use secrets instead of env variables for, ehm, secrets

[durandom]

let's add support for using oc create secret for storing the access keys. supplying one via env variable should still be possible and take precedence over a mounted secret

[tumido]

I'm already using secrets for our pipeline... I think in future you might not care about this at all, since the data would be streamed directly to the service, but for now, you can try to incorporate this:

We have a secret defined as:

kind: Template
apiVersion: v1
metadata:
  name: aiops-pipeline
parameters:
- name: AWS_KEY
  required: true
- name: AWS_SECRET
  required: true
objects:

# GLOBAL OBJECTS
- kind: Secret
  apiVersion: v1
  metadata:
    name: aiops-secrets
    type: Opaque
  stringData:
    aws_key: "${AWS_KEY}"
    aws_secret: "${AWS_SECRET}"

# SERVICE SPECIFIC STUFF
...
- kind: DeploymentConfig
  apiVersion: v1
   ...
  spec:
    ...
    template:
      ...
      spec:
        containers:
        - env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: aiops-secrets
                key: aws_key
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: aiops-secrets
                key: aws_secre
...

[tumido]

I've uploaded the deployment configs to a new repository https://github.com/tumido/aiops-deploy

You should be able to use the globals template and use the same secrets as we do :) https://github.com/tumido/aiops-deploy/blob/master/globals-template.yaml