Skip to content

Commit

Permalink
Adding secret example configuration 2
Browse files Browse the repository at this point in the history
  • Loading branch information
@kquinn1204
kquinn1204 committed Nov 6, 2024
1 parent 9a5eafa commit a3a6c67
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 14 deletions.
8 changes: 4 additions & 4 deletions content/learn/getting-started-multi-cloud-gitops.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ $ ./pattern.sh make load-secrets

The deployment will not take long but it should deploy successfully.

Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh`
Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh`.

[id="deploying-cluster-using-patternsh-file"]
== Deploying the cluster by using the pattern.sh file
Expand Down Expand Up @@ -244,7 +244,7 @@ $ ./pattern.sh make install
+
image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub]

As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. the load-secrets makefile target. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets.
As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets.

For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault].

Expand Down Expand Up @@ -276,7 +276,7 @@ Verify that the *config-demo* application deployed successfully as follows:
+
[source,terminal]
----
Hub Cluster domain is 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org'
Pod is running on Local Cluster Domain 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org'
Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org'
Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org'
The secret is secret
----
33 changes: 23 additions & 10 deletions content/learn/getting-started-secret-management.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ As of December 12, 2023, ESO is not officially supported by Red Hat as a product

ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues.

Validated Patterns primary backend secret store is HashiCorp Vault It acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates.
Validated Patterns primary backend secret store is HashiCorp Vault. HashiCorp Vault acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates.

Unlike other secret management systems tied to specific cloud providers for example AWS Secrets Manager or Azure Key Vault, Vault can be deployed across different clouds, on bare-metal systems, and in hybrid environments. This cross-platform support made it a popular and practical choice for maintaining a consistent secrets management strategy.

Expand Down Expand Up @@ -81,7 +81,7 @@ $ cd <repository-name>
+
[source,terminal]
----
$ vi <repository-name>
$ git checkout -b mysecret
----

. Edit the existing `~/values-secret-multicloud-gitops.yaml`
Expand All @@ -106,6 +106,7 @@ secrets:
onMissingValue: generate
----


. Load the secrets into the Vault by running the following command:
+
[source,terminal]
Expand All @@ -125,40 +126,46 @@ secrets:

.. Add the modified file to your Git repository:
+
[source,terminal]
----
$ git add -u
----

.. Commit your changes:
+
[source,terminal]
----
$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo"
$ git commit -m "Adding a Secret to Multicloud GitOps Patternn in config-demo"
----

.. Push your branch to the origin of your fork:
+
[source,terminal]
----
$ git push origin mysecret
----

=== Creating a new External Secret in OpenShift GitOps
=== Creating a new external secret in OpenShift GitOps

Follow these steps to create and deploy a new external secret in your GitOps repository.

. Navigate to the `charts/all/config-demo/templates` directory in your repository:
+
[source,terminal]
----
$ cd charts/all/config-demo/templates
----

. Create a new YAML file named `mysecret-external-secret.yaml`:
+
[source,terminal]
----
$ touch mysecret-external-secret.yaml
----

. Open the file in your preferred text editor:
+
[source,terminal]
----
$ vi mysecret-external-secret.yaml
----
Expand Down Expand Up @@ -194,37 +201,43 @@ spec:

. Add the new file to Git:
+
[source,terminal]
----
$ git add charts/all/config-demo/templates/mysecret-external-secret.yaml
----

.. Commit your changes:
+
[source,terminal]
----
$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo"
----

.. Push your branch to the origin of your fork:
+
[source,terminal]
----
$ git push origin mysecret
----

== Step 3: Wait for ArgoCD to Apply the Changes
. Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory.

. Wait for ArgoCD to synchronize and apply the new changes. You can observe the synchronization status in the ArgoCD web UI.

== Step 4: Verify the Secret in the Cluster
. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace:
. Verify the Secret in the Cluster

.. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace:
+
[source,terminal]
----
oc get secret mysecret-secret -n config-demo
$ oc get secret mysecret-secret -n config-demo
----

. Check the contents of the secret if necessary:
.. Check the contents of the secret if necessary:
+
[source,terminal]
----
oc describe secret mysecret-secret -n config-demo
$ oc describe secret mysecret-secret -n config-demo
----

== Outcome
Expand Down

0 comments on commit a3a6c67

Please sign in to comment.