Rotate the noobaa-aws-cloud-creds credentials on Red Hat OpenShift 4 AWS IPI

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Container Platform (RHOCP)

    • 4.6.x

  • Red Hat OpenShift Container Storage (RHOCS)

    • 4.6.x

Issue

  • How to rotate the AWS IAM access keys for the noobaa-aws-cloud-creds?

Resolution

  • Take a backup of existing credentials:
  $ oc get secret noobaa-aws-cloud-creds-secret -o yaml -n openshift-storage > noobaa-aws-cloud-creds-secret.yaml
  • Delete the secret "noobaa-aws-cloud-creds-secret" from "openshift-storage" namespace:
  $ oc delete secret noobaa-aws-cloud-creds-secret -n openshift-storage
  • To verify that the credential has changed:
  $ oc get secret noobaa-aws-cloud-creds-secret -o yaml -n openshift-storage > rotated-noobaa-aws-cloud-creds-secret.yaml

Verify that the contents of the Values of aws_access_key_id & aws_secret_access_key are the same for newly generated AWS IAM user from the AWS console.

Root Cause

  • You do not need to manually delete the credentials from your provider console. Deleting the referenced component secrets will cause the CCO to delete the existing credentials from the platform and create new ones.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments