1. Transaction Manager for Microservices Developer Guide
  2. Prepare
  3. Set Up etcd as Data Store
  4. Create a Kubernetes Secret for etcd

3.6.2 Create a Kubernetes Secret for etcd

You must provide etcd credentials and etcd endpoints in the values.yaml file. MicroTx uses this information to establish a connection to etcd after the service is installed.

Before you begin, generate RSA certificates for etcd and create a JSON file with the contents of the generated certificates. See Generate RSA Certificates for etcd.

If you plan to deploy etcd and MicroTx within the same Kubernetes cluster, then it is optional for you to configure etcd with TLS. When etcd is configured with TLS, you must provide the certificate details in the values.yaml file for the transaction coordinator.

To create Kubernetes secret and Kubernetes configuration map:
  1. Create a Kubernetes secret with the content available in the JSON file that you have created. Ensure that you create the Kubernetes secret in the namespace where you want to deploy MicroTx.
    kubectl create secret generic etcd-cert-secret \
    --from-file=location of etcdecred.json -n otmm

    Where,

    • etcd-cert-secret is the name of the Kubernetes secret that you want to create. Note down this name as you will need to provide this name in the YAML file to install MicroTx.
    • location of etcdecred.json is the location of the JSON file that you have created in the previous step.
    • otmm is the namespace where you want to deploy MicroTx.
  2. Create a configuration map for the ca.pem file, which you had created previously while initializing the certificate authority. Ensure that you create the configuration map in the namespace where you want to deploy MicroTx.
    kubectl create configmap etcd-ca-cert-map --from-file=location of ca.pem -n otmm

    Where,

    • etcd-ca-cert-map is the name of the configuration map that you want to create. Note down this name as you will have provide this name in the values.yaml file for MicroTx.
    • location of ca.pem is the location of the ca.pem file.
    • otmm is the namespace where you want to deploy MicroTx.
You will need to provide the etcd endpoints, certificate, Kubernetes secret, and Kubernetes configuration map that you have created in the values.yaml file. The following code snippet provides sample value which are based on the values used in the commands in this topic.
storage:
    type: etcd
    etcd:
      endpoints: "https://198.51.100.1:4002"
      skipHostNameVerification: "false"
      credentialSecret:
        secretName: "etcd-cert-secret"
        secretFileName: "etcdecred.json"
      cacertConfigMap:
        configMapName: "etcd-ca-cert-map"
        configMapFileName: "ca.pem"

If you do not provide the correct IP address for the endpoints field, then host verification fails when you install MicroTx. To bypass the host verification in development environments, you can set skipHostNameVerification to true in the values.yaml file of MicroTx.

Caution:

You must set the skipHostNameVerification field to false in production environments.

Parent topic: Set Up etcd as Data Store