diff --git a/playbooks/openshift-apps/openscanhub.yml b/playbooks/openshift-apps/openscanhub.yml index ffc3ee299c..ebe931a6b4 100644 --- a/playbooks/openshift-apps/openscanhub.yml +++ b/playbooks/openshift-apps/openscanhub.yml @@ -107,6 +107,11 @@ template: aws-credentials-configmap.yml objectname: aws-credentials-configmap when: env == "staging" + - role: openshift/object + app: openscanhub + template: aws-openscanhub-key.yml + objectname: aws-openscanhub-key + when: env == "staging" - role: openshift/object app: openscanhub file: deployment-resalloc-server.yml diff --git a/roles/openshift-apps/openscanhub/files/deployment-resalloc-server.yml b/roles/openshift-apps/openscanhub/files/deployment-resalloc-server.yml index 94b16977f2..71796a1fc1 100644 --- a/roles/openshift-apps/openscanhub/files/deployment-resalloc-server.yml +++ b/roles/openshift-apps/openscanhub/files/deployment-resalloc-server.yml @@ -62,6 +62,8 @@ spec: - mountPath: /var/lib/resallocserver/.aws/credentials name: aws-credentials-configmap subPath: credentials + - mountPath: /var/lib/resallocserver/.ssh/id_rsa + name: aws-openscanhub-key dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler @@ -77,3 +79,7 @@ spec: - name: aws-credentials-configmap configMap: name: aws-credentials-config + - name: aws-openscanhub-key + secret: + defaultMode: 400 + secretName: aws-openscanhub-key diff --git a/roles/openshift-apps/openscanhub/templates/aws-openscanhub-key.yml b/roles/openshift-apps/openscanhub/templates/aws-openscanhub-key.yml new file mode 100644 index 0000000000..f790211a5b --- /dev/null +++ b/roles/openshift-apps/openscanhub/templates/aws-openscanhub-key.yml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: aws-openscanhub-key +data: + aws-openscanhub-key: {{ lookup('file', private+'/files/openscanhub/openscanhub.key') | b64encode }}