@@ -44,107 +44,110 @@ The credentials can be used to access the Redis Enterprise admin console or the
4444
45451. Access a [pod](https://kubernetes.io/docs/concepts/workloads/pods/) running a Redis Enterprise cluster.
4646
47- ` ` ` bash
48- kubectl exec -it < rec-resource-name> -0 bash
49- ` ` `
47+ ` ` ` sh
48+ kubectl exec -it < rec-resource-name> -0 bash
49+ ` ` `
5050
51- 1. Add a new password for the existing user.
51+ 2. Add a new password for the existing user.
52+
53+ ` ` ` bash
54+ REC_USER=" ` cat /opt/redislabs/credentials/username` "
55+ REC_PASSWORD=" ` cat /opt/redislabs/credentials/password` "
56+ curl -k --request POST \
57+ --url https://localhost:9443/v1/users/password \
58+ -u " $REC_USER :$REC_PASSWORD "
59+ --header ' Content-Type: application/json'
60+ --data " {\" username\" :\" $REC_USER \" , \
61+ \" old_password\" :\" $REC_PASSWORD \" , \
62+ \" new_password\" :\" <NEW PASSWORD>\" }"
63+ ` ` `
5264
53- ` ` ` bash
54- REC_USER=" ` cat /opt/redislabs/credentials/username` "
55- REC_PASSWORD=" ` cat /opt/redislabs/credentials/password` "
56- curl -k --request POST \
57- --url https://localhost:9443/v1/users/password \
58- -u " $REC_USER :$REC_PASSWORD "
59- --header ' Content-Type: application/json'
60- --data " {\" username\" :\" $REC_USER \" , \
61- \" old_password\" :\" $REC_PASSWORD \" , \
62- \" new_password\" :\" <NEW PASSWORD>\" }"
63- ` ` `
65+ 3. From outside the pod, update the REC credential secret.
6466
65- 1. From outside the pod, update the REC credential secret .
67+ 3a. Save the existing username to a text file .
6668
67- 1. Save the existing username to a text file .
68- ` ` ` bash
69- echo -n " <current_username>" > username
70- ` ` `
69+ ` ` ` sh
70+ echo -n " <current_username>" > username
71+ ` ` `
7172
72- 1. Save the new password to a text file.
73- ` ` ` bash
74- echo -n " <new_password>" > password
75- ` ` `
73+ 3b. Save the new password to a text file.
7674
77- 1. Update the REC credential secret.
78- ` ` ` bash
79- kubectl create secret generic < cluster_secret_name> \
80- --from-file=./username \
81- --from-file=./password --dry-run \
82- -o yaml
83- kubectl apply -f
84- ` ` `
75+ ` ` ` sh
76+ echo -n " <new_password>" > password
77+ ` ` `
8578
86- 1. Wait five minutes for all the components to read the new password from the updated secret. If you proceed to the next step too soon, the account could get locked.
79+ 3c. Update the REC credential secret.
80+ ` ` ` sh
81+ kubectl create secret generic < cluster_secret_name> \
82+ --from-file=./username \
83+ --from-file=./password --dry-run \
84+ -o yaml
85+ kubectl apply -f
86+ ` ` `
8787
88- 1. Access a pod running a Redis Enterprise cluster again .
88+ 4. Wait five minutes for all the components to read the new password from the updated secret. If you proceed to the next step too soon, the account could get locked .
8989
90- ` ` ` bash
91- kubectl exec -it < rec-resource-name> -0 bash
92- ` ` `
90+ 5. Access a pod running a Redis Enterprise cluster again.
9391
94- 1. Remove the previous password to ensure only the new one applies.
92+ ` ` ` sh
93+ kubectl exec -it < rec-resource-name> -0 bash
94+ ` ` `
9595
96- ` ` ` sh
97- REC_USER=" ` cat /opt/redislabs/credentials/username` " ; \
98- REC_PASSWORD=" ` cat /opt/redislabs/credentials/password` " ; \
99- curl -k --request DELETE \
100- --url https://localhost:9443/v1/users/password \
101- -u " $REC_USER :$REC_PASSWORD "
102- --header ' Content-Type: application/json'
103- --data " {\" username\" :\" $REC_USER \" , \
104- \" old_password\" :\" <OLD PASSWORD\" }"
105- ` ` `
96+ 6. Remove the previous password to ensure only the new one applies.
10697
107- {{< note> }} The username for the K8s secret is the email displayed on the Redis Enterprise admin console. {{< /note> }}
98+ ` ` ` sh
99+ REC_USER=" ` cat /opt/redislabs/credentials/username` " ; \
100+ REC_PASSWORD=" ` cat /opt/redislabs/credentials/password` " ; \
101+ curl -k --request DELETE \
102+ --url https://localhost:9443/v1/users/password \
103+ -u " $REC_USER :$REC_PASSWORD "
104+ --header ' Content-Type: application/json'
105+ --data " {\" username\" :\" $REC_USER \" , \
106+ \" old_password\" :\" <OLD PASSWORD\" }"
107+ ` ` `
108+
109+ {{< note> }} The username for the K8s secret is the email displayed on the Redis Enterprise admin console. {{< /note> }}
108110
109111# ## Change both the REC username and password
110112
1111131. [Connect to the admin console]({{< relref " /operate/kubernetes/re-clusters/connect-to-admin-console.md" > }})
112114
113- 1 . [Add another admin user]({{< relref " /operate/rs/security/access-control/create-users" > }}) and choose a new password.
115+ 2 . [Add another admin user]({{< relref " /operate/rs/security/access-control/create-users" > }}) and choose a new password.
114116
115- 1 . Specify the new username in the ` username`
117+ 3 . Specify the new username in the ` username`
116118
117- 1 . Update the REC credential secret:
119+ 4 . Update the REC credential secret:
118120
119- 1 . Save the new username to a text file.
121+ 4a . Save the new username to a text file.
120122
121- ` ` ` bash
122- echo -n " <new_username>" > username
123- ` ` `
123+ ` ` ` sh
124+ echo -n " <new_username>" > username
125+ ` ` `
124126
125- 1 . Save the new password to a text file.
127+ 4b . Save the new password to a text file.
126128
127- ` ` ` bash
128- echo -n " <new_password>" > password
129- ` ` `
129+ ` ` ` sh
130+ echo -n " <new_password>" > password
131+ ` ` `
130132
131- 1 . Update the REC credential secret.
133+ 4c . Update the REC credential secret.
132134
133- ` ` ` bash
134- kubectl create secret generic < cluster_secret_name> \
135- --from-file=./username \
136- --from-file=./password --dry-run \
137- -o yaml
138- kubectl apply -f
139- ` ` `
135+ ` ` ` sh
136+ kubectl create secret generic < cluster_secret_name> \
137+ --save-config \
138+ --dry-run=client \
139+ --from-file=./username --from-file=./password \
140+ -o yaml | \
141+ kubectl apply -f
142+ ` ` `
140143
141- 1 . Wait five minutes for all the components to read the new password from the updated secret. If you proceed to the next step too soon, the account could get locked.
144+ 5 . Wait five minutes for all the components to read the new password from the updated secret. If you proceed to the next step too soon, the account could get locked.
142145
143- 1 . Delete the previous admin user from the cluster.
146+ 6 . Delete the previous admin user from the cluster.
144147
145- {{< note> }}
148+ {{< note> }}
146149The operator may log errors in the time between updating the username in the REC spec and the secret update.
147- {{< /note> }}
150+ {{< /note> }}
148151
149152# ## Update the credentials secret in Vault
150153
0 commit comments