fedora-image-uploader: Add the push cert for registry.fedoraproject.org
To push images, we need to use a client certificate and key[0]. Add
those to the image uploader container.
[0] 7a10d32e16/f/playbooks/groups/releng-compose.yml (_144)
This commit is contained in:
Jeremy Cline
parent
d3831e8178
commit
f8cad3cd92
2 changed files with 25 additions and 0 deletions
|
|
@ -93,6 +93,18 @@
|
||||||
key: cloud-image-uploader.ca
|
key: cloud-image-uploader.ca
|
||||||
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
privatefile: "rabbitmq/{{env}}/pki/ca.crt"
|
||||||
|
|
||||||
|
- role: openshift/secret-file
|
||||||
|
app: cloud-image-uploader
|
||||||
|
secret_name: registry-fedoraproject-cert
|
||||||
|
key: registry-fedoraproject.crt
|
||||||
|
privatefile: "docker-registry/{{env}}/pki/issued/containerstable.crt"
|
||||||
|
|
||||||
|
- role: openshift/secret-file
|
||||||
|
app: cloud-image-uploader
|
||||||
|
secret_name: registry-fedoraproject-key
|
||||||
|
key: registry-fedoraproject.key
|
||||||
|
privatefile: "docker-registry/{{env}}/pki/private/containerstable.key"
|
||||||
|
|
||||||
- role: openshift/object
|
- role: openshift/object
|
||||||
app: cloud-image-uploader
|
app: cloud-image-uploader
|
||||||
template: secret.yml
|
template: secret.yml
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,14 @@ spec:
|
||||||
- name: fedora-messaging-cert-volume
|
- name: fedora-messaging-cert-volume
|
||||||
secret:
|
secret:
|
||||||
secretName: cloud-image-uploader-fedora-messaging-crt
|
secretName: cloud-image-uploader-fedora-messaging-crt
|
||||||
|
# skopeo wants the cert and key in the same directory
|
||||||
|
- name: registry-fedoraproject
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
secretName: registry-fedoraproject-cert
|
||||||
|
- secret:
|
||||||
|
secretName: registry-fedoraproject-key
|
||||||
containers:
|
containers:
|
||||||
- name: cloud-image-uploader
|
- name: cloud-image-uploader
|
||||||
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
|
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
|
||||||
|
|
@ -75,6 +83,8 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: podman-credentials
|
name: podman-credentials
|
||||||
key: fedoraproject_registry_password
|
key: fedoraproject_registry_password
|
||||||
|
- name: FEDORA_REGISTRY_CERT_DIR
|
||||||
|
value: "/etc/pki/registry-fedoraproject-org/"
|
||||||
- name: QUAY_IO_USER
|
- name: QUAY_IO_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
|
@ -98,3 +108,6 @@ spec:
|
||||||
- name: fedora-messaging-cert-volume
|
- name: fedora-messaging-cert-volume
|
||||||
mountPath: /etc/pki/rabbitmq/cert
|
mountPath: /etc/pki/rabbitmq/cert
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: registry-fedoraproject
|
||||||
|
mountPath: /etc/pki/registry-fedoraproject-org/
|
||||||
|
readOnly: true
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue