Listen, do you want to hear a secret? Actually, so far its been pretty easy because everything has been in the clear. Welcome to Kubernetes secrets with OpenShift. Mmmm, Cookies. This lab is another in the OpenShift MiniLabs series.
A very short and simple lab demonstrating use of secrets stored in a file and then assigned to an environment variable. We will add more scenarios later.
This tutorial assumes you have completed the OpenShift MiniLabs installation procedure. Then refresh before continuing.
To reset your environment to repeat this tutorial do the following:
$ cd ~/containersascode $ ./oc-cluster-wrapper/oc-cluster up containersascode $ oc login -u developer - p developer $ oc delete project secret $ oc delete secret jenkins-password
Create Jenkins with Password as Secret
Let’s create the Jenkins services as we did in some previous labs, but this time using a secret rather than assigning a password using a clear text environment variable. The change to the deploymentconfig should trigger a redeploy with the password set using the secret.
$ oc login -u developer - p developer $ oc new-project secret --display-name='Secret Jenkins' --description='Secret Jenkins' $ echo -n "password" > ./password.txt $ oc secret new jenkins-password password=password.txt $ oc describe secrets jenkins-password $ oc new-app --template=jenkins-ephemeral -l name='jenkins' -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest,NAMESPACE=openshift,MEMORY_LIMIT=2048Mi $ oc deploy jenkins --cancel $ oc env dc/jenkins --prefix=JENKINS_ --from=secret/jenkins-password
Verify Lab Success
Confirm you can login to the (redeployed) Jenkins instance using the credentials admin/password. Inspect the Environment settings at https://127.0.0.1:8443/console/project/secret/browse/deployments/jenkins .
Find out more about Kubernetes secrets. Visit also the OpenShift origin and supported product documentation sites for secrets too.