3

SSH Secrets are required to clone a private repo from Github in Origin.

I created a project, added SSH Secrets to the build config, all went fine.

Now I am creating a template, so users will create new project and use my template to deploy their applications.

Here after creating the project, build is not starting because of missing SSH Secret. Is it possible to share a SSH Secret between namespaces? So that I can create a SSH secret in Openshift project and users can use it straight away without assigning secrets to build config after creating every project?

EDIT: Is this possible in Kubernetes?

karthikeayan
  • 4,291
  • 7
  • 37
  • 75
  • I am going to say it is not readily possible, or at least not without mucking around a lot with roles, but you are better off asking on one of the mailing lists at https://lists.openshift.redhat.com/openshiftmm/listinfo The developers don't usually frequent SO, but do read those lists. Have you tried at all giving the appropriate service account in the project where the build is running, view access on the project where the secret is and prefixing the name of the secret with that project name? – Graham Dumpleton Jul 23 '17 at 06:19
  • The command you likely want to explore is ``oc secrets link --for=type``. The question is whether you can specify a service account in another project when using that. – Graham Dumpleton Jul 23 '17 at 06:44
  • After some more digging, sharing secrets between projects and automatically associating them with a builder is not currently possible. There has been requests for this sort of feature, but there are technical challenges in being able to do it without the secret becoming a global secret available to everyone in the cluster. In other words, hard to make them selectively shared only between specified projects. At this point I don't believe there is anything coming to address it. Best you might do apparently is write a custom controller to set them up yourself. – Graham Dumpleton Jul 24 '17 at 22:07
  • Some related issues about it are https://bugzilla.redhat.com/show_bug.cgi?id=1346209 https://bugzilla.redhat.com/show_bug.cgi?id=1327564 https://bugzilla.redhat.com/show_bug.cgi?id=1366349 – Graham Dumpleton Jul 24 '17 at 22:08

0 Answers0