こっちのエントリではoc edit使って手動でsecret設定してましたが、oc set build-secretを使ってコマンドでも設定できます。
helpメッセージを見ればわかるけど、source用の設定以外にもpull/pushのsecret設定があるみたい。
source用secretの追加
[zaki@codeready ~]$ oc set build-secret --source bc/javaee-memoapp2 gitlabcert buildconfig.build.openshift.io/javaee-memoapp2 secret updated
対象が一つだと、手作業に比べて誤操作防止くらいのメリットだけど、-lでラベル指定したり、--allでネームスペースの全build configを対象にすれば効率が格段に上がる
[zaki@codeready ~]$ oc set build-secret --pull --all gitlabcert buildconfig.build.openshift.io/javaee-memoapp2 secret updated buildconfig.build.openshift.io/sockserv secret updated
source用secretの削除
--removeを使う
[zaki@codeready ~]$ oc set build-secret --source --remove bc/javaee-memoapp2 buildconfig.build.openshift.io/javaee-memoapp2 secret updated
push/pull設定
--sourceでなく、--pushや--pullを使う。
まだこの設定がどこに使われるか把握できてないけど…()
併用も可能
[zaki@codeready ~]$ oc set build-secret --pull --push bc/javaee-memoapp2 gitlabcert
buildconfig.build.openshift.io/javaee-memoapp2 secret updated
[zaki@codeready ~]$
[zaki@codeready ~]$ oc get bc javaee-memoapp2 -o yaml
apiVersion: build.openshift.io/v1
kind: BuildConfig
metadata:
:
:
spec:
failedBuildsHistoryLimit: 5
nodeSelector: null
output:
pushSecret:
name: gitlabcert
to:
kind: ImageStreamTag
name: javaee-memoapp2:latest
postCommit: {}
resources: {}
runPolicy: Serial
source:
git:
uri: https://gitlab-ce.example.org:8443/zaki/javaee-memoapp2.git
sourceSecret:
name: gitlabcert
type: Git
strategy:
sourceStrategy:
from:
kind: ImageStreamTag
name: jboss-webserver31-tomcat8-openshift:1.4
namespace: openshift
pullSecret:
name: gitlabcert
type: Source
successfulBuildsHistoryLimit: 5
:
:
help
[zaki@codeready ~]$ oc set build-secret -h
Set or remove a build secret on a build config
A build config can reference a secret to push or pull images from private registries or to access private source
repositories.
Specify the type of secret being set by using the --push, --pull, or --source flags. A secret reference can be removed
by using --remove flag.
A label selector may be specified with the --selector flag to select the build configs on which to set or remove
secrets. Alternatively, all build configs in the namespace can be selected with the --all flag.
Usage:
oc set build-secret BUILDCONFIG SECRETNAME [flags]
Examples:
# Clear push secret on a build config
oc set build-secret --push --remove bc/mybuild
# Set the pull secret on a build config
oc set build-secret --pull bc/mybuild mysecret
# Set the push and pull secret on a build config
oc set build-secret --push --pull bc/mybuild mysecret
# Set the source secret on a set of build configs matching a selector
oc set build-secret --source -l app=myapp gitsecret
Options:
--all=false: If true, select all build configs in the namespace
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--dry-run=false: If true, only print the object that would be sent, without sending it.
-f, --filename=[]: Filename, directory, or URL to files to use to edit the resource
-k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R.
--local=false: If true, set build-secret will NOT contact api-server but run locally.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
--pull=false: If true, set the pull secret on a build config
--push=false: If true, set the push secret on a build config
-R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage
related manifests organized within the same directory.
--remove=false: If true, remove the build secret.
-l, --selector='': Selector (label query) to filter build configs
--source=false: If true, set the source secret on a build config
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
Use "oc options" for a list of global command-line options (applies to all commands).
