Creating a service account to use a key encryption key
Before you begin
Download the following files:
To create a service account, role, and role binding
- In the kek_serviceaccount.yaml file, update the following parameters:
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the service account name in the file.
The service account name must be sa-cm-secrets-reader-writer.
- In the kek_role.yaml file, update the following parameters:
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the role name in the file.
The role name must be role-cm-secrets-reader-writer.
- In the kek_rolebinding.yaml file, update the following parameters:
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the role binding name in the file.
The role binding name must be role rb-cm-secrets-reader-writer.
- In the sts-utility-sa.yml file, update the following parameters:
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the service account name in the file.
The service account name must be sts-utility.
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the role name in the file.
The role name must be sts-utility-role.
In the sts-utility-role.yml file, update the following parameters:- In the sts-utility-rolebinding.yml file, update the following parameters:
- Replace the <<ITSM NAMESPACE>> parameter with your BMC Helix Innovation Suite namespace name.
- Make sure that you do not modify the role binding name in the file.
The role binding name must be role sts-utility-role-binding.
- On the Deployment Engine that is your Jenkins server, run the following commands:
- To create the service account, run the following command: kubectl create -f kek_serviceaccount.yaml
- To create the role, run the following command: kubectl create -f kek_role.yaml
To create role binding, run the following command:
kubectl create -f kek_rolebinding.yamlTo associate the service account with your StatefulSet, run the following command:
kubectl create -f sts-utility-sa.ymlTo associate the role with your StatefulSet, run the following command:
kubectl create -f sts-utility-role.ymlTo associate the role binding with your StatefulSet, run the following command:
kubectl create -f sts-utility-rolebinding.yml
Confirm that the service account, role, and role binding are created by using the following commands:
kubectl get serviceaccount -n <BMC Helix Innovation Suite namespace>
kubectl get role -n <BMC Helix Innovation Suite namespace>
kubectl get rolebinding -n <BMC Helix Innovation Suite namespace>
Where to go from here
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*