Skip to content

Commit

Permalink
docs: Adding binding secret keys note #25, includes readme from #194 (#…
Browse files Browse the repository at this point in the history
…218)

Signed-off-by: Art Berger <[email protected]>
  • Loading branch information
artberger authored Sep 23, 2020
1 parent 53e50ae commit c69a195
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ Prefer to create the secrets and defaults yourself? See the [IBM Cloud Operator

By default, the installation script creates an IBM Cloud API key that impersonates your user credentials, to use to set up the IBM Cloud Operator. However, you might want to create a service ID in IBM Cloud Identity and Access Managment (IAM). By using a service ID, you can control access for the IBM Cloud Operator without having the permissions tied to a particular user, such as if that user leaves the company. For more information, see the [IBM Cloud docs](https://cloud.ibm.com/docs/account?topic=account-serviceids).

1. Create a service ID in IBM Cloud IAM.
1. Create a service ID in IBM Cloud IAM. If possible, do not use spaces in the names for your IAM credentials. When you use the operator binding feature, any spaces are replaced with underscores.

```bash
ibmcloud iam service-id-create serviceid-ico -d service-ID-for-ibm-cloud-operator
Expand Down Expand Up @@ -367,7 +367,7 @@ A `Binding` custom resources includes the properties in the following table. For
|:-----------------|:---------|:---------|:------------------------------------------------------------------------------------------------------|
| serviceName | Yes | `string` | The name of the `Service` resource that corresponds to the service instance on which to create credentials for the binding. |
| serviceNamespace | No | `string` | The namespace of the `Service` resource.|
| alias | No | `string` | The name of existing IBM Cloud credentials to link this binding to. This binding creates a secret for these credentials in the cluster namespace, but cannot modify the existing credentials in IBM Cloud.|
| alias | No | `string` | The name of existing IBM Cloud credentials to link this binding to. This binding creates a secret for these credentials in the cluster namespace, but cannot modify the existing credentials in IBM Cloud. Note that any spaces are replaced with underscores.|
| secretName | No | `string` | The name of the `Secret` to be created. If you do not specify a value, the secret is given the same name as the binding.|
| role | No | `string` | The IBM Cloud IAM role to create the credentials to the service instance. Review the each service's documentation for a description of the roles. If you do not specify a role, the IAM `Manager` service access role is used. If the service does not support the `Manager` role, the first returned role from the service is used. |
| parameters | No | `[]Any` | Parameters that are passed in to create the create the service credentials. These parameters vary by service, and can be anything, such as an integer, string, or object. |
Expand Down
6 changes: 3 additions & 3 deletions docs/user-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -298,9 +298,9 @@ spec:
alias: binding-translator
```

The field `alias` indicates the name of the credentials to link to. This name must be unique, i.e. there cannot be other credentials
on the same service instance with the same name. The yaml also requires an annotation ` ibmcloud.ibm.com/keyId`
for the ID of the credentials. This can be obtained by executing the following command and retrieving the `ID` field.
The field `alias` indicates the name of the credentials to link to. This name must be unique, i.e. there cannot be other credentials on the same service instance with the same name. Note that binding secret keys replaces any spaces with underscores.

The yaml also requires an annotation ` ibmcloud.ibm.com/keyId` for the ID of the credentials. This can be obtained by executing the following command and retrieving the `ID` field.

```bash
ibmcloud resource service-key <name-of-credentials>
Expand Down

0 comments on commit c69a195

Please sign in to comment.