Listen, do you want to hear a secret? Actually, so far its been pretty easy because everything has been in the clear. Welcome to Kubernetes secrets with OpenShift. Mmmm, Cookies. This lab is another in the OpenShift MiniLabs series.
A very short and simple lab demonstrating use of secrets stored in a file and then assigned to an environment variable. We will add more scenarios later.
To reset your environment to repeat this tutorial do the following:
$ cd ~/containersascode $ ./oc-cluster-wrapper/oc-cluster up containersascode $ oc login -u developer - p developer $ oc delete project secret $ oc delete secret jenkins-password
Create Jenkins with Password as Secret
Let’s create the Jenkins services as we did in some previous labs, but this time using a secret rather than assigning a password using a clear text environment variable. The change to the deploymentconfig should trigger a redeploy with the password set using the secret.
$ oc login -u developer - p developer $ oc new-project secret --display-name='Secret Jenkins' --description='Secret Jenkins' $ echo -n "password" > ./password.txt $ oc secret new jenkins-password password=password.txt $ oc describe secrets jenkins-password $ oc new-app --template=jenkins-ephemeral -l name='jenkins' -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest,NAMESPACE=openshift,MEMORY_LIMIT=2048Mi $ oc deploy jenkins --cancel $ oc env dc/jenkins --prefix=JENKINS_ --from=secret/jenkins-password
Verify Lab Success
Confirm you can login to the (redeployed) Jenkins instance using the credentials admin/password. Inspect the Environment settings at https://127.0.0.1:8443/console/project/secret/browse/deployments/jenkins .