From 8bf8e9cc5a9a3d146391d411019868812724f672 Mon Sep 17 00:00:00 2001 From: "David W. Dougherty" Date: Thu, 19 Dec 2024 10:10:32 -0800 Subject: [PATCH 1/2] INT: improve K8s secret setting page --- .../data-pipelines/deploy.md | 94 +++++++------------ 1 file changed, 33 insertions(+), 61 deletions(-) diff --git a/content/integrate/redis-data-integration/data-pipelines/deploy.md b/content/integrate/redis-data-integration/data-pipelines/deploy.md index 25e3c2d4e..1fa08317d 100644 --- a/content/integrate/redis-data-integration/data-pipelines/deploy.md +++ b/content/integrate/redis-data-integration/data-pipelines/deploy.md @@ -78,72 +78,44 @@ The specific command lines for source secrets are as follows: ```bash # Source username -kubectl create secret generic source-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_USERNAME=yourUsername - -# Source password -kubectl create secret generic source-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_PASSWORD=yourPassword - -# Source trust certificate (both commands are required) -kubectl create secret generic source-db-ssl --from-file=ca.crt=/path/to/myca.crt -n rdi - -kubectl create secret generic source-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt - -# Source public key (both commands are required) -kubectl create secret generic source-db-ssl --from-file=client.crt=/path/to/myclient.crt -n rdi - -kubectl create secret generic source-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_CERT=/etc/certificates/source_db/client.crt - - -# Source private key (both commands are required) -kubectl create secret generic source-db-ssl --from-file=client.key=/path/to/myclient.key -n rdi - -kubectl create secret generic source-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_KEY=/etc/certificates/source_db/client.key +kubectl create secret generic source-db --namespace=rdi \ +--from-literal=SOURCE_DB_USERNAME=yourUsername \ +--from-literal=SOURCE_DB_PASSWORD=yourPassword \ +--save-config --dry-run=client -o yaml | kubectl apply -f - + +# Source TLS +kubectl create secret generic source-db-ssl --namespace=rdi \ +--from-file=ca.crt=/path/to/myca.crt \ +--save-config --dry-run=client -o yaml | kubectl apply -f - + +# Source mTLS +kubectl create secret generic source-db-ssl --namespace=rdi \ +--from-file=ca.crt=/path/to/myca.crt \ +--from-file=client.crt=/path/to/myclient.crt \ +--from-file=client.key=/path/to/myclient.key \ +--save-config --dry-run=client -o yaml | kubectl apply -f - ``` The corresponding command lines for target secrets are: ```bash -# Target username -kubectl create secret generic target-db \ ---namespace=rdi \ ---from-literal=TARGET_DB_USERNAME=yourUsername - -# Target password -kubectl create secret generic target-db \ ---namespace=rdi \ ---from-literal=TARGET_DB_PASSWORD=yourPassword - -# Target trust certificate (both commands are required) -kubectl create secret generic target-db-ssl --from-file=ca.crt=/path/to/myca.crt -n rdi - -kubectl create secret generic target-db \ ---namespace=rdi \ ---from-literal=TARGET_DB_CACERT=/etc/certificates/target-db/ca.crt - -# Target public key (both commands are required) -kubectl create secret generic target-db-ssl --from-file=client.crt=/path/to/myclient.crt -n rdi - -kubectl create secret generic target-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_CERT=/etc/certificates/target_db/client.crt - - -# Target private key (both commands are required) -kubectl create secret generic target-db-ssl --from-file=client.key=/path/to/myclient.key -n rdi - -kubectl create secret generic target-db \ ---namespace=rdi \ ---from-literal=SOURCE_DB_KEY=/etc/certificates/target_db/client.key +# Target credentials +kubectl create secret generic target-db --namespace=rdi \ +--from-literal=TARGET_DB_USERNAME=yourUsername \ +--from-literal=TARGET_DB_PASSWORD=yourPassword \ +--save-config --dry-run=client -o yaml | kubectl apply -f - + +# Target TLS +kubectl create secret generic target-db-ssl --namespace=rdi \ +--from-file=ca.crt=/path/to/myca.crt \ +--save-config --dry-run=client -o yaml | kubectl apply -f - + +# Target mTLS +kubectl create secret generic target-db-ssl --namespace=rdi \ +--from-file=ca.crt=/path/to/myca.crt \ +--from-file=client.crt=/path/to/myclient.crt \ +--from-file=client.key=/path/to/myclient.key \ +--save-config --dry-run=client -o yaml | kubectl apply -f - ``` ## Deploy a pipeline From 6e2740df33be314824eb98d9758e4d0fc1a98ac5 Mon Sep 17 00:00:00 2001 From: "David W. Dougherty" Date: Fri, 20 Dec 2024 06:39:11 -0800 Subject: [PATCH 2/2] Apply review comments --- .../data-pipelines/deploy.md | 48 ++++++++++++++++--- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/content/integrate/redis-data-integration/data-pipelines/deploy.md b/content/integrate/redis-data-integration/data-pipelines/deploy.md index 1fa08317d..491b2aa3a 100644 --- a/content/integrate/redis-data-integration/data-pipelines/deploy.md +++ b/content/integrate/redis-data-integration/data-pipelines/deploy.md @@ -77,18 +77,36 @@ Where `` is either `source-db` for source secrets or `target-db` for target The specific command lines for source secrets are as follows: ```bash -# Source username +# Without source TLS +# Create or update source-db secret kubectl create secret generic source-db --namespace=rdi \ --from-literal=SOURCE_DB_USERNAME=yourUsername \ --from-literal=SOURCE_DB_PASSWORD=yourPassword \ --save-config --dry-run=client -o yaml | kubectl apply -f - -# Source TLS +# With source TLS +# Create of update source-db secret +kubectl create secret generic source-db --namespace=rdi \ +--from-literal=SOURCE_DB_USERNAME=yourUsername \ +--from-literal=SOURCE_DB_PASSWORD=yourPassword \ +--from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt \ +--save-config --dry-run=client -o yaml | kubectl apply -f - +# Create or update source-db-ssl secret kubectl create secret generic source-db-ssl --namespace=rdi \ --from-file=ca.crt=/path/to/myca.crt \ --save-config --dry-run=client -o yaml | kubectl apply -f - -# Source mTLS +# With source mTLS +# Create or update source-db secret +kubectl create secret generic source-db --namespace=rdi \ +--from-literal=SOURCE_DB_USERNAME=yourUsername \ +--from-literal=SOURCE_DB_PASSWORD=yourPassword \ +--from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt \ +--from-literal=SOURCE_DB_CERT=/etc/certificates/source_db/client.crt \ +--from-literal=SOURCE_DB_KEY=/etc/certificates/source_db/client.key \ +--from-literal=SOURCE_DB_KEY_PASSWORD=yourKeyPassword \ # add this only if SOURCE_DB_KEY is password-protected +--save-config --dry-run=client -o yaml | kubectl apply -f - +# Create or update source-db-ssl secret kubectl create secret generic source-db-ssl --namespace=rdi \ --from-file=ca.crt=/path/to/myca.crt \ --from-file=client.crt=/path/to/myclient.crt \ @@ -99,18 +117,36 @@ kubectl create secret generic source-db-ssl --namespace=rdi \ The corresponding command lines for target secrets are: ```bash -# Target credentials +# Without target TLS +# Create or update target-db secret kubectl create secret generic target-db --namespace=rdi \ --from-literal=TARGET_DB_USERNAME=yourUsername \ --from-literal=TARGET_DB_PASSWORD=yourPassword \ --save-config --dry-run=client -o yaml | kubectl apply -f - -# Target TLS +# With target TLS +# Create of update target-db secret +kubectl create secret generic target-db --namespace=rdi \ +--from-literal=TARGET_DB_USERNAME=yourUsername \ +--from-literal=TARGET_DB_PASSWORD=yourPassword \ +--from-literal=TARGET_DB_CACERT=/etc/certificates/target_db/ca.crt \ +--save-config --dry-run=client -o yaml | kubectl apply -f - +# Create or update target-db-ssl secret kubectl create secret generic target-db-ssl --namespace=rdi \ --from-file=ca.crt=/path/to/myca.crt \ --save-config --dry-run=client -o yaml | kubectl apply -f - -# Target mTLS +# With target mTLS +# Create or update target-db secret +kubectl create secret generic target-db --namespace=rdi \ +--from-literal=TARGET_DB_USERNAME=yourUsername \ +--from-literal=TARGET_DB_PASSWORD=yourPassword \ +--from-literal=TARGET_DB_CACERT=/etc/certificates/target_db/ca.crt \ +--from-literal=TARGET_DB_CERT=/etc/certificates/target_db/client.crt \ +--from-literal=TARGET_DB_KEY=/etc/certificates/target_db/client.key \ +--from-literal=TARGET_DB_KEY_PASSWORD=yourKeyPassword \ # add this only if TARGET_DB_KEY is password-protected +--save-config --dry-run=client -o yaml | kubectl apply -f - +# Create or update target-db-ssl secret kubectl create secret generic target-db-ssl --namespace=rdi \ --from-file=ca.crt=/path/to/myca.crt \ --from-file=client.crt=/path/to/myclient.crt \