From d0034b6a8f96225f5252e77df3c73d2095db24ef Mon Sep 17 00:00:00 2001 From: g-pan Date: Thu, 21 Mar 2024 12:37:56 -0400 Subject: [PATCH] HPCC-25660 Document LDAP Admin externalization Signed-off-by: g-pan --- .../ContainerizedMods/CustomConfig.xml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/EN_US/ContainerizedHPCC/ContainerizedMods/CustomConfig.xml b/docs/EN_US/ContainerizedHPCC/ContainerizedMods/CustomConfig.xml index 0d1845bf1d3..f0303d3fd67 100644 --- a/docs/EN_US/ContainerizedHPCC/ContainerizedMods/CustomConfig.xml +++ b/docs/EN_US/ContainerizedHPCC/ContainerizedMods/CustomConfig.xml @@ -1014,10 +1014,10 @@ eclagent: account from a command line interface to Kubernetes, execute a command similar to the following example. Note the secret name, is "admincredssecretname" in this example. The HPCC Administrators user - account "username" and "password" key/values are required; and + account "username" and "password" key/values are required, and additional properties are ignored. - kubectl create secret generic admincredssecretname --from-literal=username=hpcc_admin \ + kubectl create secret generic admincredssecretname --from-literal=username=hpcc_admin \ --from-literal=password=t0pS3cr3tP@ssw0rd @@ -1026,7 +1026,7 @@ eclagent: secret you just created by executing the following command on the Kubernetes command line interface. - kubectl get secret admincredssecretname + kubectl get secret admincredssecretname For more information about Kubernetes see the appropriate Kubernetes documentation for your implementation. @@ -1055,7 +1055,7 @@ eclagent: referenced in the component's ldap.yaml file. You may override these and add additional key/values as needed. - secrets: + secrets: authn: admincredsmountname: "admincredssecretname" #exernalize HPCC Admin creds admincredsaltmountname: "admincredsaltsecretname" #exernalize alternate HPCC Admin creds @@ -1068,11 +1068,11 @@ eclagent: In the delivered HPCC-Platform/esp/applications/common/ldap/ldap.yaml file, the "ldapAdminSecretKey" is already set to the key mount name illustrated - in the example above. To enable the LDAP authentication and to - override this value, override the ESP/ECLWatch helm component located - in values.yaml as illustrated in the following example: + in the example above. To enable LDAP authentication and to modify this + value, override the ESP/ECLWatch helm component located in values.yaml + as illustrated in the following example: - esp: + esp: - name: eclwatch application: eclwatch auth: ldap @@ -1103,7 +1103,7 @@ eclagent: To verify and confirm the secret values, execute the following command: - vault kv get secret/authn/myvaultadmincreds + vault kv get secret/authn/myvaultadmincreds For more information about creating secrets for HashiCorp Vault see the appropriate HashiCorp documentation for your @@ -1124,7 +1124,7 @@ eclagent: this chart in the HPCC-Platform repository under /helm/examples/secrets/values-secrets.yaml. - vaults: + vaults: authn: - name: my-authn-vault #The data node in the URL is there for use by the REST API @@ -1142,7 +1142,7 @@ eclagent: must match exactly when using the Vault name set up in the previous steps. - esp: + esp: - name: eclwatch application: eclwatch auth: ldap