Stack Overflow Asked by KennyBartMan on November 29, 2021
I have the following command.
oc new-build gen-dev/genbuilder:latest~ssh://[email protected]:7999/gen/pfs-converter.git#DEV1
--source-secret='privatekey'
--name='testbuild'
--env=KEY=VALUE
I would like to set the environment variables to have some secret values because the build will fail without them and I need to do it before this command takes places because new build immediately builds a new container.
You can create environment variables by referencing the secret in the environment definition like this:
apiVersion: v1
kind: Pod
metadata:
name: secret-example-pod
spec:
containers:
- name: secret-test-container
image: busybox
command: [ "/bin/sh", "-c", "export" ]
env:
- name: TEST_SECRET_USERNAME_ENV_VAR
valueFrom:
secretKeyRef:
name: test-secret
key: username
restartPolicy: Never
Here's the documentation.
If you need to do everything from the command line, you can use JSONPath to get the values from the secret you want like this:
oc new-build gen-dev/genbuilder:latest~ssh://[email protected]:7999/gen/pfs-converter.git#DEV1
--source-secret='privatekey'
--name='testbuild'
-e PRIVATE_KEY=$(oc get secret <your secret> -o jsonpath='{<path to field>}')
This will add PRIVATE_KEY to the environment of the container when it is built, and will be available to applications when it starts.
The $() around the OC command to get the secret will evaluate the command inside, then place its output there.
The -o
flag tells the OC CLI how to provide the output, so if you only wanted the names of builds for example, you would run:
oc get builds -o name
Here are the output options supported.
You'll need to provide the JSONPath to the field you want pulled from the secret. For example, to get the password field from this secret:
apiVersion: v1
kind: Secret
metadata:
name: test-secret
namespace: my-namespace
type: Opaque
data:
username: dmFsdWUtMQ0K
password: dmFsdWUtMg0KDQo=
stringData:
hostname: myapp.mydomain.com
You would run:
oc new-build gen-dev/genbuilder:latest~ssh://[email protected]:7999/gen/pfs-converter.git#DEV1
--source-secret='privatekey'
--name='testbuild'
-e PASSWORD=$(oc get secret test-secret -o jsonpath='{.data.password}')
This is the same as adding -e PASSWORD='dmFsdWUtMg0KDQo='
to your command, and applications in the container will be able to access that variable from the environment of the container.
Here's the documentation for using JSONPath, and an evaluator if you have trouble getting the path right.
You can also add a secret to the build environment without exposing it to the environment using the --build-secret
flag.
Command:
oc new-build
openshift/nodejs-010-centos7~https://github.com/sclorg/nodejs-ex.git
--build-secret “secret-npmrc:/etc”
This adds the secret to a directory in the build environment, in this case the .npmrc file is added to /etc.
I don't think it's generally good practice to add secrets to the environment, and you may want to look into changing up your setup to avoid this. In the past, I've always added secrets to template definitions, but it looks like you're letting Openshift create the templates for you.
Answered by Ciaodown on November 29, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP