Configuring Product Master deployment YAML (Fix Pack 3 and later)

Before deployment you need to configure Product Master YAML file.

1. Review and update secret values in the app_secrets.yaml file.
   1. Encrypt your IBM® Db2® or Oracle password by using the following openssl command (requires OpenSSL 1.1.1g FIPS Version and later).

      $ echo <Db2_password> | openssl enc -e -base64 -aes-256-cbc -salt -pbkdf2 -k <key_name>

      Where,

      • <Db2_password> - Plain text password for the database.
      • <key_name> - Passphrase, any random alphanumeric string.
   2. Generate self-signed certificate or procure valid certificate that is issued by the certificate authority for applying to the Ingress routes, which in turn are applied to application URLs. Convert certificate and key to Base64 format by using the following command.

      
      cat crt.cert | base64
      cat cert.key | base64

      Convert the output to single line for the crt.cert and cert.key files.
2. Update the values in the app_secrets.yaml file in the following format.

   apiVersion: v1
   kind: Secret
   metadata:
     name: app-secret
     namespace: <namespace>
   type: Opaque
   stringData:
     db_type: "<db2 / oracle>"
     db_name: "<DB name>"
     db_host: "<IP/Hostname of DB>"
     db_user: "<DB username>"
     encryption_key: "<Encryption key used to encrypt DB2/Oracle password>"
     db_pass: "<Encrypted DB password>"
     db_port: "<DB server port>"
   #Update below details only if you are going to use DAM/ML features, else you can remove these secret entries.
     mongodb_name: "<mongoDB database>"
     mongodb_user: "<mongoDB user>"
     mongodb_pass: "<mongoDB plain text password>"
   #Update below details only if you are going to use FTS features, else you can remove these secret entries.
     elastic_user: "elastic"
     elastic_pass: "<elastic plain text password>"
   #Update below details only if you are going to use GDS feature, else you can remove these secret entries.
     mq_app_user: "<IBM MQ app user which will be created on IBM MQ Pod>"
     mq_app_pass: "<Set IBM MQ app user plain text password>"
     mq_ui_pass: "<IBM MQ UI plain text password>"
   #Update below details only if you are going to use WKC feature, else you can remove these secret entries.
     cpd_host_url: "<CPD host URL>"
     cpd_user_name: "<CPD User name>"
     wkc_auth_api_key: "<WKC API Key>"
     wkc_catalog_name: "<WKC Catalog name>"
   #Update below details only if SMTP is required, else you can remove these secret entries.
     smtp_address: "<SMTP server hostname>"
     from_address: "<From email address>"
     smtp_port: "<SMTP server port>"
     smtp_user: "<SMTP username or API key>"
     smtp_pass: "<SMTP plain text password>"
     smtp_additional_props: "<SMTP Additional Properties>"
   #Update below details only if SAML SSO is required, else you can remove these secret entries.
     sso_company: "<Company code>"
     sso_config_adminui: "<AdminUI SAML WebSSO configuration for IBM Liberty, in the format <samlWebSso20>..</samlWebSso20>>"
     sso_config_personaui: "<PersonaUI SAML WebSSO configuration for IBM Liberty, in the format <samlWebSso20>..</samlWebSso20>>"
     sso_idp_metadata: "<Identity provider metadata file content>"
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: tls-secret
     namespace: <namespace>
   type: kubernetes.io/tls
   data:
     tls.crt: <base64 converted domain name certificate in single line format>
     tls.key: <base64 converted domain name certificate key in single line format>

3. Update the parameters in the ipm_12.0.x_cr.yamlfile before deployment as per the requirement. For more information, see ipm_12.0.x_cr.yaml file parameters.