gabemontero
commented
6 months ago is this PR still needed with your infra-deployments PR @Roming22 ?
Closed Roming22 closed 6 months ago
gabemontero
commented
6 months ago is this PR still needed with your infra-deployments PR @Roming22 ?
Roming22
commented
6 months ago @gabemontero Yes. The goal of this PR is to disable the automated creation of the secret. The reason is that if the secret is managed by Vault, we do not want a secret to be created if there is no Vault secret, or if the secret is deleted by mistake and the Job runs before the secret is synced.
Roming22
commented
6 months ago @gabemontero Correct. The procedure to deploy a new "long-live" cluster is to create the secret in Vault. No default secret will be created, except for "local" installs.
Roming22
commented
6 months ago /test test-pipeline-service-deployment-ocp-414
Roming22
commented
6 months ago /test test-pipeline-service-upgrade-ocp-414
Roming22
commented
6 months ago /test test-docker-images-build
Roming22
commented
6 months ago /test test-pipeline-service-deployment-ocp-414
In order to facilitate backup/restore of a cluster, the signing secret is now stored externally and deployed on the cluster using an ExternalSecret.
The original behavior is maintained for local development.
rh-pre-commit.version: 2.1.0 rh-pre-commit.check-secrets: ENABLED