osbuild-service-maintenance: Rework GCP credentials mapping
Because of the way the gcp secrets are stored for the workers, and how the mapping from vault to openshift works (unable to map a multiple key secret into a single json file), there's a bit of juggling required to get the gcp credentials in the right format.
This commit is contained in:
sanne
Sanne Raymaekers
parent
204bf9e176
commit
4797ac281a
4 changed files with 127 additions and 16 deletions
|
|
@ -275,6 +275,56 @@ objects:
|
|||
key: db.password
|
||||
- name: PGSSLMODE
|
||||
value: "${PGSSLMODE}"
|
||||
- name: GCP_AUTH_PROVIDER_X509_CERT_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: auth_provider_x509_cert_url
|
||||
- name: GCP_AUTH_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: auth_uri
|
||||
- name: GCP_CLIENT_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: client_email
|
||||
- name: GCP_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: client_id
|
||||
- name: GCP_CLIENT_X509_CERT_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: client_x509_cert_url
|
||||
- name: GCP_PRIVATE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: private_key
|
||||
- name: GCP_PRIVATE_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: private_key_id
|
||||
- name: GCP_PROJECT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: project_id
|
||||
- name: GCP_TOKEN_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: token_uri
|
||||
- name: GCP_TYPE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gcp-service-account
|
||||
key: type
|
||||
- name: DRY_RUN
|
||||
value: "${MAINTENANCE_DRY_RUN}"
|
||||
- name: MAX_CONCURRENT_REQUESTS
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue