Creating secrets for storage cluster GUI users

Create a secret on the Red Hat OpenShift cluster that holds the credentials for GUI users who are defined on the IBM Storage Scale Storage cluster. The secret is used by the operator to communicate with the storage cluster to configure the remote mount.

The username and password that is specified for the secrets must match the GUI user that was created on the storage cluster Creating container operator user.

Storage cluster older than v5.2.3.0

Two new secrets must be added for each storage cluster being configured.

1. Create a secret for the ContainerOperator GUI user defined on the storage cluster.

   To create a secret named cnsa-remote-mount-storage-cluster-1 in the ibm-spectrum-scale namespace, enter the following command:

   kubectl create secret generic cnsa-remote-mount-storage-cluster-1 --from-literal=username='cnsa_storage_gui_user' \
   --from-literal=password='cnsa_storage_gui_password' -n ibm-spectrum-scale
   

2. Create a secret for the CsiAdmin GUI user defined on the storage cluster.

   To create the secret named csi-remote-mount-storage-cluster-1 in the ibm-spectrum-scale-csi namespace, enter the following command:

   kubectl create secret generic csi-remote-mount-storage-cluster-1 --from-literal=username='csi_storage_gui_user' \
   --from-literal=password='csi_storage_gui_password' -n ibm-spectrum-scale-csi
   

3. Label the secret, enter the following command:

   kubectl label secret cnsa-remote-mount-storage-cluster-1 -n ibm-spectrum-scale product=ibm-spectrum-scale
   

Storage cluster v5.2.3.0 and newer

A new secret must be added for each storage cluster being configured.

1. Create a secret for the ContainerOperator GUI user defined on the storage cluster.

   To create a secret named cnsa-remote-mount-storage-cluster-1 in the ibm-spectrum-scale namespace, enter the following command:

   kubectl create secret generic cnsa-remote-mount-storage-cluster-1 --from-literal=username='cnsa_storage_gui_user' \
   --from-literal=password='cnsa_storage_gui_password' -n ibm-spectrum-scale
   

2. Label the secret, enter the following command:

   kubectl label secret cnsa-remote-mount-storage-cluster-1 -n ibm-spectrum-scale product=ibm-spectrum-scale
   

When the passwords on the storage cluster for these users change, the credentials in the secrets must be updated. For instructions to update the secrets, see Updating user secrets for the storage cluster on Red Hat OpenShift.

Optionally, automatic password rotation for these users can be enabled. If enabled, the operator frequently changes the user passwords on the storage cluster and also update the two secrets. For more information, see Automatic password rotation.