Chapter 8. Configuring authentication


Application users need credentials to access Data Grid clusters. You can use default, generated credentials or add your own.

8.1. Default credentials

Data Grid Operator generates base64-encoded credentials for the following users:

UserSecret nameDescription

developer

infinispan-generated-secret

Credentials for the default application user.

operator

infinispan-generated-operator-secret

Credentials that Data Grid Operator uses to interact with Data Grid resources.

8.2. Retrieving credentials

Get credentials from authentication secrets to access Data Grid clusters.

Procedure

  • Retrieve credentials from authentication secrets.

    oc get secret infinispan-generated-secret

    Base64-decode credentials.

    oc get secret infinispan-generated-secret -o jsonpath="{.data.identities\.yaml}" | base64 --decode

8.3. Adding custom user credentials

Configure access to Data Grid cluster endpoints with custom credentials.

Note

Modifying spec.security.endpointSecretName triggers a cluster restart.

Procedure

  1. Create an identities.yaml file with the credentials that you want to add.

    credentials:
    - username: myfirstusername
      password: changeme-one
    - username: mysecondusername
      password: changeme-two
  2. Create an authentication secret from identities.yaml.

    oc create secret generic --from-file=identities.yaml connect-secret
  3. Specify the authentication secret with spec.security.endpointSecretName in your Infinispan CR and then apply the changes.

    spec:
      security:
        endpointSecretName: connect-secret

8.4. Changing the operator password

You can change the password for the operator user if you do not want to use the automatically generated password.

Procedure

  • Update the password key in the infinispan-generated-operator-secret secret as follows:

    oc patch secret infinispan-generated-operator-secret -p='{"stringData":{"password": "supersecretoperatorpassword"}}'
    Note

    You should update only the password key in the generated-operator-secret secret. When you update the password, Data Grid Operator automatically refreshes other keys in that secret.

8.5. Disabling user authentication

Allow users to access Data Grid clusters and manipulate data without providing credentials.

Important

Do not disable authentication if endpoints are accessible from outside the OpenShift cluster via spec.expose.type. You should disable authentication for development environments only.

Procedure

  1. Set false as the value for the spec.security.endpointAuthentication field in your Infinispan CR.

    spec:
      security:
        endpointAuthentication: false
  2. Apply the changes.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.