Weka Operator secrets management

Manage the Kubernetes secrets created by the Weka operator to store credentials and connection information required for cluster interaction. The operator automatically handles the lifecycle of these s

Secret types and purposes

The operator creates four distinct secrets for each WekaCluster to facilitate different access requirements:

Secret Type

Name Format

Purpose

Operator Secret

weka-operator-<cluster-uid>

Used by the operator for administrative operations.

User Admin Secret

weka-cluster-<cluster-name>

Provides administrative access for users.

Client Secret

weka-client-<cluster-name>

Used by Weka clients to connect to the cluster.

CSI Secret

weka-csi-<cluster-name>

Used by the CSI plugin for storage provisioning.

Operator Secret configuration

The operator uses this secret to authenticate with the Weka cluster. It contains the following data:

username: The operator-specific admin user.
password: The password for the operator user.
org: The organization name, typically Root.
join-secret: The token required for containers to join the cluster.

Manual creation command:

Bash

kubectl create secret generic weka-operator-<cluster-uid> \
  --from-literal=username=weka-operator-<cluster-uid-short> \
  --from-literal=password=<password> \
  --from-literal=org=Root \
  --from-literal=join-secret=<join-token>

User Admin Secret configuration

This secret stores credentials for general administrative tasks performed by users.

Manual creation command:

Bash

kubectl create secret generic weka-cluster-<cluster-name> \
  --from-literal=username=weka<cluster-uid-short> \
  --from-literal=password=<password> \
  --from-literal=org=Root

Client Secret configuration

Weka clients utilize this secret to establish connections to the cluster.

Manual creation command:

Bash

kubectl create secret generic weka-client-<cluster-name> \
  --from-literal=username=wekaclient<cluster-uid-short> \
  --from-literal=password=<password> \
  --from-literal=org=Root \
  --from-literal=join-secret=<join-token>

CSI Secret configuration

The CSI plugin requires this secret to manage and provision storage resources. It includes backend connection details:

endpoints: A comma-separated list of Weka API endpoints in <ip>:<port> format.
scheme: The API access scheme, such as https.
nfsTargetIps: The IP addresses for NFS targets.

Manual creation command:

Bash

kubectl create secret generic weka-csi-<cluster-name> \
  --from-literal=username=wekacsi<cluster-uid-short> \
  --from-literal=password=<password> \
  --from-literal=organization=Root \
  --from-literal=endpoints=<ip1>:35000,<ip2>:35100 \
  --from-literal=scheme=https \
  --from-literal=nfsTargetIps=<ip>

Usage in WekaClient resources

The method for connecting a WekaClient Custom Resource depends on how the cluster is provisioned:

Operator-provisioned clusters: The WekaClient automatically uses the client secret created by the operator when you specify the targetCluster.
Manual connection to non-operator clusters: When specifying direct IPs instead of a targetCluster, you must create the CSI secret manually. Ensure the secret includes a join-secret if the cluster requires it.

PreviousMigrate standalone CSI to WEKA Operator-embedded NextWEKA Operator day-2 operations

Last updated 14 days ago

hashtagSecret types and purposes

hashtagOperator Secret configuration

hashtagUser Admin Secret configuration

hashtagClient Secret configuration

hashtagCSI Secret configuration

hashtagUsage in WekaClient resources

Secret types and purposes

Operator Secret configuration

User Admin Secret configuration

Client Secret configuration

CSI Secret configuration

Usage in WekaClient resources