Add AWS credentials to the cloud-image-uploader

For now, just re-use the fedimg credentials.

Note that currently the AWS support is not enabled so nothing makes use
of these credentials just yet.

playbooks/openshift-apps/cloud-image-uploader.yml

@@ -98,6 +98,11 @@
     template: secret.yml
     objectname: secret.yml
 
+  - role: openshift/object
+    app: cloud-image-uploader
+    template: aws-secrets.yml
+    objectname: aws-secrets.yml
+
   - role: openshift/start-build
     app: cloud-image-uploader
     buildname: cloud-image-uploader-build

roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "aws-credentials"
+  labels:
+    app: "cloud-image-uploader"
+stringData:
+{% if env == 'staging' %}
+  access_key_id: "{{fedimg_aws_stg_access_id}}"
+  secret_access_key: "{{fedimg_aws_stg_secret_key}}"
+{% else %}
+  access_key_id: "{{fedimg_aws_prod_access_id}}"
+  secret_access_key: "{{fedimg_aws_prod_secret_key}}"
+{% endif %}

roles/openshift-apps/cloud-image-uploader/templates/deployment.yml

@@ -55,6 +55,16 @@ spec:
                 secretKeyRef:
                   name: azure-credentials
                   key: subscription_id
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: aws-credentials
+                  key: access_key_id
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: aws-credentials
+                  key: secret_access_key
           volumeMounts:
             - name: config-volume
               mountPath: /etc/fedora-messaging