Skip to content

Commit 9731427

Browse files
Merge pull request #914 from redis/DOC-4586-rdi-k8s-secrets
DOC-4586 added K8s commands to set secrets
2 parents 0ebbc54 + 12a4586 commit 9731427

File tree

1 file changed

+85
-7
lines changed
  • content/integrate/redis-data-integration/data-pipelines

1 file changed

+85
-7
lines changed

content/integrate/redis-data-integration/data-pipelines/deploy.md

Lines changed: 85 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,15 +25,11 @@ Before you deploy your pipeline, you must set the authentication secrets for the
2525
source and target databases. Each secret has a corresponding property name that
2626
you can pass to the
2727
[`redis-di set-secret`]({{< relref "/integrate/redis-data-integration/reference/cli/redis-di-set-secret" >}})
28-
command to set the property's value. You can then refer to these properties
28+
command (VM deployment) or
29+
[`kubectl create secret generic`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic/)
30+
(K8s deployment) to set the property's value. You can then refer to these properties
2931
in `config.yaml` using the syntax "`${PROPERTY_NAME}`"
3032
(the sample [config.yaml file](#the-configyaml-file) shows these properties in use).
31-
For example, you would use the
32-
following command line to set the source database username to `myUserName`:
33-
34-
```bash
35-
redis-di set-secret SOURCE_DB_USERNAME myUserName
36-
```
3733

3834
The table below shows the property name for each secret. Note that the
3935
username and password are required for the source and target, but the other
@@ -54,6 +50,88 @@ secrets are only relevant to TLS/mTLS connections.
5450
| `TARGET_DB_CERT` | (For mTLS only) Target database public key |
5551
| `TARGET_DB_KEY_PASSWORD` | (For mTLS only) Target database private key password |
5652

53+
### Set secrets for VM deployment
54+
55+
Use
56+
[`redis-di set-secret`]({{< relref "/integrate/redis-data-integration/reference/cli/redis-di-set-secret" >}})
57+
to set secrets for a VM deployment. For example, you would use the
58+
following command line to set the source database username to `myUserName`:
59+
60+
```bash
61+
redis-di set-secret SOURCE_DB_USERNAME myUserName
62+
```
63+
64+
### Set secrets for K8s/Helm deployment
65+
66+
Use
67+
[`kubectl create secret generic`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_create/kubectl_create_secret_generic/)
68+
to set secrets for a K8s/Helm deployment. The general pattern of the commands is
69+
70+
```bash
71+
kubectl create secret generic <DB> \
72+
--namespace=rdi \
73+
--from-literal=<SECRET-NAME>=<SECRET-VALUE>
74+
```
75+
76+
Where `<DB>` is either `source-db` for source secrets or `target-db` for target secrets.
77+
The specific command lines for source secrets are as follows:
78+
79+
```bash
80+
# Source username
81+
kubectl create secret generic source-db \
82+
--namespace=rdi \
83+
--from-literal=SOURCE_DB_USERNAME=yourUsername
84+
85+
# Source password
86+
kubectl create secret generic source-db \
87+
--namespace=rdi \
88+
--from-literal=SOURCE_DB_PASSWORD=yourPassword
89+
90+
# Source trust certificate
91+
kubectl create secret generic source-db \
92+
--namespace=rdi \
93+
--from-literal=SOURCE_DB_CACERT=/etc/certificates/source_db/ca.crt
94+
95+
# Source public key
96+
kubectl create secret generic source-db \
97+
--namespace=rdi \
98+
--from-literal=SOURCE_DB_CERT=/etc/certificates/source_db/client.crt
99+
100+
# Source private key
101+
kubectl create secret generic source-db \
102+
--namespace=rdi \
103+
--from-literal=SOURCE_DB_KEY=/etc/certificates/source_db/client.key
104+
```
105+
106+
The corresponding command lines for target secrets are:
107+
108+
```bash
109+
# Target username
110+
kubectl create secret generic target-db \
111+
--namespace=rdi \
112+
--from-literal=TARGET_DB_USERNAME=yourUsername
113+
114+
# Target password
115+
kubectl create secret generic target-db \
116+
--namespace=rdi \
117+
--from-literal=TARGET_DB_PASSWORD=yourPassword
118+
119+
# Target trust certificate
120+
kubectl create secret generic target-db \
121+
--namespace=rdi \
122+
--from-literal=TARGET_DB_CACERT=/etc/certificates/target-db/ca.crt
123+
124+
# Target public key
125+
kubectl create secret generic target-db \
126+
--namespace=rdi \
127+
--from-literal=TARGET_DB_CERT=/etc/certificates/target-db/client.crt
128+
129+
# Target private key
130+
kubectl create secret generic target-db \
131+
--namespace=rdi \
132+
--from-literal=TARGET_DB_KEY=/etc/certificates/target-db/client.key
133+
```
134+
57135
## Deploy a pipeline
58136

59137
When you have created your configuration, including the [jobs]({{< relref "/integrate/redis-data-integration/data-pipelines/data-pipelines#job-files" >}}), use the

0 commit comments

Comments
 (0)