Updating Registry Access Token
Registry access token is used to access the container registry. You must rotate the
container registry access token, configured through the registry_password
parameter in the siebel-config.yaml file, regularly to prevent unauthorized
access to the images in the container registry.
To update the registry access token, perform the following tasks:
- Update the
registry_passwordparameter in the Git repository:- Go to the environment
directory:
cd /home/opc/siebel/<env_id> - Open the
siebel-config.yamlfile:vi <namespace>-cloud-manager/flux-crm/apps/base/siebel/siebel-config.yaml - Update the
registry_passwordparameter value with the new access token.
- Go to the environment
directory:
- Recreate the custom secret definition for the registry credentials:
- Delete the existing custom secret
definition:
source /home/opc/siebel/<env_id>/k8sprofile kubectl delete secret -n <namespace> customsecret - Go to the secrets
directory:
cd /home/opc/siebel/<env_id>/<namespace>-cloud-manager/flux-crm/infrastructure/secrets - Create a new custom secret definition with the updated registry access
token:
kubectl --dry-run=client -n <namespace> create secret docker-registry customsecret \ --docker-server=<registry_url> \ --docker-username=<registry_username>\ --docker-password=<registry_password> \ --docker-email=siebel@oracle.com \ -o yaml > customsecret.yaml
- Delete the existing custom secret
definition:
- Commit the changes to the remote Git repository:
git add . git commit -m "updated registry password and custom secrets" git config pull.rebase false git pull git pushNote: Flux will reconcile and uptake the new changes in the Git repository and recreate a new custom secret. - Update
registry_passwordin environment YAML file:- Open the environment YAML
file:
vi /home/opc/siebel/environments/<env_id>_environment.yaml - Update the
registry_passwordparameter value with the new access token.
- Open the environment YAML
file: