User Defined Secrets in LM Container

Last updated on 03 June, 2024

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Kubernetes Secrets allows you to configure the Kubernetes cluster to use sensitive data (such as passwords) without writing the password in plain text into the configuration files. For more information, see Secrets from Kubernetes documentation.

Note: If you are using secrets on your LM Container, granting manage permission might reveal your encoded configuration data.

Requirements for Configuring User Defined Secrets in LM Container

Ensure you have LM Container Helm Charts version 5.0.0 or later.

Configuring User Defined Secrets for your Kubernetes Clusters in LM Containers

Creating a Secret involves using the key-value pair to store the data. To create Secrets, do as follows:

  1. Create the secrets.yaml with opaque secret type that encodes in Base64 format similar to the following example.

Note: Adding the data label encodes the accessID, accessKey, and account field values in Base64 format.

apiVersion: v1
data:
  accessID: NmdjRTNndEU2UjdlekZhOEp2M2Q=
  accessKey: bG1hX1JRS1MrNFUtMyhrVmUzLXE0Sms2Qzk0RUh7aytfajIzS1dDcUxQREFLezlRKW1KSChEYzR+dzV5KXo1UExNemxoT0RWa01XTXROVEF5TXkwME1UWmtMV0ZoT1dFdE5XUmpOemd6TlROaVl6Y3hMM2oyVGpo
  account: bG1zYWdhcm1hbWRhcHVyZQ==
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

or

  1. Create the secrets.yaml with an opaque secret stringData type similar to the following example.
apiVersion: v1
stringData:
  accessID: "6gcE3gtE6R7ezFa8Jv3d"
  accessKey: "lma_RQKS+4U-3(kVe3-q4Jk6C94EH{k+_j23KWCqLPDAK{9Q)mJH(Dc4~w5y)z5PLMzlhODVkMWMtNTAyMy00MTZkLWFhOWEtNWRjNzgzNTNiYzcxL3j2Tjh"
  account: "lmadminuser"
  etcdDiscoveryToken: ""
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque
  1. Enter the accessIDaccessKey, and account field values.

Note: If you have an existing cluster, enter the same values used while creating Kubernetes Cluster.

  1. Save the secrets.yaml file.
  2. Open and edit the lm-container-configuration.yaml file.
  3. Enter a new field userDefinedSecret with the required value similar to the following example.

Note: The value for userDefinedSecret must be the same as the newly created secret name.

argus:
  clusterName: secret-cluster
global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecret: "user-provided-secret"
  1. Save the lm-container-configuration.yaml file.
  2. In your terminal, enter the following command:
Kubectl apply -f secrets.yaml -n <namespace_where_lm_container will be installed>

Note: Once you apply the secrets and install the LM Container, delete the accessID, accessKey, and account field values in the lm-container-configuration.yaml for security reasons.

The following table displays the Secrets fields:

Field NameField TypeDescription
accessIDmandatoryLM access ID
accessKeymandatoryLM access key
accountmandatoryLM account name
argusProxyPassoptionalargus proxy password
argusProxyUseroptionalargus proxy user name
collectorProxyPassoptionalcollector proxy password
collectorProxyUseroptionalcollector proxy username
collectorSetControllerProxyPassoptionalcollectorset-controller proxy password
collectorSetControllerProxyUseroptionalcollectorset-controller proxy username
etcdDiscoveryTokenoptionaletcd discovery token
proxyPassoptionalglobal proxy password
proxyUseroptionalglobal proxy username

Example of Secrets with Proxy Details for Kubernetes Cluster

The following secrets.yaml file displays user-defined secrets with the proxy details:

apiVersion: v1
data:
  accessID:
  accessKey:
  account:
  etcdDiscoveryToken:
  proxyUser:
  proxyPass:
  argusProxyUser:
  argusProxyPass:
  cscProxyUser:
  cscProxyPass:
  collectorProxyUser:
  collectorProxyPass:
kind: Secret
metadata:
  name: user-provided-secret
  namespace: default
type: Opaque

There are two types of proxies; global proxy and component-level proxy. When you provide a global proxy, it applies to all Argus, Collectorset-Controller, and collector components. When you add both component-level proxy and global proxy, component-level proxy gains precedence. For example, if you add a collector proxy and a global proxy, the collector proxy is applied to the collector, and a global proxy is applied to the other Argus and Collectorset-Controller components. 

The following is an example of the lm-container-configuration.yaml file:

global:
  accessID: ""
  accessKey: ""
  account: ""
  userDefinedSecret: <secret-name>
  proxy: 
    url: "proxy_url_here"
In This Article