openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-11956

Browse Source
This commit is contained in:
Janelle Neczypor
2024-09-10 11:34:51 -07:00
committed by openshift-cherrypick-robot
parent 586a25bcd1
commit dbb4d2602a
1 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cloud_experts_tutorials/cloud-experts-aws-secret-manager.adoc
View File

@@ -142,8 +142,7 @@ $ oc label csidriver.storage.k8s.io/secrets-store.csi.k8s.io security.openshift.
$ SECRET_ARN=$(aws --region "$REGION" secretsmanager create-secret \
--name MySecret --secret-string \
'{"username":"shadowman", "password":"hunter2"}' \
--query ARN --output text)
$ echo $SECRET_ARN
--query ARN --output text); echo $SECRET_ARN
----
. Create an IAM Access Policy document by running the following command:
@@ -172,8 +171,7 @@ EOF
$ POLICY_ARN=$(aws --region "$REGION" --query Policy.Arn \
--output text iam create-policy \
--policy-name openshift-access-to-mysecret-policy \
--policy-document file://policy.json)
$ echo $POLICY_ARN
--policy-document file://policy.json); echo $POLICY_ARN
----
. Create an IAM Role trust policy document by running the following command:
@@ -212,8 +210,7 @@ EOF
----
$ ROLE_ARN=$(aws iam create-role --role-name openshift-access-to-mysecret \
--assume-role-policy-document file://trust-policy.json \
--query Role.Arn --output text)
$ echo $ROLE_ARN
--query Role.Arn --output text); echo $ROLE_ARN
----
. Attach the role to the policy by running the following command:
@@ -260,7 +257,7 @@ spec:
EOF
----
. Create a Deployment by using our secret in the following command:
. Create a deployment by using our secret in the following command:
+
[source,terminal]
----
@@ -292,7 +289,7 @@ spec:
EOF
----
. Verify the Pod has the secret mounted by running the following commandv:
. Verify the pod has the secret mounted by running the following command:
+
[source,terminal]
----
@@ -316,13 +313,12 @@ $ oc delete project my-application
$ helm delete -n csi-secrets-store csi-secrets-store-driver
----
. Delete Security Context Constraints by running the following command:
. Delete the security context constraints by running the following command:
+
[source,terminal]
----
$ oc adm policy remove-scc-from-user privileged \
system:serviceaccount:csi-secrets-store:secrets-store-csi-driver
$ oc adm policy remove-scc-from-user privileged \
system:serviceaccount:csi-secrets-store:secrets-store-csi-driver; oc adm policy remove-scc-from-user privileged \
system:serviceaccount:csi-secrets-store:csi-secrets-store-provider-aws
----
@@ -339,9 +335,7 @@ https://raw.githubusercontent.com/rh-mobb/documentation/main/content/misc/secret
[source,terminal]
----
$ aws iam detach-role-policy --role-name openshift-access-to-mysecret \
--policy-arn $POLICY_ARN
$ aws iam delete-role --role-name openshift-access-to-mysecret
$ aws iam delete-policy --policy-arn $POLICY_ARN
--policy-arn $POLICY_ARN; aws iam delete-role --role-name openshift-access-to-mysecret; aws iam delete-policy --policy-arn $POLICY_ARN
----
. Delete the Secrets Manager secret by running the following command: