From 5e0ad1134d7ed7796f8385d6960edfc1ef16d31a Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Wed, 28 Aug 2024 17:18:37 -0400 Subject: [PATCH] fedora-image-uploader: Add staging config for container uploads Upload images to the stage registry. Rather than massaging the credentials into the format written out by podman-login, just pass the credentials in and have the app run podman-login with them. The configuration includes the registry along with the prefix used for the environment variables containing the credentials. --- .../openshift-apps/cloud-image-uploader.yml | 5 +++++ .../templates/config.toml | 7 +++++++ .../templates/container-secrets.yml | 18 +++++++++++++++++ .../templates/deployment.yml | 20 +++++++++++++++++++ 4 files changed, 50 insertions(+) create mode 100644 roles/openshift-apps/cloud-image-uploader/templates/container-secrets.yml diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml index 25bc062411..e2ad038401 100644 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ b/playbooks/openshift-apps/cloud-image-uploader.yml @@ -103,6 +103,11 @@ template: aws-secrets.yml objectname: aws-secrets.yml + - role: openshift/object + app: cloud-image-uploader + template: container-secrets.yml + objectname: container-secrets.yml + - role: openshift/start-build app: cloud-image-uploader buildname: cloud-image-uploader-build diff --git a/roles/openshift-apps/cloud-image-uploader/templates/config.toml b/roles/openshift-apps/cloud-image-uploader/templates/config.toml index 216686f96f..0b5efd1c38 100644 --- a/roles/openshift-apps/cloud-image-uploader/templates/config.toml +++ b/roles/openshift-apps/cloud-image-uploader/templates/config.toml @@ -107,6 +107,13 @@ storage_account_type = "Standard_ZRS" {% endif %} +{% if env == "staging" %} +[[consumer_config.container.registries]] +url = "oci-registry01.stg.iad2.fedoraproject.org" +credential_prefix = "FEDORA_REGISTRY_" +{% endif %} + + [qos] prefetch_size = 0 prefetch_count = 25 diff --git a/roles/openshift-apps/cloud-image-uploader/templates/container-secrets.yml b/roles/openshift-apps/cloud-image-uploader/templates/container-secrets.yml new file mode 100644 index 0000000000..ea1d4b842e --- /dev/null +++ b/roles/openshift-apps/cloud-image-uploader/templates/container-secrets.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "podman-credentials" + labels: + app: "cloud-image-uploader" +stringData: +{% if env == 'staging' %} + fedoraproject_registry_username: "{{candidate_registry_osbs_stg_username}}" + fedoraproject_registry_password: "{{candidate_registry_osbs_stg_password}}" + quay_io_username: "" + quay_io_password: "" +{% else %} + fedoraproject_registry_username: "{{candidate_registry_osbs_prod_username}}" + fedoraproject_registry_password: "{{candidate_registry_osbs_prod_password}}" + quay_io_username: "{{quay_io_username}}" + quay_io_password: "{{quay_io_password}}" +{% endif %} diff --git a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml index a7fc76343a..0d883fe58c 100644 --- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml +++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml @@ -65,6 +65,26 @@ spec: secretKeyRef: name: aws-credentials key: secret_access_key + - name: FEDORA_REGISTRY_USER + valueFrom: + secretKeyRef: + name: podman-credentials + key: fedoraproject_registry_username + - name: FEDORA_REGISTRY_PASSWORD + valueFrom: + secretKeyRef: + name: podman-credentials + key: fedoraproject_registry_password + - name: QUAY_IO_USER + valueFrom: + secretKeyRef: + name: podman-credentials + key: quay_io_username + - name: QUAY_IO_PASSWORD + valueFrom: + secretKeyRef: + name: podman-credentials + key: quay_io_password volumeMounts: - name: config-volume mountPath: /etc/fedora-messaging