Creating and Deploying External Info for Compute Spaces

A Compute Space (CSpace) must be able to connect to a storage cluster to do its work. The CSpace relies on external info and secrets to get this connection information. The information includes CLDB and ZooKeeper host locations. User, client, and server secrets must also be created before your external CSpace is created. There are two ways to create this information. You can create the information automatically via a script run on a node of the external cluster. Or you can create the information manually by using the provided templates.

Creating Secrets by Using a Script

The simplest method is to use the gen-external-secrets.sh utility in the tools directory. You must copy this script (via scp or other method) and run the script on a node in the existing MapR storage cluster that you want the compute applications in the external CSpace to use. The script detects the ID of the storage cluster and the IP addresses of key services (such as CLDB and ZooKeeper) on the storage cluster. The script then Base64 encodes the contents, finds the various files (maprserverticket, clusterid, ssl_keystore, and truststore) and Base64 encodes their contents. Finally, the script generates the mapr-external-info.yaml file in the directory where you ran the script.
Important: User secret information must use Base64 encoding. Base64 is not designed to encrypt fields. Secrets only use Base64 to obfuscate secret values from casual viewing. Secrets are actually encrypted during transport by standard SSL encryption. Secrets are encrypted at rest via built-in encryption of the Kubernetes secret store (remember to enable this option in Kubernetes if you choose to use the built-in store) or via an external secret store.

The generated file contains the user, client, and server secrets and the location of the cluster hosts needed for external CSpaces to communicate with your storage cluster. You must copy this generated file (via scp or other method) to a machine that has a copy of kubectl and is able to communicate with the Kubernetes cluster hosting your external CSpaces.

For more information, see Automatically Generating and Deploying External Info for a CSpace.

Creating Secrets Manually

If you do not wish to run the script, you can also manually create the secrets and the configmaps, which contain the location of the service hosts on the storage cluster. You can either modify the sample mapr-external-info-secure.yaml file (for secure storage cluster) or mapr-external-info-unsecure.yaml file (for an unsecure storage cluster) in the examples/secrettemplates directory to set values for the secrets or create your own custom file. Your files should be similar to the sample files, and have values set for the external cluster hosts and user, server, and client secrets.

For more information, see Manually Creating and Deploying External Info for Compute Spaces.

Once you have created the external secrets and configmaps, they must be deployed into the mapr-external-info namespace that was created during bootstrapping.