for optimizerDB in MongoDB> mongodb_optimizer_db_password: <password for optimizerDB in MongoDB> # MongoDB - optional secret. If you provide this secret, Operator will create the required database and the respective users. If Admin credendtials are not passed, you are expected to create the databaase and the corresponding user. mongodb_admin_db_username: <Admin username for MongoDB> mongodb_admin_db_password: <Admin password for MongoDB>
- Sterling Intelligent
Promising by default writes application level logs to
console. However, you can choose to redirect these logs to Kafka by using the following properties.
So, if you choose log channel to Kafka and specify
loggingContactPoints
, then add the Kafka properties to the <sample_secret_file>.yaml with log_ prefix. For more information, seeloggingContactPoints
in kafka parameter and log parameter.#Required secret log_kafka_security_protocol: <security protocol for kafka - logging>
# Optional secret log_kafka_sasl_jaas_config: <sasl jaas cofing for kafka> log_kafka_ user: <username for kafka> log_kafka_password: <password for kafka > log_kafka_sasl_mechanism: <sasl mechanism for kafka>
Note: Ensure to set the values based on your external instance configurations. - If your middleware services (Cassandra, Elasticsearch, and Kafka) are not installed by the
Operator, add the following properties to the <sample_secret_file>.yaml
file.
- Run the following command.
oc create -f <sample_secret_file>.yaml -n <sip_installation_namespace>
A secret based on the values added in the <sample_secret_file>.yaml file is created and encoded.