Creating secrets for storage cluster GUI users
Create a secret on the Red Hat OpenShift cluster that holds the credentials for GUI users defined on the IBM Storage Scale Storage cluster. The secret is used by the operator to communicate with the storage cluster to configure the remote mount.
The username and password that is specified for the secrets must match the GUI user that was created on the storage cluster Creating container operator user and group.
Two new secrets must be added for each storage cluster being configured.
-
Create a secret for the
ContainerOperator
GUI user defined on the storage cluster.To create a secret named
cnsa-remote-mount-storage-cluster-1
in theibm-spectrum-scale
namespace, enter the following command:oc create secret generic cnsa-remote-mount-storage-cluster-1 --from-literal=username='cnsa_storage_gui_user' \ --from-literal=password='cnsa_storage_gui_password' -n ibm-spectrum-scale
-
Create a secret for the
CsiAdmin
GUI user defined on the storage cluster.To create the secret named
csi-remote-mount-storage-cluster-1
in theibm-spectrum-scale-csi
namespace, enter the following command:oc create secret generic csi-remote-mount-storage-cluster-1 --from-literal=username='csi_storage_gui_user' \ --from-literal=password='csi_storage_gui_password' -n ibm-spectrum-scale-csi
-
Label the secret, enter the following command:
oc label secret csi-remote-mount-storage-cluster-1 -n ibm-spectrum-scale-csi product=ibm-spectrum-scale-csi
When the passwords on the storage cluster for these users change, the credentials in the secrets must be updated. For instructions to update the secrets, see Updating user secrets for the storage cluster on Red Hat OpenShift.
Optionally, automatic password rotation for these users can be enabled. If enabled, the operator frequently changes the user passwords on the storage cluster and also update the two secrets. For more information, see Automatic password rotation.