Credential Distribution System#
The 2A system provides a mechanism to distribute Credential
objects across namespaces using the
AccessManagement
object. This object defines a set of accessRules
that determine how credentials are distributed.
Each access rule specifies:
- The target namespaces where credentials should be delivered.
- A list of
Credential
names to distribute to those namespaces.
The HMC controller will copy the specified Credential
objects from the system namespace to the target
namespaces based on the accessRules
in the AccessManagement
spec.
Info
Access rules can also include Cluster
and Service
TemplateChains (clusterTemplateChains
and
serviceTemplateChains
) to distribute templates to target namespaces.
For more details, read: Template Life Cycle Management.
How to Configure Credential Distribution#
To configure the distribution of Credential
objects:
- Edit the
AccessManagement
object. - Populate the
.spec.accessRules
field with the list ofCredential
names and the target namespaces.
Here’s an example configuration:
spec:
accessRules:
- targetNamespaces:
list:
- dev
- test
credentials:
- aws-demo
- azure-demo
In this example, the aws-demo
and azure-demo
Credential
objects will be distributed to the dev
and test
namespaces.