# Weka Operator secrets management ## Secret types and purposes The operator creates four distinct secrets for each WekaCluster to facilitate different access requirements: | **Secret Type** | **Name Format** | **Purpose** | | ----------------- | ----------------------------- | --------------------------------------------------- | | Operator Secret | `weka-operator-` | Used by the operator for administrative operations. | | User Admin Secret | `weka-cluster-` | Provides administrative access for users. | | Client Secret | `weka-client-` | Used by Weka clients to connect to the cluster. | | CSI Secret | `weka-csi-` | Used by the CSI plugin for storage provisioning. | *** #### Operator Secret configuration The operator uses this secret to authenticate with the Weka cluster. It contains the following data: * username: The operator-specific admin user. * password: The password for the operator user. * org: The organization name, typically Root. * join-secret: The token required for containers to join the cluster. Manual creation command: Bash ``` kubectl create secret generic weka-operator- \ --from-literal=username=weka-operator- \ --from-literal=password= \ --from-literal=org=Root \ --from-literal=join-secret= ``` *** #### User Admin Secret configuration This secret stores credentials for general administrative tasks performed by users. Manual creation command: Bash ``` kubectl create secret generic weka-cluster- \ --from-literal=username=weka \ --from-literal=password= \ --from-literal=org=Root ``` *** #### Client Secret configuration Weka clients utilize this secret to establish connections to the cluster. Manual creation command: Bash ``` kubectl create secret generic weka-client- \ --from-literal=username=wekaclient \ --from-literal=password= \ --from-literal=org=Root \ --from-literal=join-secret= ``` *** #### CSI Secret configuration The CSI plugin requires this secret to manage and provision storage resources. It includes backend connection details: * endpoints: A comma-separated list of Weka API endpoints in `:` format. * scheme: The API access scheme, such as https. * nfsTargetIps: The IP addresses for NFS targets. Manual creation command: Bash ``` kubectl create secret generic weka-csi- \ --from-literal=username=wekacsi \ --from-literal=password= \ --from-literal=organization=Root \ --from-literal=endpoints=:35000,:35100 \ --from-literal=scheme=https \ --from-literal=nfsTargetIps= ``` *** #### Usage in WekaClient resources The method for connecting a WekaClient Custom Resource depends on how the cluster is provisioned: 1. Operator-provisioned clusters: The WekaClient automatically uses the client secret created by the operator when you specify the `targetCluster`. 2. Manual connection to non-operator clusters: When specifying direct IPs instead of a `targetCluster`, you must create the CSI secret manually. Ensure the secret includes a `join-secret` if the cluster requires it. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.weka.io/kubernetes/weka-operator-deployments/weka-operator-secrets-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.