Versions Compared

Old Version 7

changes.mady.by.user Yi Zhan Lim

Saved on

compared with

New Version Current

changes.mady.by.user Kevin Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prior to installation, the system must be bootstrapped with certain authorization server credentials and secrets. There are a few alternative ways to perform this task.

Authorization Server Credentials

The authorization server credentials can be provided to the system in the following ways:

...

Necessary authorization server credentials for Secret or Helm, respectively, are listed in the table. These credentials need to be provided before installation can complete:

Secret Parameter

Helm Parameter

Description

managementApiUsername

authorizationServer.management-api.username

HTTP Basic Authentication Username

managementApiPassword

authorizationServer.management-api.password

HTTP Basic Authentication Password

jwtKeystore

authorizationServer.jwt.keystore

Secret Parameter - File path of a keystore encoded in Base64 format

Helm Parameter - File path of a keystore

jwtKeyId

authorizationServer.jwt.key-id

Alias of the RSA private/public key pair used for JWT

jwtKeyPassword

authorizationServer.jwt.key-password

Password of the RSA private/public key pair used for JWT

jwtKeystorePassword

authorizationServer.jwt.keystore-password

Password of the keystore

Kubernetes Secret

Credentials can be written into a Secret object, which must be named authorization-server-secrets prior to installation.

Expand
titleExample - Secret object
Code Block
kubectl create secret generic authorization-server-secrets --namespace <namespace> \
--from-literal=managementApiUsername=<username> \
--from-literal=managementApiPassword=<password> \
--from-file=jwtKeystore=<keystore file path encoded in Base64 format> path> \
--from-literal=jwtKeyId=<id> \
--from-literal=jwtKeyPassword=<password> \
--from-literal=jwtKeystorePassword=<password>

Keystore file can be encoded in Base64 format with the following command:

Code Block
base64 -i <keystore file path> -o <B64 keystore file name>.txt

Helm Values

Expand
titleExample - Helm installation with existing kubernetes secret
Code Block
helm upgrade <installation name> --install ue-internal/usage-engine-private-edition --version <helm chart version> --set "global.imagePullSecrets[0].name=ecrcred" \
--set persistence.enabled=true \
--set environment=docker-desktop \
--set operator.installCRDs=false \
--set authorizationServer.enabled=true
Expand
titleExample - Helm Installation without Kubernetes Secret
Code Block
helm upgrade <installation name> --install ue-internal/usage-engine-private-edition --version <helm chart version> --set "global.imagePullSecrets[0].name=ecrcred" \
--set persistence.enabled=true \
--set environment=docker-desktop \
--set operator.installCRDs=false \
--set authorizationServer.enabled=true \
--set-file authorizationServer.jwt.keystore=<keystore file path> path encoded in Base64 format> \
--set authorizationServer.jwt.key-id=<id> \
--set authorizationServer.jwt.key-password=<password> \
--set authorizationServer.jwt.keystore-password=<password> \
--set authorizationServer.management-api.username=<username> \
--set authorizationServer.management-api.password=<password>

Keystore file can be encoded in Base64 format with the following command:

Code Block
base64 -i <keystore file path> -o <B64 keystore file name>.txt

Random

If neither Secret nor Helm values are used to provide managementApiPassword credentials, the required values are automatically populated with random data. For users with access rights, the randomized credentials can be retrieved by doing:

...