Authenticating, encrypting, and enabling services on Red Hat OpenShift

Follow the procedure shown to authenticate, encrypt, and enable services on Red Hat® OpenShift®:

  • Log in to IBM Spectrum® Discover server and issue the following command to extract the password information:
    oc get secret kafka-sasl-password -n ibm-data-cataloging -o jsonpath='{.data.password}'

Encryption

The following information shows an example of a certificate of authority for the PEM file:

  1. Log in to the IBM Spectrum Discover server as moadmin.
  2. Issue the following command to extract the information:
    oc get secret kafka -n ibm-data-cataloging -o jsonpath='{.data.sasl_ca\.crt}' | base64 -d
  3. Copy the block of text that starts with BEGIN CERTIFICATE and ends with END CERTIFICATE. The following example displays what the copied block of text might look like:
    -----BEGIN CERTIFICATE-----
    MIIExTCCA62gAwIBAgIJAKMX/n6ULb6YMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYD
    VQQGEwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNV
    BAoMA0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3Bl
    Y3RydW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5j
    b20wHhcNMTkwMTAyMTY1MDU5WhcNMzgxMjI4MTY1MDU5WjCBmDELMAkGA1UEBhMC
    R0IxDjAMBgNVBAgMBUhBTlRTMRAwDgYDVQQHDAdIdXJzbGV5MQwwCgYDVQQKDANJ
    Qk0xGTAXBgNVBAsMEHNwZWN0cnVtZGlzY292ZXIxGTAXBgNVBAMMEHNwZWN0cnVt
    ZGlzY292ZXIxIzAhBgkqhkiG9w0BCQEWFG1sYXdyZW5jZUB1ay5pYm0uY29tMIIB
    IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg7z4gDeWlkeJjPvj3wobDBB
    JrHJngooDbPLicRSf/yjl1NgwbWbjIjIeL9R8My+24hRUGfym9IWCM8qMWyEHG+w
    +Rr/6jdQyD89j+m1c2ly3nDhXYsTQZR03UylC/TimF6fc07CfuQ1E2ljHf/JXVK4
    ESVilhZR23/tWIfbITZmLvdftJSx0Kgu0Ow4BIr9kpQ3bXwt/eoDvAhdKztDouWN
    lYCGmdzFOi6E3asspxHhcsGW3bcMu5mqzT6BEnSzrxr8kRbRDL6Q0Pqv33XVxP6z
    OHIvv1uFg9Vq6XHIZLBhWNDqPgYoAbT0Q43vUxk7mJ3uJQY6bgbfuEa+PxygQwID
    AQABo4IBDjCCAQowHQYDVR0OBBYEFEKxmmHeSfxgHuFL1dd82WMyf190MIHNBgNV
    HSMEgcUwgcKAFEKxmmHeSfxgHuFL1dd82WMyf190oYGepIGbMIGYMQswCQYDVQQG
    EwJHQjEOMAwGA1UECAwFSEFOVFMxEDAOBgNVBAcMB0h1cnNsZXkxDDAKBgNVBAoM
    A0lCTTEZMBcGA1UECwwQc3BlY3RydW1kaXNjb3ZlcjEZMBcGA1UEAwwQc3BlY3Ry
    dW1kaXNjb3ZlcjEjMCEGCSqGSIb3DQEJARYUbWxhd3JlbmNlQHVrLmlibS5jb22C
    CQCjF/5+lC2+mDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
    AQsFAAOCAQEANINRvyeuJh69iRK5dPJssmcISXcZv4X33ukAyRt4zLNFToSkTfj2
    ZAtQCNgQNl9Ln7Twuit+e6wifxAkA+UD7wrxMzb32+Mpw/XNzo5DnhInfvkAfC62
    SHqWIaqTLXDeGbE8O7ieFsI7kAgEQCf23z/vESB2+m1XBI1UcuxMioYwX4YTb14/
    GLDJkqhXMLWV+h/7NU7KbERSBia24N5zlR6Ed/rx83uD2AwBnBqt24sD6Q8Gbm+e
    HLMv0JrH1vty1vGsfkZnSHb+E6V/5+GsnpIaDyIpsCvM1LqS/wMzBg9hlT5sii8l
    mmqMTK6yqcqS7CfWFv/DjQr/i9ECyJ8fAQ==
    -----END CERTIFICATE-----
    

Notification service configuration setup

  • Check Enable Configuration.
    NAME: <NAME>
    Topic: cos-le-connector-topic
    Hosts: <SD ipaddress> :443
    Type: IBM Spectrum Discover

Enabling authentication

  • Check Enable authentication.
    Username: cos
    Password: <PASSWORD>
    

Enabling encryption

  1. Check Enable TLS for Apache Kafka network connections.
  2. Add the certificate PEM file from the IBM Spectrum Discover platform. See Figure 1.
    Figure 1. Add a storage vault to the configuration
    Add a storage vault to the configuration