From 15b4979453ac9e85dc8e03d30d7ca440179dfc73 Mon Sep 17 00:00:00 2001 From: "Schmalzried, Terry (ts862m)" Date: Fri, 21 Aug 2020 15:59:22 -0400 Subject: Set Cloudify password Cloudify pod updates for sourcing password from CMPASS environment variable. Issue-ID: DCAEGEN2-1975 Change-Id: I5f297af9ad92389d0901eee463ea175751853838 Signed-off-by: Schmalzried, Terry (ts862m) --- cm-container/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cm-container/README.md') diff --git a/cm-container/README.md b/cm-container/README.md index 3e3d45a..03b9634 100644 --- a/cm-container/README.md +++ b/cm-container/README.md @@ -58,7 +58,7 @@ The last command in the script is the command from the original Cloudify version which then brings up the many other processes needed for a working instance of Cloudify Manager. ## The `setup-secret.sh` script -When Kubernetes starts a container, it mounts a directory containing the credentials that the container needs to access the Kubernetes API on the local Kubernetes cluster. The mountpoint is `/var/run/secrets/kubernetes.io/serviceaccount`. Something about the way that Cloudify Manager is started (possibly because `/sbin/init` is run) causes this mountpoint to be hidden. `setup-secret.sh` will recreated the directory if it's not present and symbolically link it to a copy of the credentials mounted at `/secret` in the container file system. This gives Cloudify Manager the credentials that the Kubernetes plugin needs to deploy Kubernetes-based DCAE components. +When Kubernetes starts a container, it mounts a directory containing the credentials that the container needs to access the Kubernetes API on the local Kubernetes cluster. The mountpoint is `/var/run/secrets/kubernetes.io/serviceaccount`. Something about the way that Cloudify Manager is started (possibly because `/sbin/init` is run) causes this mountpoint to be hidden. `setup-secret.sh` will recreate the directory if it's not present and symbolically link it to a copy of the credentials mounted at `/secret` in the container file system. This gives Cloudify Manager the credentials that the Kubernetes plugin needs to deploy Kubernetes-based DCAE components. `setup-secret.sh` needs to run after '/sbin/init'. The Dockerfile installs it in the `rc.local` script that runs at startup. -- cgit 1.2.3-korg