add secrets template (#5454)

project-koku · Jan 31, 2025 · fb3f92f · fb3f92f
1 parent 39c7aaa
commit fb3f92f
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 8 deletions.
diff --git a/dev/config.yaml.github-example b/dev/config.yaml.github-example
@@ -24,14 +24,14 @@ apps:
       ref: main
       parameters:
         IMAGE_TAG: 3.1.2-metastore-006
-        S3_BUCKET_NAME: koku-eph-s3
+        S3_BUCKET_NAME: hccm-eph-s3
     - name: trino
       host: github
       repo: redhatinsights/ubi-trino
       path: deploy/clowdapp.yaml
       ref: main
       parameters:
         IMAGE_TAG: 371-001
-        S3_BUCKET_NAME: koku-eph-s3
+        S3_BUCKET_NAME: hccm-eph-s3
         S3_SSE_ENABLED: false
         S3_SELECT_PUSHDOWN_ENABLED: false
diff --git a/dev/config.yaml.local-example b/dev/config.yaml.local-example
@@ -34,10 +34,7 @@ apps:
         WORKER_HCS_MIN_REPLICAS: 1
         TRINO_PORT: 8000
         TRINO_HOST: trino-coordinator
-        S3_BUCKET_NAME: koku-eph-s3
-        AWS_ACCESS_KEY_ID_EPH: <insert-base64-encoded-value>
-        AWS_SECRET_ACCESS_KEY_EPH: <insert-base64-encoded-value>
-        GCP_CREDENTIALS_EPH: <insert-base64-encoded-value>
+        S3_BUCKET_NAME: hccm-eph-s3
 
     - name: hive-metastore
       host: github
@@ -46,14 +43,14 @@ apps:
       ref: main
       parameters:
         IMAGE_TAG: 3.1.2-metastore-009
-        S3_BUCKET_NAME: koku-eph-s3
+        S3_BUCKET_NAME: hccm-eph-s3
     - name: trino
       host: github
       repo: redhatinsights/ubi-trino
       path: deploy/clowdapp.yaml
       ref: main
       parameters:
         IMAGE_TAG: 405-002
-        S3_BUCKET_NAME: koku-eph-s3
+        S3_BUCKET_NAME: hccm-eph-s3
         S3_SSE_ENABLED: false
         S3_SELECT_PUSHDOWN_ENABLED: false
diff --git a/dev/secrets-template.yaml b/dev/secrets-template.yaml
@@ -0,0 +1,51 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: koku-secrets
+objects:
+- apiVersion: v1
+  data:
+    aws-credentials: ${AWS_CREDENTIALS_EPH}
+  kind: Secret
+  metadata:
+    name: koku-aws
+  stringData:
+    aws-access-key-id: ${AWS_ACCESS_KEY_ID_EPH}
+    aws-secret-access-key: ${AWS_SECRET_ACCESS_KEY_EPH}
+- apiVersion: v1
+  data:
+    gcp-credentials: ${GCP_CREDENTIALS_EPH}
+  kind: Secret
+  metadata:
+    name: koku-gcp
+- apiVersion: v1
+  data:
+    oci-config: ${OCI_CONFIG_EPH}
+    oci-credentials: ${OCI_CREDENTIALS_EPH}
+  kind: Secret
+  metadata:
+    name: koku-oci
+
+parameters:
+- name: AWS_CREDENTIALS_EPH
+  description: base64 encoded value containing the [default] profile with aws_access_key_id and aws_secret_access_key
+  displayName: AWS credentials file
+  required: true
+- name: AWS_ACCESS_KEY_ID_EPH
+  description: plaintext aws_access_key_id
+  required: true
+- name: AWS_SECRET_ACCESS_KEY_EPH
+  description: plaintext aws_secret_access_key
+  required: true
+- name: GCP_CREDENTIALS_EPH
+  description: base64 encoded json containing GCP creds
+  displayName: GCP Credentials
+  required: true
+- name: OCI_CREDENTIALS_EPH
+  description: base64 encoded oci credentials
+  displayName: OCI Credentials
+  required: true
+- name: OCI_CONFIG_EPH
+  description: base64 encoded oci config
+  displayName: OCI Config
+  required: true