diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml index 0c39705abd..25bc062411 100644 --- a/playbooks/openshift-apps/cloud-image-uploader.yml +++ b/playbooks/openshift-apps/cloud-image-uploader.yml @@ -98,6 +98,11 @@ template: secret.yml objectname: secret.yml + - role: openshift/object + app: cloud-image-uploader + template: aws-secrets.yml + objectname: aws-secrets.yml + - role: openshift/start-build app: cloud-image-uploader buildname: cloud-image-uploader-build diff --git a/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml b/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml new file mode 100644 index 0000000000..b28fb0323d --- /dev/null +++ b/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "aws-credentials" + labels: + app: "cloud-image-uploader" +stringData: +{% if env == 'staging' %} + access_key_id: "{{fedimg_aws_stg_access_id}}" + secret_access_key: "{{fedimg_aws_stg_secret_key}}" +{% else %} + access_key_id: "{{fedimg_aws_prod_access_id}}" + secret_access_key: "{{fedimg_aws_prod_secret_key}}" +{% endif %} diff --git a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml index 589ee43445..a7fc76343a 100644 --- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml +++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml @@ -55,6 +55,16 @@ spec: secretKeyRef: name: azure-credentials key: subscription_id + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-credentials + key: access_key_id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-credentials + key: secret_access_key volumeMounts: - name: config-volume mountPath: /etc/fedora-messaging