Managing secrets in Kubernetes
Sensitive information such as passwords, service account names, certificates, and other confidential data needed by Sametime pods are stored in secrets. In addition to helm charts and configuration map, the Sametime configuration is also derived from secrets.
A secret is considered part of the live runtime or the current configuration. Secrets are created based upon a template or a command line. You can modify the templates to re-create secrets if needed. An example is when you need to update your LDAP bind credentials. For more information see, Changing the LDAP service account password in Kubernetes.
For additional information about secrets in Kubernetes, see the Secrets topic in the Kubernetes documentation.
Some secrets are required by Sametime. They are created during the installation and configuration of Sametime.
Secret | Description | Template |
---|---|---|
sametime-global-secrets | The helm/templates/sametime-secrets.yaml is
used to define this secret. Note that all values within this secret
are based64 encoded. The following parameters are contained in the
global secret.
|
helm/templates/sametime-secrets.yaml |
sametime-internal-keys-secret | Contains information about the certificate key store. | None |
tls-secret | The name of this secret can vary because it is configurable. The name can also vary depending on the ingress controller. The ingress controller might be secured with a certificate within a secret as well. | None |
Secret Name | Template |
---|---|
app-registry-config-secret | helm/templates/app-registry-config-secrets.yaml |
auth-config-secret | helm/templates/auth-config-secrets.yaml |
catalog-config-secret | helm/templates/catalog-config-secrets.yaml |
Secret name | Description |
---|---|
extra-community-config | A configurable secret that contains extra configuration details for the Community pod. It can contain a copy of the StCommunityConfig.xml, UserInfoConfig.xml, and other community files. |
ldap-config-secret | The certificate trust store and password for LDAP. See Securing LDAP on Kubernetes for more details. |
saml-config-secret | The certificate trust store and password for SAML. See Configuring SAML in Kubernetes for more details. |
Considerations for when namespaces are used
In Kubernetes, the Sametime cluster can be deployed in a namespace which makes administration easier for organizations that have multiple users sharing cluster resources. For example, you might want to run MongoDB in the same Kubernetes cluster as Sametime. They could be separated into different namespaces.
kubectl get secrets -n st