add more notes about operatorClientSecretName field and Management Ce…

…nter simple client auth
hazelcast · Nov 28, 2024 · 9e69704 · 9e69704
1 parent 05bcbe3
commit 9e69704
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/docs/modules/ROOT/examples/management-center-simple-auth.yaml b/docs/modules/ROOT/examples/management-center-simple-auth.yaml
@@ -0,0 +1,12 @@
+apiVersion: hazelcast.com/v1alpha1
+kind: ManagementCenter
+metadata:
+  name: managementcenter-sample
+spec:
+  repository: 'hazelcast/management-center'
+  version: '{page-latest-supported-mc}'
+  hazelcastClusters:
+    - address: hazelcast-sample
+      name: dev
+      security:
+        clientSecretName: user1-secret
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
@@ -57,7 +57,7 @@
 ** xref:tls.adoc[Configure TLS]
 ** xref:authorization.adoc[Authorization Methods to Access Cloud Storage]
 ** Configuring Client Authentication
-** xref:client-auth.adoc[Simple Authentication]
+*** xref:client-auth.adoc[Simple Authentication]
 
 * Compute
 ** xref:user-code-deployment.adoc[User Code Deployment]

diff --git a/docs/modules/ROOT/pages/client-auth.adoc → ...odules/ROOT/pages/client-simple-auth.adoc b/docs/modules/ROOT/pages/client-auth.adoc → ...odules/ROOT/pages/client-simple-auth.adoc
@@ -58,6 +58,7 @@ This can be converted as:
 [source,yaml]
 ----
 security:
+    operatorClientSecretName: user1-secret
     realms:
       - name: simpleRealm-clients
         authentication:
@@ -106,4 +107,18 @@ Required Changes:
 * convert kebab cases to camel cases:
 ** `client-authentication` -> `clientAuthentication`
 ** `client-permissions` -> `clientPermissions`
-* add `permissions` node to `clientPermissions` to wrap permissions other than `all`.
+* add `permissions` node to `clientPermissions` to wrap permissions other than `all`.
+
+NOTE:  The `operatorClientSecretName` is a mandatory field required for the Operator to establish a connection with the Hazelcast cluster. The given user in the `operatorClientSecretName` field must have a role that has all the client permissions. Otherwise, the Operator will fail with a validation error.
+
+=== Management Center Configuration
+
+As the Management Center serves as a client of the Hazelcast cluster, it must be properly configured to connect to the cluster. The `security.clientSecretName` field in the `hazelcastClusters` section is utilized for this configuration.
+
+.Management Center Simple Authentication Example
+[source,yaml,subs="attributes+"]
+----
+include::ROOT:example$/management-center-simple-auth.yaml[]
+----
+
+NOTE: The given user in the `clientSecretName` field have a role that has all the client permissions.