Enable EaaS in public staging (#4214)

amisstea · web-flow · commit 9cdb9635edbd · 2024-07-30T13:46:46.000Z
Signed-off-by: Alex Misstear &lt;amisstea@redhat.com&gt;
diff --git a/argo-cd-apps/overlays/konflux-public-staging/kustomization.yaml b/argo-cd-apps/overlays/konflux-public-staging/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
   - ../../base/quality-dashboard
   - ../../base/ci-helper-app
   - ../../base/toolchain-member
+  - ../../base/eaas
 namespace: konflux-public-staging
 patchesStrategicMerge:
   - delete-applications.yaml
diff --git a/components/cluster-as-a-service/staging/external-secrets.yaml b/components/cluster-as-a-service/staging/external-secrets.yaml
@@ -0,0 +1,56 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cluster-as-a-service-hypershift-credentials
+  namespace: clusters
+spec:
+  dataFrom:
+  - extract:
+      key: staging/platform/terraform/it-cloud-aws-konflux-preprod-eaas01
+  - extract:
+      key: staging/eaas/konflux-eaas-stage
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: appsre-stonesoup-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Delete
+    name: hypershift
+    template:
+      labels:
+        hypershift.openshift.io/safe-to-delete-with-cluster: "false"
+      data:
+        aws_access_key_id: "{{ .aws_access_key_id }}"
+        aws_secret_access_key: "{{ .aws_secret_access_key }}"
+        pullSecret: "{{ ocp_pull_secret }}"
+        baseDomain: stage.konfluxeaas.com
+        ssh-privatekey: unused
+        ssh-publickey: unused
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cluster-as-a-service-hypershift-oidc-credentials
+  namespace: local-cluster
+spec:
+  dataFrom:
+  - extract:
+      key: staging/platform/terraform/it-cloud-aws-konflux-preprod-eaas01
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: appsre-stonesoup-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Delete
+    name: hypershift-operator-oidc-provider-s3-credentials
+    template:
+      data:
+        bucket: stage-eaas-bucket
+        region: us-east-1
+        credentials: |
+          [default]
+          aws_access_key_id={{ .aws_access_key_id }}
+          aws_secret_access_key={{ .aws_secret_access_key }}
diff --git a/components/cluster-as-a-service/staging/kustomization.yaml b/components/cluster-as-a-service/staging/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 resources:
   - ../base
   - ../../openshift-gitops
+  - external-secrets.yaml
