fedora-image-uploader: add Google Compute Engine support for staging

This enables support for uploading images to Google Cloud in staging. Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com>
2025-03-17 16:40:07 -04:00 · 2025-03-17 16:40:07 -04:00 · 3c6ab8afd8
commit 3c6ab8afd8
parent 75fdb66594
3 changed files with 25 additions and 0 deletions
--- a/playbooks/openshift-apps/cloud-image-uploader.yml
+++ b/playbooks/openshift-apps/cloud-image-uploader.yml
@ -106,6 +106,12 @@
    secret_file_key: registry-fedoraproject.key
    secret_file_privatefile: "docker-registry/{{env}}/pki/private/containerstable.key"

+  - role: openshift/secret-file
+    secret_file_app: cloud-image-uploader
+    secret_file_secret_name: cloud-image-uploader-google-cloud-key
+    secret_file_key: google_cloud_image_uploader.json
+    secret_file_privatefile: "files/gcp/{{env}}/image_uploader.json"
+
  - role: openshift/object
    object_app: cloud-image-uploader
    object_template: secret.yml.j2
--- a/roles/openshift-apps/cloud-image-uploader/templates/config.toml
+++ b/roles/openshift-apps/cloud-image-uploader/templates/config.toml
@ -140,6 +140,17 @@ credential_prefix = "QUAY_IO_"

 {% endif %}

+# Google Cloud Engine
+{% if env == "staging" %}
+
+[consumer_config.gcp]
+project = "fedora-cloud-devel"
+bucket_name = "fedora-cloud-image-upload-devel"
+storage_locations = ["us"]
+publish_amqp_messages = true
+
+{% endif %}
+
 [qos]
 prefetch_size = 0
 prefetch_count = 25
--- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
+++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
@ -30,6 +30,9 @@ spec:
        - name: fedora-messaging-cert-volume
          secret:
            secretName: cloud-image-uploader-fedora-messaging-crt
+        - name: google-cloud-key-volume
+          secret:
+            secretName: cloud-image-uploader-google-cloud-key
        # skopeo wants the cert and key in the same directory
        - name: registry-fedoraproject
          projected:
@ -86,6 +89,8 @@ spec:
                  key: fedoraproject_registry_password
            - name: FEDORA_REGISTRY_CERT_DIR
              value: "/etc/pki/registry-fedoraproject-org/"
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: "/etc/pki/google-cloud/cloud-image-uploader-google-cloud-key"
            - name: QUAY_IO_USER
              valueFrom:
                secretKeyRef:
@ -112,3 +117,6 @@ spec:
            - name: registry-fedoraproject
              mountPath: /etc/pki/registry-fedoraproject-org/
              readOnly: true
+            - name: google-cloud-key-volume
+              mountPath: /etc/pki/google-cloud/
+              readOnly: true