DevOps / OpenShift / PaaS / Uncategorized

Secrets with OpenShift

Introduction

Listen, do you want to hear a secret? Actually, so far its been pretty easy because everything has been in the clear. Welcome to Kubernetes secrets with OpenShift. Mmmm, Cookies. This lab is another in the OpenShift MiniLabs series.

cookie

Objective

A very short and simple lab demonstrating use of secrets stored in a file and then assigned to an environment variable. We will add more scenarios later.

4223373030_df7722f9f7_b

Setup

Initial Attempt

This tutorial assumes you have completed the OpenShift MiniLabs installation procedure. Then refresh before continuing.

Repeat Attempt

To reset your environment to repeat this tutorial do the following:

$ cd ~/containersascode
$ ./oc-cluster-wrapper/oc-cluster up containersascode
$ oc login -u developer - p developer
$ oc delete project secret
$ oc delete secret jenkins-password

Instructions

Create Jenkins with Password as Secret

Let’s create the Jenkins services as we did in some previous labs, but this time using a secret rather than assigning a password using a clear text environment variable. The change to the deploymentconfig should trigger a redeploy with the password set using the secret.

$ oc login -u developer - p developer
$ oc new-project secret --display-name='Secret Jenkins' --description='Secret Jenkins'
$ echo -n "password" > ./password.txt
$ oc secret new jenkins-password password=password.txt 
$ oc describe secrets jenkins-password
$ oc new-app --template=jenkins-ephemeral -l name='jenkins' -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest,NAMESPACE=openshift,MEMORY_LIMIT=2048Mi 
$ oc deploy jenkins --cancel
$ oc env dc/jenkins --prefix=JENKINS_ --from=secret/jenkins-password

Verify Lab Success

Confirm you can login to the (redeployed) Jenkins instance using the credentials admin/password. Inspect the Environment settings at https://127.0.0.1:8443/console/project/secret/browse/deployments/jenkins .

Trivia

Find out more about Kubernetes secrets.  Visit also the OpenShift origin and supported product documentation sites for secrets too.

Advertisements

2 thoughts on “Secrets with OpenShift

  1. Pingback: OpenShift DevOps Tutorial | emergile

  2. Thank you for publishing this awesome article. I’m reading
    your blog since a long time already but I never compelled to leave
    a comment. I registered your blog in my rss feed and shared
    it on my Facebook. Thanks again for this great article!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s