From 9bbff0632edcc1ab90ae6440c29811f26165bab8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Tue, 25 Feb 2025 15:05:15 +0100 Subject: [PATCH 1/8] ocp-4: add secrets for google ca eab --- chart/infra-server/static/workflow-openshift-4.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/chart/infra-server/static/workflow-openshift-4.yaml b/chart/infra-server/static/workflow-openshift-4.yaml index 5f64bbdb2..7d2a5be18 100644 --- a/chart/infra-server/static/workflow-openshift-4.yaml +++ b/chart/infra-server/static/workflow-openshift-4.yaml @@ -103,6 +103,16 @@ spec: secretKeyRef: name: redhat-pull-secret key: REDHAT_PULL_SECRET + - name: ACME_EAB_KID + valueFrom: + secretKeyRef: + name: gcp-eab-credentials + key: EAB_KID + - name: ACME_HMAC_KEY + valueFrom: + secretKeyRef: + name: gcp-eab-credentials + key: HMAC_KEY - name: USER_PULL_SECRET value: '{{ "{{" }}workflow.parameters.pull-secret{{ "}}" }}' - name: OPENSHIFT_VERSION From eb2a3d454cef882dd2a50f4f3608f9e9682a1678 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 25 Feb 2025 16:07:06 +0100 Subject: [PATCH 2/8] add secret for the GCP EAB credentials --- chart/infra-server/templates/openshift-4/secrets.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/chart/infra-server/templates/openshift-4/secrets.yaml b/chart/infra-server/templates/openshift-4/secrets.yaml index 3fe49ca72..eceba60ca 100644 --- a/chart/infra-server/templates/openshift-4/secrets.yaml +++ b/chart/infra-server/templates/openshift-4/secrets.yaml @@ -43,3 +43,13 @@ metadata: data: REDHAT_PULL_SECRET: |- {{ required ".Values.openshift_4__redhat_pull_secret_json is undefined" .Values.openshift_4__redhat_pull_secret_json }} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: gcp-eab-credentials + namespace: default +data: + HMAC_KEY: {{ ".Values.gcp_eab_credentials.hmac_key" | b64enc }} + EAB_KID: {{ ".Values.gcp_eab_credentials.eab_kid" | b64enc }} From ce28cdfdd5583a221947a5ece30e6ab7a3a172d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Tue, 25 Feb 2025 16:19:07 +0100 Subject: [PATCH 3/8] use automation-flavors snapshot --- chart/infra-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/Chart.yaml b/chart/infra-server/Chart.yaml index e7b1f90af..cc3ed4815 100644 --- a/chart/infra-server/Chart.yaml +++ b/chart/infra-server/Chart.yaml @@ -8,5 +8,5 @@ sources: - https://github.com/stackrox/infra annotations: acsDemoVersion: 4.6.2 - automationFlavorsVersion: 0.10.39 + automationFlavorsVersion: 0.10.40-1-geb92768788-snapshot ocpCredentialsMode: Passthrough From db8a36219a68b015a498377201b0081b3234f902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Tue, 25 Feb 2025 17:42:36 +0100 Subject: [PATCH 4/8] fix secret --- chart/infra-server/templates/openshift-4/secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/infra-server/templates/openshift-4/secrets.yaml b/chart/infra-server/templates/openshift-4/secrets.yaml index eceba60ca..4ca6c0492 100644 --- a/chart/infra-server/templates/openshift-4/secrets.yaml +++ b/chart/infra-server/templates/openshift-4/secrets.yaml @@ -51,5 +51,5 @@ metadata: name: gcp-eab-credentials namespace: default data: - HMAC_KEY: {{ ".Values.gcp_eab_credentials.hmac_key" | b64enc }} - EAB_KID: {{ ".Values.gcp_eab_credentials.eab_kid" | b64enc }} + EAB_KID: {{ required ".Values.gcp_eab_credentials.eab_kid" .Values.gcp_eab_credentials.eab_kid | b64enc }} + HMAC_KEY: {{ required ".Values.gcp_eab_credentials.hmac_key" .Values.gcp_eab_credentials.hmac_key | b64enc }} From c9256b135a10f5c7134710a592272887b0011153 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Wed, 26 Feb 2025 09:40:28 +0100 Subject: [PATCH 5/8] update automation-flavor tag --- chart/infra-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/Chart.yaml b/chart/infra-server/Chart.yaml index cc3ed4815..effe95875 100644 --- a/chart/infra-server/Chart.yaml +++ b/chart/infra-server/Chart.yaml @@ -8,5 +8,5 @@ sources: - https://github.com/stackrox/infra annotations: acsDemoVersion: 4.6.2 - automationFlavorsVersion: 0.10.40-1-geb92768788-snapshot + automationFlavorsVersion: 0.10.40-5-gdc50e15997-snapshot ocpCredentialsMode: Passthrough From e1bfd8452d115a9676bb77f26c4b183c4ca112a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Wed, 26 Feb 2025 18:29:50 +0100 Subject: [PATCH 6/8] update automation-flavor tag --- chart/infra-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/Chart.yaml b/chart/infra-server/Chart.yaml index effe95875..ffb6cd4d8 100644 --- a/chart/infra-server/Chart.yaml +++ b/chart/infra-server/Chart.yaml @@ -8,5 +8,5 @@ sources: - https://github.com/stackrox/infra annotations: acsDemoVersion: 4.6.2 - automationFlavorsVersion: 0.10.40-5-gdc50e15997-snapshot + automationFlavorsVersion: 0.10.40-6-g6b63d10f44-snapshot ocpCredentialsMode: Passthrough From cfb44e15a2eaebd1146e71aa1b2e3455a643ad95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Wed, 26 Feb 2025 19:15:54 +0100 Subject: [PATCH 7/8] remove eab credentials --- chart/infra-server/Chart.yaml | 2 +- chart/infra-server/static/workflow-openshift-4.yaml | 10 ---------- chart/infra-server/templates/openshift-4/secrets.yaml | 10 ---------- 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/chart/infra-server/Chart.yaml b/chart/infra-server/Chart.yaml index ffb6cd4d8..9c959acfa 100644 --- a/chart/infra-server/Chart.yaml +++ b/chart/infra-server/Chart.yaml @@ -8,5 +8,5 @@ sources: - https://github.com/stackrox/infra annotations: acsDemoVersion: 4.6.2 - automationFlavorsVersion: 0.10.40-6-g6b63d10f44-snapshot + automationFlavorsVersion: 0.10.40-6-gbca64cd036-snapshot ocpCredentialsMode: Passthrough diff --git a/chart/infra-server/static/workflow-openshift-4.yaml b/chart/infra-server/static/workflow-openshift-4.yaml index 7d2a5be18..5f64bbdb2 100644 --- a/chart/infra-server/static/workflow-openshift-4.yaml +++ b/chart/infra-server/static/workflow-openshift-4.yaml @@ -103,16 +103,6 @@ spec: secretKeyRef: name: redhat-pull-secret key: REDHAT_PULL_SECRET - - name: ACME_EAB_KID - valueFrom: - secretKeyRef: - name: gcp-eab-credentials - key: EAB_KID - - name: ACME_HMAC_KEY - valueFrom: - secretKeyRef: - name: gcp-eab-credentials - key: HMAC_KEY - name: USER_PULL_SECRET value: '{{ "{{" }}workflow.parameters.pull-secret{{ "}}" }}' - name: OPENSHIFT_VERSION diff --git a/chart/infra-server/templates/openshift-4/secrets.yaml b/chart/infra-server/templates/openshift-4/secrets.yaml index 4ca6c0492..3fe49ca72 100644 --- a/chart/infra-server/templates/openshift-4/secrets.yaml +++ b/chart/infra-server/templates/openshift-4/secrets.yaml @@ -43,13 +43,3 @@ metadata: data: REDHAT_PULL_SECRET: |- {{ required ".Values.openshift_4__redhat_pull_secret_json is undefined" .Values.openshift_4__redhat_pull_secret_json }} ---- -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: gcp-eab-credentials - namespace: default -data: - EAB_KID: {{ required ".Values.gcp_eab_credentials.eab_kid" .Values.gcp_eab_credentials.eab_kid | b64enc }} - HMAC_KEY: {{ required ".Values.gcp_eab_credentials.hmac_key" .Values.gcp_eab_credentials.hmac_key | b64enc }} From 8eb9d637f724f24ee94e795b0178d92e510bf3db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20He=C3=9Felmann?= Date: Thu, 27 Feb 2025 14:34:11 +0100 Subject: [PATCH 8/8] update automation-flavor tag --- chart/infra-server/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/infra-server/Chart.yaml b/chart/infra-server/Chart.yaml index 9c959acfa..b78e6953d 100644 --- a/chart/infra-server/Chart.yaml +++ b/chart/infra-server/Chart.yaml @@ -8,5 +8,5 @@ sources: - https://github.com/stackrox/infra annotations: acsDemoVersion: 4.6.2 - automationFlavorsVersion: 0.10.40-6-gbca64cd036-snapshot + automationFlavorsVersion: 0.10.40-8-gdbd86c684e-snapshot ocpCredentialsMode: Passthrough