diff --git a/content/learn/getting-started-multi-cloud-gitops.adoc b/content/learn/getting-started-multi-cloud-gitops.adoc index d4a01764d..c6d1ab85b 100644 --- a/content/learn/getting-started-multi-cloud-gitops.adoc +++ b/content/learn/getting-started-multi-cloud-gitops.adoc @@ -209,7 +209,7 @@ $ ./pattern.sh make load-secrets The deployment will not take long but it should deploy successfully. -Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh` +Alternatively you can deploy the Multicloud GitOps pattern by using the command line script `pattern.sh`. [id="deploying-cluster-using-patternsh-file"] == Deploying the cluster by using the pattern.sh file @@ -244,7 +244,7 @@ $ ./pattern.sh make install + image::multicloud-gitops/multicloud-gitops-argocd.png[Multicloud GitOps Hub] -As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. the load-secrets makefile target. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. +As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a yaml file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repo to try and generate random secrets. For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. @@ -276,7 +276,7 @@ Verify that the *config-demo* application deployed successfully as follows: + [source,terminal] ---- -Hub Cluster domain is 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' -Pod is running on Local Cluster Domain 'apps.ci-ln-b7ib8bt-76ef8.aws-2.ci.openshift.org' +Hub Cluster domain is 'apps.aws-hub-cluster.openshift.org' +Pod is running on Local Cluster Domain 'apps.aws-hub-cluster.openshift.org' The secret is secret ---- diff --git a/content/learn/getting-started-secret-management.adoc b/content/learn/getting-started-secret-management.adoc index 493c738f9..c857ccdb7 100644 --- a/content/learn/getting-started-secret-management.adoc +++ b/content/learn/getting-started-secret-management.adoc @@ -45,7 +45,7 @@ As of December 12, 2023, ESO is not officially supported by Red Hat as a product ESO's custom file format and utilities streamlines secret management by allowing file references and supporting encrypted secret storage. The design prioritizes security through multi-layer encryption and simplifies key management. In particular the ini key type is especially helpful for handling AWS credentials, where mismanagement could lead to unauthorized use and potential financial or operational issues. -Validated Patterns primary backend secret store is HashiCorp Vault It acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates. +Validated Patterns primary backend secret store is HashiCorp Vault. HashiCorp Vault acts as a centralized service for securely managing secrets, such as passwords, API keys, and certificates. Unlike other secret management systems tied to specific cloud providers for example AWS Secrets Manager or Azure Key Vault, Vault can be deployed across different clouds, on bare-metal systems, and in hybrid environments. This cross-platform support made it a popular and practical choice for maintaining a consistent secrets management strategy. @@ -81,7 +81,7 @@ $ cd + [source,terminal] ---- -$ vi +$ git checkout -b mysecret ---- . Edit the existing `~/values-secret-multicloud-gitops.yaml` @@ -106,6 +106,7 @@ secrets: onMissingValue: generate ---- + . Load the secrets into the Vault by running the following command: + [source,terminal] @@ -125,40 +126,46 @@ secrets: .. Add the modified file to your Git repository: + +[source,terminal] ---- $ git add -u ---- .. Commit your changes: + +[source,terminal] ---- -$ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" +$ git commit -m "Adding a Secret to Multicloud GitOps Patternn in config-demo" ---- .. Push your branch to the origin of your fork: + +[source,terminal] ---- $ git push origin mysecret ---- -=== Creating a new External Secret in OpenShift GitOps +=== Creating a new external secret in OpenShift GitOps Follow these steps to create and deploy a new external secret in your GitOps repository. . Navigate to the `charts/all/config-demo/templates` directory in your repository: + +[source,terminal] ---- $ cd charts/all/config-demo/templates ---- . Create a new YAML file named `mysecret-external-secret.yaml`: + +[source,terminal] ---- $ touch mysecret-external-secret.yaml ---- . Open the file in your preferred text editor: + +[source,terminal] ---- $ vi mysecret-external-secret.yaml ---- @@ -194,37 +201,43 @@ spec: . Add the new file to Git: + +[source,terminal] ---- $ git add charts/all/config-demo/templates/mysecret-external-secret.yaml ---- .. Commit your changes: + +[source,terminal] ---- $ git commit -m "Added mysecret-external-secret to create mysecret-secret in config-demo" ---- .. Push your branch to the origin of your fork: + +[source,terminal] ---- $ git push origin mysecret ---- -== Step 3: Wait for ArgoCD to Apply the Changes . Ensure that ArgoCD is monitoring the `charts/all/config-demo` directory. + . Wait for ArgoCD to synchronize and apply the new changes. You can observe the synchronization status in the ArgoCD web UI. -== Step 4: Verify the Secret in the Cluster -. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: +. Verify the Secret in the Cluster + +.. Once ArgoCD has applied the changes, verify that the `mysecret-secret` has been created in the `config-demo` namespace: + +[source,terminal] ---- -oc get secret mysecret-secret -n config-demo +$ oc get secret mysecret-secret -n config-demo ---- -. Check the contents of the secret if necessary: +.. Check the contents of the secret if necessary: + +[source,terminal] ---- -oc describe secret mysecret-secret -n config-demo +$ oc describe secret mysecret-secret -n config-demo ---- == Outcome