From fb3f92fb49d6a3facfd573602153748170f8fc5b Mon Sep 17 00:00:00 2001 From: Michael Skarbek Date: Fri, 31 Jan 2025 09:10:11 -0500 Subject: [PATCH] add secrets template (#5454) --- dev/config.yaml.github-example | 4 +-- dev/config.yaml.local-example | 9 ++---- dev/secrets-template.yaml | 51 ++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 dev/secrets-template.yaml diff --git a/dev/config.yaml.github-example b/dev/config.yaml.github-example index aa00ab3da6..bcdc375b5e 100644 --- a/dev/config.yaml.github-example +++ b/dev/config.yaml.github-example @@ -24,7 +24,7 @@ apps: ref: main parameters: IMAGE_TAG: 3.1.2-metastore-006 - S3_BUCKET_NAME: koku-eph-s3 + S3_BUCKET_NAME: hccm-eph-s3 - name: trino host: github repo: redhatinsights/ubi-trino @@ -32,6 +32,6 @@ apps: ref: main parameters: IMAGE_TAG: 371-001 - S3_BUCKET_NAME: koku-eph-s3 + S3_BUCKET_NAME: hccm-eph-s3 S3_SSE_ENABLED: false S3_SELECT_PUSHDOWN_ENABLED: false diff --git a/dev/config.yaml.local-example b/dev/config.yaml.local-example index 899a729bd3..3c625b9daf 100644 --- a/dev/config.yaml.local-example +++ b/dev/config.yaml.local-example @@ -34,10 +34,7 @@ apps: WORKER_HCS_MIN_REPLICAS: 1 TRINO_PORT: 8000 TRINO_HOST: trino-coordinator - S3_BUCKET_NAME: koku-eph-s3 - AWS_ACCESS_KEY_ID_EPH: - AWS_SECRET_ACCESS_KEY_EPH: - GCP_CREDENTIALS_EPH: + S3_BUCKET_NAME: hccm-eph-s3 - name: hive-metastore host: github @@ -46,7 +43,7 @@ apps: ref: main parameters: IMAGE_TAG: 3.1.2-metastore-009 - S3_BUCKET_NAME: koku-eph-s3 + S3_BUCKET_NAME: hccm-eph-s3 - name: trino host: github repo: redhatinsights/ubi-trino @@ -54,6 +51,6 @@ apps: ref: main parameters: IMAGE_TAG: 405-002 - S3_BUCKET_NAME: koku-eph-s3 + S3_BUCKET_NAME: hccm-eph-s3 S3_SSE_ENABLED: false S3_SELECT_PUSHDOWN_ENABLED: false diff --git a/dev/secrets-template.yaml b/dev/secrets-template.yaml new file mode 100644 index 0000000000..0509b4bbf6 --- /dev/null +++ b/dev/secrets-template.yaml @@ -0,0 +1,51 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: koku-secrets +objects: +- apiVersion: v1 + data: + aws-credentials: ${AWS_CREDENTIALS_EPH} + kind: Secret + metadata: + name: koku-aws + stringData: + aws-access-key-id: ${AWS_ACCESS_KEY_ID_EPH} + aws-secret-access-key: ${AWS_SECRET_ACCESS_KEY_EPH} +- apiVersion: v1 + data: + gcp-credentials: ${GCP_CREDENTIALS_EPH} + kind: Secret + metadata: + name: koku-gcp +- apiVersion: v1 + data: + oci-config: ${OCI_CONFIG_EPH} + oci-credentials: ${OCI_CREDENTIALS_EPH} + kind: Secret + metadata: + name: koku-oci + +parameters: +- name: AWS_CREDENTIALS_EPH + description: base64 encoded value containing the [default] profile with aws_access_key_id and aws_secret_access_key + displayName: AWS credentials file + required: true +- name: AWS_ACCESS_KEY_ID_EPH + description: plaintext aws_access_key_id + required: true +- name: AWS_SECRET_ACCESS_KEY_EPH + description: plaintext aws_secret_access_key + required: true +- name: GCP_CREDENTIALS_EPH + description: base64 encoded json containing GCP creds + displayName: GCP Credentials + required: true +- name: OCI_CREDENTIALS_EPH + description: base64 encoded oci credentials + displayName: OCI Credentials + required: true +- name: OCI_CONFIG_EPH + description: base64 encoded oci config + displayName: OCI Config + required: true