Skip to content

Commit

Permalink
ROX-27209: Change image pull secret for operator deployments
Browse files Browse the repository at this point in the history
  • Loading branch information
kovayur committed Dec 4, 2024
1 parent a886194 commit c44f824
Show file tree
Hide file tree
Showing 7 changed files with 5 additions and 25 deletions.
2 changes: 0 additions & 2 deletions dev/env/manifests/fleetshard-operator/07-serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,3 @@ kind: ServiceAccount
metadata:
name: acs-fleetshard-operator
namespace: "$ACSCS_NAMESPACE"
imagePullSecrets:
- name: acs-fleetshard-operator
3 changes: 1 addition & 2 deletions dev/env/manifests/fleetshard-operator/51-fleetshard-cr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ spec:
secretEncryption:
type: "local"
tenantImagePullSecret:
name: "fleetshard-sync"
key: "tenant-image-pull-secret"
name: $TENANT_IMAGE_PULL_SECRET
nodeSelector: null
tolerations: null
addonAutoUpgradeEnabled: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ stringData:
aws-access-key-id: "${AWS_ACCESS_KEY_ID}"
aws-secret-access-key: "${AWS_SECRET_ACCESS_KEY}"
telemetry-storage-key: "${TELEMETRY_STORAGE_KEY}"
tenant-image-pull-secret: |
${TENANT_IMAGE_PULL_SECRET}
---
apiVersion: v1
kind: Secret
Expand Down
1 change: 0 additions & 1 deletion dev/env/scripts/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ wait_for_default_service_account "$ACSCS_NAMESPACE"
if [[ "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then
create-imagepullsecrets
inject_ips "$ACSCS_NAMESPACE" "default" "quay-ips"
inject_ips "$STACKROX_OPERATOR_NAMESPACE" "default" "quay-ips"
else
log "Skipping creation of ImagePullSecrets because INHERIT_IMAGEPULLSECRETS is not true"
fi
Expand Down
18 changes: 2 additions & 16 deletions dev/env/scripts/create-imagepullsecrets
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,15 @@ function print_auth() {

registry_auth="$(print_auth "$(mkauth "${username}" "${password}")")"

log "Creating quay-ips image pull secret in namespace ${STACKROX_OPERATOR_NAMESPACE}"
log "Creating rhacs-registry image pull secret in namespace ${STACKROX_OPERATOR_NAMESPACE}"
resOperatorImage=$(
cat <<EOF
apiVersion: v1
data:
.dockerconfigjson: ${registry_auth}
kind: Secret
metadata:
name: quay-ips
name: rhacs-registry
namespace: ${STACKROX_OPERATOR_NAMESPACE}
type: kubernetes.io/dockerconfigjson
EOF
Expand All @@ -98,17 +98,3 @@ type: kubernetes.io/dockerconfigjson
EOF
)
echo "$res" | $KUBECTL -n "$ACSCS_NAMESPACE" apply -f -
log "Creating acs-fleetshard-operator pull secret in namespace ${ACSCS_NAMESPACE}"
res=$(
cat <<EOF
apiVersion: v1
data:
.dockerconfigjson: ${registry_auth}
kind: Secret
metadata:
name: acs-fleetshard-operator
namespace: $ACSCS_NAMESPACE
type: kubernetes.io/dockerconfigjson
EOF
)
echo "$res" | $KUBECTL -n "$ACSCS_NAMESPACE" apply -f -
2 changes: 1 addition & 1 deletion dev/env/scripts/up.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ fi
log "Deploying fleetshard-sync"
TENANT_IMAGE_PULL_SECRET=""
if [[ "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then # pragma: allowlist secret
TENANT_IMAGE_PULL_SECRET=$($KUBECTL -n "$ACSCS_NAMESPACE" get secret quay-ips -o jsonpath="{.data['\.dockerconfigjson']}" | base64 -d)
TENANT_IMAGE_PULL_SECRET="rhacs-registry" # pragma: allowlist secret
fi
export TENANT_IMAGE_PULL_SECRET

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: acs-fleetshard-operator
- name: rhacs-registry
metadata:
name: rhacs-operator-controller-manager
namespace: {{ .Release.Namespace }}

0 comments on commit c44f824

Please sign in to comment.