OpenShift is a popular Kubernetes (K8s) management platform by Red Hat. OpenShift provides an interface to manage and deploy containers to your K8s cluster as well as centrally manage security. The OpenShift Container Platform rides on top of standard Kubernetes, this means that it can easily be integrated with Octopus Deploy as a deployment target.
Authentication
To connect your OpenShift K8s cluster to Octopus Deploy, you must first create a means to authenticate with. We recommend that you create a Service Account for Octopus Deploy to use.
Service Accounts in OpenShift are project specific. You will need to create a Service Account per project (namespace) for Octopus Deploy in OpenShift.
Create service account
Each project within OpenShift has a section where you can define service accounts. After your project has been created:
- Expand User Management.
- Click Service Accounts.
- Click Create Service Account.
Create role binding
The Service Account will need to have a role so it can create resources on the cluster.
In this example, the Service Account octopusdeploy
is granted the role cluster-admin
for the currently logged in project:
C:\Users\Shawn.Sesna\.kube>oc.exe policy add-role-to-user cluster-admin -z octopusdeploy
Service Account Token
OpenShift will automatically create a Token for your Service Account. This Token is how the Service Account authenticates to OpenShift from Octopus Deploy. To retrieve the value of the token:
- Click Service Accounts.
- Click octopusdeploy (or whatever you named yours).
- Scroll down to the Secrets section.
- Click on the entry that has the
type
ofkubernetes.io/service-account-token
.
Copy the Token value by clicking on the copy to clipboard icon on the right hand side.
Getting the cluster URL
To add OpenShift as a deployment target, you need the URL to the cluster. The status
argument for the oc.exe
command-line tool will display the URL of the OpenShift K8s cluster:
C:\Users\Shawn.Sesna\.kube>oc.exe status
In project testproject on server https://api.crc.testing:6443
Project names are Namespaces
When you create projects within OpenShift, you are creating Namespaces in the K8s cluster. The project name of your project is the Namespace within the K8s cluster.
Connecting an OpenShift Kubernetes Deployment Target
Adding an OpenShift K8s target is done in exactly the same way you would add any other Kubernetes target.
Help us continuously improve
Please let us know if you have any feedback about this page.
Page updated on Wednesday, July 31, 2024