Two Kubernetes Secrets must be created to store credentials for the deployment and operation of Hybrid Data Pipeline. First, a Secret must be created to store the credentials of the PostgreSQL Privileged User. Second, a Secret must be created to store credentials for (1) Hybrid Data Pipeline server users and (2) Hybrid Data Pipeline system database users. All credentials should be secured and handled as sensitive information. The Hybrid Data Pipeline GitHub repository provides two manifest files that should be used to create these Secrets.

  • The account-database-secrets.yaml manifest stores the password for the PostgreSQL Privileged User. The PostgreSQL Privileged User is used to create the schema and users for the Hybrid Data Pipeline system database. A Base64-encoded password must be provided for the data.privileged-postgres-password parameter.
  • The hdp-secrets.yaml manifest stores credentials for (1) Hybrid Data Pipeline server users and (2) Hybrid Data Pipeline system database users. These users are used to deploy and run Hybrid Data Pipeline. You must provide Base64-encoded credentials for the following users.
    • Hybrid Data Pipeline System Administrator: The Hybrid Data Pipeline System Administrator is the d2cadmin superuser. See Default account credentials.
    • Hybrid Data Pipeline User: The Hybrid Data Pipeline User is the d2cuser standard user. See Default account credentials.
    • System Database Administrator: The System Database Administrator must have the ability to access and modify the system database and must have the privileges described in External system databases.
    • System Database Standard User: The System Database Standard User must have the ability to access and run queries against the system database as described in External system databases.

The following sections provide step-by-step instructions:

Create a Kubernetes Secret for the PostgreSQL Privileged User

Take the following steps to create a Kubernetes Secret for the PostgreSQL Privileged User:

  1. Download the account-database-secrets.yaml from the Hybrid Data Pipeline Helm chart GitHub repository:

    https://github.com/progress/hdp-kubernetes/tree/main/charts/hybriddatapipeline/secrets

  2. In the account-database-secrets.yaml file, specify a Base64-encoded password for the data.privileged-postgres-password parameter.
  3. To create the Secret, run the following command:

    kubectl create -f account-database-secrets.yaml --namespace namespace-value

    Important: The Secret must be created in the same namespace used to deploy the Helm chart.

Create a Kubernetes Secret for Hybrid Data Pipeline and system database users

Take the following steps to create a Kubernetes Secret for Hybrid Data Pipeline and system database users:

  1. Download the hdp-secrets.yaml from the Hybrid Data Pipeline Helm chart GitHub repository:

    https://github.com/progress/hdp-kubernetes/tree/main/charts/hybriddatapipeline/secrets

  2. In the hdp-secrets.yaml file, specify Base64-encoded credentials for the following parameters:
    Parameter Description

    hdp-admin-password

    The password for the Hybrid Data Pipeline System Administrator. The name of this administrator is d2cadmin and it may not be modified. Therefore, there is no separate parameter for specifying the name.

    hdp-user-password

    The password for the Hybrid Data Pipeline User. The name of this user is d2cuser and it may not be modified. Therefore, there is no separate parameter for specifying the name.

    account-database-admin-username

    The name of the System Database Administrator.

    account-database-admin-password

    The password of the System Database Administrator.

    Important: By default, the Helm Chart manifest file is configured to deploy Hybrid Data Pipeline with FIPS mode enabled. When FIPS mode is enabled the password for the account database administrator must be FIPS 140-2 compliant.

    account-database-user-username

    The name of the System Database Standard User.

    account-database-user-password

    The password of the System Database Standard User.

    Important: By default, the Helm Chart manifest file is configured to deploy Hybrid Data Pipeline with FIPS mode enabled. When FIPS mode is enabled the password for the account database user must be FIPS 140-2 compliant.

    hdp-license-key

    The Hybrid Data Pipeline license key.

    Note: To use a licensed version of the server, a license key must be provided. When no value is provided, the Hybrid Data Pipeline server is deployed in evaluation mode.
  3. To create the Secret, run the following command:

    kubectl create -f hdp-secrets.yaml --namespace namespace-value

    Important: The Secret must be created in the same namespace used to deploy the Helm chart.