Documentation Issue with link

[Knickkennedy]

https://www.ibm.com/docs/en/ibm-mq/9.4.x?topic=reference-mq-advanced-developers-container-image#developers-container-image__exampleqmyaml__title__1

This link outlines that the two referenced environment variables are deprecated, and states that it will show how to mount the secret for the passwords to the IBM MQ CRD... but instead it shows a reference of mounting the secret to the environment variable, which would still just use the deprecated environment variable and expose the secret passwords.

Relevant section from your docs

template: pod: containers: - env: - name: MQ_DEV value: "true" - name: MQ_CONNAUTH_USE_HTP value: "true" - name: MQ_ADMIN_PASSWORD valueFrom: secretKeyRef: name: my-mq-dev-passwords key: dev-admin-password - name: MQ_APP_PASSWORD valueFrom: secretKeyRef: name: my-mq-dev-passwords key: dev-app-password

It would make more sense to see something in the CRD like a volume mount where you mount the secret directly instead. It is also confusing because I do not know the correct path for mounting the admin password and app user password without guesswork and digging.

[Andrew-Lees11]

Hello,

You are correct, those docs should be showing how to mount the secrets as a volume. The location they are supposed to be mounted to is: /run/secrets/mqAppPassword and /run/secrets/mqAdminPassword.

You can do this using the env and files fields in the QueueManager spec available from MQ Operator 3.5.0.

The secret item names also need to match the expected mounted secret names so the secret creation command becomes:

oc create secret generic my-mq-dev-passwords --from-literal=mqAdminPassword=passw0rd --from-literal=mqAppPassword=passw0rd

The yaml would therefore be:

apiVersion: mq.ibm.com/v1beta1
kind: QueueManager
metadata:
  name: qm-dev
spec:
  license:
    accept: true
    license: L-HYGL-6STWD6
    use: Development
  web:
    enabled: true
  queueManager:
    env:
    - name: MQ_DEV
      value: "true"
    - name: MQ_CONNAUTH_USE_HTP
      value: "true"
    files:
      - secret:
          items:
            - item: mqAdminPassword
            - item: mqAppPassword
          name: my-mq-dev-passwords
          defaultMountPath: /run/secrets
    storage:
      queueManager:
        type: persistent-claim
    name: QUICKSTART
  version: 9.4.2.1-r2

Thank you for finding this error. I will get the MQ docs updated.