mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
98 lines
2.7 KiB
Plaintext
98 lines
2.7 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * security/external_secrets_operator/external-secrets-operator-install.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="external-secrets-operand-install-cli_{context}"]
|
|
= Installing the External Secrets operand by using the CLI
|
|
|
|
[role="_abstract"]
|
|
Install the External Secrets operand on {product-title} by using the CLI to create the necessary configuration object. By completing this task, you ensure that the External Secrets Operator is properly configured to manage secrets from external APIs on your cluster.
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the cluster with `cluster-admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Create an `externalsecretsconfig.openshift.operator.io` object by defining a YAML file with the following content:
|
|
+
|
|
.Example `externalsecretsconfig.yaml` file.
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operator.openshift.io/v1alpha1
|
|
kind: ExternalSecretsConfig
|
|
metadata:
|
|
labels:
|
|
app: external-secrets-operator
|
|
app.kubernetes.io/name: cluster
|
|
name: cluster
|
|
spec:
|
|
controllerConfig:
|
|
networkPolicies:
|
|
- componentName: ExternalSecretsCoreController
|
|
egress:
|
|
- {}
|
|
name: allow-external-secrets-egress
|
|
----
|
|
+
|
|
For more information on spec configuration, see "External Secrets Operator for Red Hat OpenShift APIs".
|
|
|
|
. Create the `externalsecretsconfigs.openshift.operator.io` object by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f externalsecretsconfig.yaml
|
|
----
|
|
|
|
.Verification
|
|
|
|
. Verify that the `external-secrets` pods are running by entering the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get pods -n external-secrets
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
NAME READY STATUS RESTARTS AGE
|
|
external-secrets-75d47cb9c8-6p4n2 1/1 Running 0 4h5m
|
|
external-secrets-cert-controller-676444b897-qb6ft 1/1 Running 0 4h5m
|
|
external-secrets-webhook-b566658ff-7m4d5 1/1 Running 0 4h5m
|
|
----
|
|
|
|
. Verify that the `external-secrets-operator` deployment object reports a successful status by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get externalsecretsconfig.operator.openshift.io cluster -n external-secrets-operator -o jsonpath='{.status.conditions}' | jq .
|
|
----
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
[
|
|
{
|
|
"lastTransitionTime": "2025-06-17T14:57:04Z",
|
|
"message": "",
|
|
"observedGeneration": 2,
|
|
"reason": "Ready",
|
|
"status": "False",
|
|
"type": "Degraded"
|
|
},
|
|
{
|
|
"lastTransitionTime": "2025-11-27T05:58:38Z,
|
|
"message": "reconciliation successful",
|
|
"observedGeneration": 2,
|
|
"reason": "Ready",
|
|
"status": "True",
|
|
"type": "Ready"
|
|
}
|
|
]
|
|
----
|