Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1420410 - [DOCS] Secrets Doc Examples Broken & Missing Info
Summary: [DOCS] Secrets Doc Examples Broken & Missing Info
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Ashley Hardin
QA Contact: Vikram Goyal
Vikram Goyal
Depends On: 1379434
TreeView+ depends on / blocked
Reported: 2017-02-08 15:20 UTC by Jared Sprague
Modified: 2019-12-16 07:31 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1379434
Last Closed: 2017-02-21 17:56:44 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Jared Sprague 2017-02-08 15:20:30 UTC
Document URL: 

Section Number and Name: 
Developer Guide / Secrets

Describe the issue: 
There are 2 issues I found with this doc as when trying to follow it as a new user to container platform.

1. While the doc covers the mechanic for creating the secret in the section "Creating Secrets" it gives you the actual command to create the secret "oc create -f secret.json",  but when you get to the next part of how to use reference the secret in your pod it just gives you the raw yaml, and no information on how to import that yaml.  I had to ask on IRC to figure this part out.  

2. "Example 2. YAML of a Pod Populating Environment Variables with Secret Data"  This example does not work as is.  If you create a secret and try to use this yaml in your pod you will get an error: "cat: can't open '/etc/secret-volume/*': No such file or directory".  I had to ask on IRC and we figured out that this example has to first define the volumn /etc/secret-volume in order to work, like in example 1.

Suggestions for improvement: 

1. Include the mechanism for importing the example yaml that uses the secret, in the same way this was included for creating the secret.  Either how to do it with "oc" command or through the web UI.

2. Fix Example 2 so that it works without needing to be modified.

Comment 1 Ashley Hardin 2017-02-08 19:29:24 UTC
Paul, Can you please help me fill in the information gaps, or point me in the right direction? Thanks!

Comment 2 Mark Chappell 2017-02-08 19:53:52 UTC
Not Paul (actually the help from IRC), but can probably point you in the right direction...

creating the objects is pretty simple
oc create -f <my_yaml_file>.yaml

It may be worth expanding the "secrets in variables" and "secrets in volumes" sections to include creating the pod, getting the logs, then deleting the pod

oc create -f <my_yaml_file>.yaml
oc logs secret-example-pod
oc delete secret-example-pod

Example 2:  What needs to change is that the command shouldn't reference the volume (because the volume isn't mounted in example 2).  It should instead display the variable being set in some manner, for example:

command: [ "/bin/sh", "-c", "export" ]

Comment 3 Mark Chappell 2017-02-08 19:55:14 UTC
oops should be "oc delete pod secret-example-pod" (when deleting the object you have to tell it what type of object you're deleting, fetching logs assumes pods.)

Comment 4 Ashley Hardin 2017-02-08 20:45:10 UTC
Thanks for the guidance, Mark!
I opened this PR: https://github.com/openshift/openshift-docs/pull/3696. Please take a look.

Comment 5 Mark Chappell 2017-02-13 10:15:34 UTC

I've made a comment on the PR, but please note that as I'm not a part of the Engineering or Documentation groups I wouldn't feel comfortable providing a full review

Comment 6 openshift-github-bot 2017-02-14 16:32:02 UTC
Commits pushed to master at https://github.com/openshift/openshift-docs

Bug 1420410, corrected an example YAML file and added missing steps

Merge pull request #3696 from ahardin-rh/secrets-improvements

Bug 1420410, corrected an example YAML file and added missing steps

Note You need to log in before you can comment on or make changes to this bug.