Importing RHEL Simple Content Access certificates with Insights Operator
Insights Operator can import your RHEL Simple Content Access (SCA) certificates from Red Hat OpenShift Cluster Manager. SCA is a capability in Red Hat’s subscription tools which simplifies the behavior of the entitlement tooling. It is easier to consume the content provided by your Red Hat subscriptions without the complexity of configuring subscription tooling. After importing the certificates, they are stored in the etc-pki-entitlement
secret in the openshift-config-managed
namespace.
Insights Operator imports SCA certificates every 8 hours by default, but can be configured or disabled using the support
secret in the openshift-config
namespace.
In OKD 4.9, this feature is in Technology Preview and must be enabled using the TechPreviewNoUpgrade
Feature Set. See Enabling OpenShift Container Platform features using FeatureGates for more information.
For more information about Simple Content Access certificates see the Simple Content Access article in the Red Hat Knowledgebase.
For more information about the support scope of Red Hat Technology Preview features, see https://access.redhat.com/support/offerings/techpreview/. |
Configuring Simple Content Access import interval
You can configure how often the Insights Operator imports the RHEL Simple Content Access (SCA) certificates using the support
secret in the openshift-config
namespace. The certificate import normally occurs every 8 hours, but you may want to shorten this interval if you update your SCA configuration in Red Hat Subscription Management.
This procedure describes how to update the import interval to one hour.
Prerequisites
- You are logged in to the OKD web console as
cluster-admin
.
Procedure
Navigate to Workloads → Secrets.
Select the openshift-config project.
Search for the support secret using the Search by name field. If it does not exist, click Create → Key/value secret to create it.
Click the Options menu , and then click Edit Secret.
Click Add Key/Value.
Create a key named
ocmInterval
with a value of1h
, and click Save.The interval
1h
can also be entered as60m
for 60 minutes.Navigate to Workloads → Pods
Select the
openshift-insights
project.Find the
insights-operator
pod.To restart the
insights-operator
pod, click the Options menu , and then click Delete Pod.
Disabling Simple Content Access import
You can disable the import of RHEL Simple Content Access certificates using the support
secret in the openshift-config
namespace.
Prerequisites
- You are logged in to the OKD web console as
cluster-admin
.
Procedure
Navigate to Workloads → Secrets.
Select the openshift-config project.
Search for the support secret using the Search by name field. If it does not exist, click Create → Key/value secret to create it.
Click the Options menu , and then click Edit Secret.
Click Add Key/Value.
Create a key named
ocmPullDisabled
with a value oftrue
, and click Save.Navigate to Workloads → Pods
Select the
openshift-insights
project.Find the
insights-operator
pod.To restart the
insights-operator
pod, click the Options menu , and then click Delete Pod.