Configure the authentication method by uysing Helm

When you deploy or upgrade the Logging agent, you can configure the logs-values.yaml file to include the env.iamMode so you choose the authentication method to use by the agent when sending logs to an IBM Cloud Logs instance.

You can choose an IAM APIKey or a Trusted Profile configuration.

Valid values are: TrustedProfile and IAMAPIKey.

Consider the following information when setting this parameter:

• If env.iamMode: "TrustedProfile" is set, then the env.trustedProfileID variable must also be provided.

• If env.iamMode: "IAMAPIKey" is set, then the configuration expects a secret to be defined that contains an IAM Apikey with permissions.

  If the secret.iamAPIKey variable is provided on the helm command (for example --set secret.iamAPIKey=<your iamAPIKey>), then the helm chart will create the Kubernetes secret.

  Alternatively, you can create the secret ahead of time with the command: (Make sure you are connected to your cluster.)

  kubectl create secret generic <helm install-name> -n ibm-observe --from-literal=IAM_API_KEY=<apikey>
  

Update the file named logs-values.yaml that you use to deploy or upgrade the agent with the following content:

• For the value TrustedProfile, enter:

  env:
    iamMode: "TrustedProfile"
    trustedProfileID: "Profile-yyyyyyyy-xxxx-xxxx-yyyy-zzzzzzzzzzzz"
  

• For the value IAMAPIKey, enter:

  env:
    iamMode: "IAMAPIKey"
  

After you modify the logs-values.yaml file, you can Upgrade the agent or continue modifying the file before applying all the changes.