Solutions Delivery Platform

Section 3.1 - Creating the Application Environments


In order to use the OpenShift library's deploy_to() step, there needs to be set of pre-configured projects in OpenShift:

  • The application environments, one or more Openshift projects that will host the application (e.g. "my-app-dev" & "my-app-prod")

  • A project to host container images that are shared between the application environments

  • A project to host the Tiller server that manages the application environments.

You can create all of these using the provision_app_envs script.


In addition to the prerequisites covered in the /sdp-docs/pages/deployment-guides/openshift/3_0_Application_Environment_Overview.html[section overview], make sure

  1. You are logged into the OpenShift cluster you’re deploying to as a user with the cluster-admin role

  2. None of the projects that the provision app envs script will create already exist (not likely if this is your first run)


Clone the sdp-helm-chart repository if you haven’t already, and use your terminal to navigate to the resources/helm folder. You should see a file called You can execute it with the -h flag to view the options for running it.

$ git clone
Cloning into 'sdp-helm-chart'...
remote: Enumerating objects: 182, done.
remote: Counting objects: 100% (182/182), done.
remote: Compressing objects: 100% (135/135), done.
remote: Total 438 (delta 93), reused 108 (delta 45), pack-reused 256
Receiving objects: 100% (438/438), 2.26 MiB | 5.40 MiB/s, done.
Resolving deltas: 100% (211/211), done.
$ cd sdp-helm-chart/resources/helm
$ bash -h
script usage:
-p | set's the tenant prefix.
-e | define an app env. can be used multiple times.
-i | defines the project images will be pushed to.

  ./ -p rhs -e dev -e test -e staging -e prod -i red-hat-summit

this example would create the following projects:
 1) rhs-tiller     | tiller server for this tenant
 2) red-hat-summit | project for storing pushed images
 3) rhs-dev        | dev app environment
 4) rhs-test       | test app environment
 5) rhs-staging    | staging app environment
 6) rhs-prod       | prod app environment
 1) rhs-{dev,test,staging} can pull images from red-hat-summit
 2) rhs-tiller can deploy resources to rhs-{dev,test,staging}

The Options You Need to Decide On

You need a prefix for the application environment names. It’s an arbitrary name that makes it possible to distinguish your application from others that may share the same cluster. This prefix is ideally an abbreviation of your project name. In the example above, the prefix for the "RedHat Summit" project is "rhs."

You need to know how many environments you want, as well as abbreviated names for each. These abbreviated names are placed after -e in the script’s options. In the example above, there are four environments being provisioned: dev, test, staging, and prod. The script will create an OpenShift project for each one: rhs-dev, rhs-test, rhs-staging, and rhs-prod.

These abbreviated names map to the application environments "short names" of the in your pipeline configuration file(s).

You also need a name for the project hosting the container images. This is the full name of the project and will not necessarily include the prefix (unlike the other projects being created). In the example above, that project is called "red-hat-summit".

Running The Script

Putting it all together, execute the provision_app_envs script, using the appropriate flags to provide the three pieces of information covered above.

$ bash -p $PREFIX -e $ENV_1 -e $ENV_2 ... -e $ENV_N -i $IMAGE_PROJ

The script should take care of the rest, creating and setting up projects for the application environments, images, and tiller server. For example, if you ran this command, with the prefix "demo", a dev and prod environment, and an image project called "demo", you should see the projects below created:

$ bash -p demo -e dev -e prod -i demo
Table 1. Provisioned OpenShift Infrastructure
Project Description


The Development application environment


The Production application environment


The tiller project


The project where we will configure SDP to push container images

Adding The Tiller Credential To Jenkins

The tiller server just created cannot be used without credentials, so those credentials need to be added to Jenkins. Assuming your tiller project is called "demo-tiller", follow sdp-docs/modules/guides/pages/add_jenkins_credentials.adoc[this guide] to create a username/password credential in Jenkins with the username system:serviceaccount:demo-tiller:tiller and use the command below to get the password, which will output a token you need to copy-paste into Jenkins. For easy identification, make the credential’s ID the same as the name of the tiller project (i.e. demo-tiller).

$ oc sa get-token tiller -n demo-tiller