maubot: get a keytab

Signed-off-by: Ryan Lerch <rlerch@redhat.com>

playbooks/openshift-apps/maubot.yml

@@ -16,6 +16,13 @@
     - ryanlerch
     - kevin
 
+  - role: openshift/keytab
+    app: maubot
+    key: service.keytab
+    secret_name: maubot-keytab
+    service: HTTP
+    host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org"
+
   - role: openshift/object
     app: maubot
     file: imagestream.yml

roles/openshift-apps/maubot/files/deploymentconfig.yml

@@ -37,6 +37,9 @@ spec:
               readOnly: true
             - name: maubot-storage
               mountPath: /maubot
+            - name: keytab-volume
+              mountPath: /etc/keytabs
+              readOnly: true
           readinessProbe:
             timeoutSeconds: 1
             initialDelaySeconds: 5
@@ -56,6 +59,9 @@ spec:
         - name: maubot-storage
           persistentVolumeClaim:
             claimName: maubot-storage
+        - name: keytab-volume
+          secret:
+            secretName: maubot-keytab
   triggers:
   - type: ImageChange
     imageChangeParams:

roles/openshift-apps/maubot/templates/buildconfig.yml

@@ -12,7 +12,7 @@ spec:
   source:
     dockerfile: |-
       FROM fedora:38
-      RUN dnf -y install python3-pip && dnf -y clean all
+      RUN dnf -y install python3-pip fasjson-client && dnf -y clean all
       RUN pip install maubot[encryption]
       WORKDIR /maubot
       ENTRYPOINT /usr/bin/python3 -m maubot -c /config/config.yml