Open durandom opened 5 years ago
I'm already using secrets for our pipeline... I think in future you might not care about this at all, since the data would be streamed directly to the service, but for now, you can try to incorporate this:
We have a secret defined as:
kind: Template
apiVersion: v1
metadata:
name: aiops-pipeline
parameters:
- name: AWS_KEY
required: true
- name: AWS_SECRET
required: true
objects:
# GLOBAL OBJECTS
- kind: Secret
apiVersion: v1
metadata:
name: aiops-secrets
type: Opaque
stringData:
aws_key: "${AWS_KEY}"
aws_secret: "${AWS_SECRET}"
# SERVICE SPECIFIC STUFF
...
- kind: DeploymentConfig
apiVersion: v1
...
spec:
...
template:
...
spec:
containers:
- env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aiops-secrets
key: aws_key
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aiops-secrets
key: aws_secre
...
I've uploaded the deployment configs to a new repository https://github.com/tumido/aiops-deploy
You should be able to use the globals template and use the same secrets as we do :) https://github.com/tumido/aiops-deploy/blob/master/globals-template.yaml
let's add support for using
oc create secret
for storing the access keys. supplying one via env variable should still be possible and take precedence over a mounted secret