Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to delete or overwrite a secret in OpenShift?

I'm trying to create a secret on OpenShift v3.3.0 using:

oc create secret generic my-secret --from-file=application-cloud.properties=src/main/resources/application-cloud.properties -n my-project

Because I created the same secret earlier, I get this error message:

Error from server: secrets "my-secret" already exists

I looked at oc, oc create and oc create secret options and could not find an option to overwrite the secret when creating it.

I then tried to delete the existing secret with oc delete. All the commands listed below return either No resources found or a syntax error.

oc delete secrets -l my-secret -n my-project
oc delete secret -l my-secret -n my-project
oc delete secrets -l my-secret 
oc delete secret -l my-secret 
oc delete pods,secrets -l my-project
oc delete pods,secrets -l my-secret
oc delete secret generic -l my-secret

Do you know how to delete a secret or overwrite a secret upon creation using the OpenShift console or the command line?

like image 995
Paulo Merson Avatar asked Jan 30 '17 13:01

Paulo Merson


People also ask

How do I delete a secret on OpenShift?

You may also want to use the oc get secrets command to display the secrets that have already been created. The oc delete secret command followed by the name of a secret can be used to delete a secret.

Where are secrets stored in OpenShift?

Secret data volumes are backed by temporary file-storage facilities (tmpfs) and never come to rest on a node. Secret data can be shared within a namespace.


2 Answers

"my-secret" is the name of the secret, so you should delete it like this:

oc delete secret my-secret

Add -n option if you are not using the project where the secret was created

oc delete secret my-secret -n <namespace>
like image 149
Álvaro Pérez Soria Avatar answered Oct 23 '22 19:10

Álvaro Pérez Soria


I hope by this time you might have the answer ready, just sharing if this can help others.

As on today here are the details of CLI version and Openshift version which I am working on:

$ oc version
oc v3.6.173.0.5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Server <SERVER-URL>
openshift v3.11.0+ec8630f-265
kubernetes v1.11.0+d4cacc0

Let's take a simple secret with a key-value pair generated using a file, will get to know the advantage if generated via a file.

$ echo -n "password" | base64
cGFzc3dvcmQ=

Will create a secret with this value:

$ cat clientSecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  clienttoken: cGFzc3dvcmQ=

$ oc apply -f clientSecret.yaml 
secret "test-secret" created

Let's change the password and update it in the YAML file.

$ echo -n "change-password" | base64
Y2hhbmdlLXBhc3N3b3Jk


$ cat clientSecret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  clienttoken: Y2hhbmdlLXBhc3N3b3Jk

From the definition of oc create command, it creates a resource if found throws an error. So this command won't fit to update a configuration of a resource, in our case its a secret.

$ oc create --help
Create a resource by filename or stdin

To make life easier, Openshift has provided oc apply command to apply a configuration to a resource if there is a change. This command is also used to create a resource, which helps a lot during automated deployments.

$ oc apply --help
Apply a configuration to a resource by filename or stdin.
$ oc apply -f clientSecret.yaml 
secret "test-secret" configured

By the time you check the secret in UI, a new/updated password appears on the console.

So if you have noticed, first time apply has resulted in created - secret "test-secret" created and in subsequent apply results in configured - secret "test-secret" configured

like image 43
Here_2_learn Avatar answered Oct 23 '22 17:10

Here_2_learn