Using Conjur / Summon to connect to OpenShift

If you have your computer configured to connect to a Conjur instance and you have Summon and Summon-Conjur installed, you can leverage them to add a bash utility that enables you to connect to OpenShift.

I added something like this to my .bashrc:

function oc_login() {
  summon -p summon-conjur --yaml="
OPENSHIFT_URL: !var openshift/$1/hostname
OPENSHIFT_PORT: !var openshift/$1/port
OPENSHIFT_USERNAME: !var openshift/$1/username
OPENSHIFT_PASSWORD: !var openshift/$1/password
" sh -c "oc login \$OPENSHIFT_URL:\$OPENSHIFT_PORT -u \$OPENSHIFT_USERNAME -p \$OPENSHIFT_PASSWORD"
}

so that if I have OpenShift creds stored in Conjur in the openshift/cluster-name policy branch, I can connect to that OpenShift cluster just by calling oc_login cluster-name.

I also highly recommend installing kubectx and kubens if you do any Kubernetes / OpenShift development - it’s a super handy tool to switch between Kubernetes contexts and namespaces.

5 Likes