Skip to content

Commit 9ba0156

Browse files
committed
Improve deploy.md
1 parent 6170c3d commit 9ba0156

File tree

1 file changed

+44
-23
lines changed
  • content/integrate/redis-data-integration/data-pipelines

1 file changed

+44
-23
lines changed

content/integrate/redis-data-integration/data-pipelines/deploy.md

Lines changed: 44 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -47,20 +47,57 @@ secrets are only relevant for TLS/mTLS connections.
4747
| `TARGET_DB_KEY` | (For mTLS only) Target database private key |
4848
| `TARGET_DB_KEY_PASSWORD` | (For mTLS only) Target database private key password |
4949

50+
{{< note >}}When creating secrets for TLS or mTLS, ensure that all certificates and keys are in `PEM` format. The only exception to this is that for PostgreSQL, the private key `SOURCE_DB_KEY` secret must be in `DER` format. If you have a key in `PEM` format, you must convert it to `DER` before creating the `SOURCE_DB_KEY` secret using the command:
51+
52+
```bash
53+
openssl pkcs8 -topk8 -inform PEM -outform DER -in /path/to/myclient.pem -out /path/to/myclient.pk8 -nocrypt
54+
```
55+
56+
This command assumes that the private key is not encrypted. See the [`openssl` documentation](https://docs.openssl.org/master/) to learn how to convert an encrypted private key.
57+
{{< /note >}}
58+
5059
### Set secrets for VM deployment
5160

52-
Use
53-
[`redis-di set-secret`]({{< relref "/integrate/redis-data-integration/reference/cli/redis-di-set-secret" >}})
54-
to set secrets for a VM deployment. For example, you would use the
55-
following command line to set the source database username to `myUserName`:
61+
Use [`redis-di set-secret`]({{< relref "/integrate/redis-data-integration/reference/cli/redis-di-set-secret" >}})
62+
to set secrets for a VM deployment.
63+
64+
The specific command lines for source secrets are as follows:
5665

5766
```bash
58-
redis-di set-secret SOURCE_DB_USERNAME myUserName
67+
# For username and password
68+
redis-di set-secret SOURCE_DB_USERNAME yourUsername
69+
redis-di set-secret SOURCE_DB_PASSWORD yourPassword
70+
71+
# With source TLS, in addition to the above
72+
redis-di set-secret SOURCE_DB_CACERT /path/to/myca.crt
73+
74+
# With source mTLS, in addition to the above
75+
redis-di set-secret SOURCE_DB_CERT /path/to/myclient.crt
76+
redis-di set-secret SOURCE_DB_KEY /path/to/myclient.key
77+
# Use this only if SOURCE_DB_KEY is password-protected
78+
redis-di set-secret SOURCE_DB_KEY_PASSWORD yourKeyPassword
79+
```
80+
81+
The corresponding command lines for target secrets are:
82+
83+
```bash
84+
# For username and password
85+
redis-di set-secret TARGET_DB_USERNAME yourUsername
86+
redis-di set-secret TARGET_DB_PASSWORD yourPassword
87+
88+
# With target TLS, in addition to the above
89+
redis-di set-secret TARGET_DB_CACERT /path/to/myca.crt
90+
91+
# With target mTLS, in addition to the above
92+
redis-di set-secret TARGET_DB_CERT /path/to/myclient.crt
93+
redis-di set-secret TARGET_DB_KEY /path/to/myclient.key
94+
# Use this only if TARGET_DB_KEY is password-protected
95+
redis-di set-secret TARGET_DB_KEY_PASSWORD yourKeyPassword
5996
```
6097

6198
### Set secrets for K8s/Helm deployment using the rdi-secret.sh script
6299

63-
To use the `rdi-secret.sh` script, unzip the archive that contains the Helm chart and navigate to the resulting folder. The `rdi-secret.sh` script is located in the `scripts` subfolder. The general pattern for using this script is:
100+
Use the `rdi-secret.sh` script to set secrets for a K8s/Helm deployment. To use this script, unzip the archive that contains the RDI Helm chart and navigate to the resulting folder. The `rdi-secret.sh` script is located in the `scripts` subfolder. The general pattern for using this script is:
64101

65102
```bash
66103
scripts/rdi-secret.sh set <SECRET-NAME> <SECRET-VALUE>
@@ -76,14 +113,6 @@ scripts/rdi-secret.sh get <SECRET-NAME>
76113
scripts/rdi-secret.sh list
77114
```
78115

79-
When creating secrets for TLS or mTLS, ensure that all certificates and keys are in `PEM` format. The only exception to this is that for PostgreSQL, the private key `SOURCE_DB_KEY` secret must be in `DER` format. If you have a key in `PEM` format, you must convert it to `DER` before creating the `SOURCE_DB_KEY` secret using the command:
80-
81-
```bash
82-
openssl pkcs8 -topk8 -inform PEM -outform DER -in /path/to/myclient.key -out /path/to/myclient.pk8 -nocrypt
83-
```
84-
85-
This command assumes that the private key is not encrypted. See the [`openssl` documentation](https://docs.openssl.org/master/) to learn how to convert an encrypted private key.
86-
87116
The specific command lines for source secrets are as follows:
88117

89118
```bash
@@ -139,14 +168,6 @@ kubectl create secret generic <DB>-ssl \
139168
--from-file=<FILE-NAME>=<FILE-PATH>
140169
```
141170

142-
When you create these secrets, ensure that all certificates and keys are in `PEM` format. The only exception to this is that for PostgreSQL, the private key in the `source-db-ssl` secret (the `client.key` file) must be in `DER` format. If you have a key in `PEM` format, you must convert it to `DER` before creating the `source-db-ssl` secret using the command:
143-
144-
```bash
145-
openssl pkcs8 -topk8 -inform PEM -outform DER -in /path/to/myclient.key -out /path/to/myclient.pk8 -nocrypt
146-
```
147-
148-
This command assumes that the private key is not encrypted. See the [`openssl` documentation](https://docs.openssl.org/master/) to learn how to convert an encrypted private key.
149-
150171
The specific command lines for source secrets are as follows:
151172

152173
```bash
@@ -231,7 +252,7 @@ Note that the certificate paths contained in the secrets `SOURCE_DB_CACERT`, `SO
231252

232253
## Deploy a pipeline
233254

234-
When you have created your configuration, including the [jobs]({{< relref "/integrate/redis-data-integration/data-pipelines/data-pipelines#job-files" >}}), they are
255+
When you have created your configuration, including the [jobs]({{< relref "/integrate/redis-data-integration/data-pipelines/data-pipelines#job-files" >}}), you are
235256
ready to deploy. Use [Redis Insight]({{< relref "/develop/tools/insight/rdi-connector" >}})
236257
to configure and deploy pipelines for both VM and K8s installations.
237258

0 commit comments

Comments
 (0)