From 87a1f7ada502755221b6254aba1ca7da17b5f64e Mon Sep 17 00:00:00 2001 From: Emil Natan <37400297+enarha@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:20:17 +0200 Subject: [PATCH] Fix issue with external secret Vector logging (#5152) --- .../base/external-secrets/kustomization.yaml | 1 + .../tekton-logging/kustomization.yaml | 5 ++++ .../tekton-logging/tekton-results-s3.yaml | 27 +++++++++++++++++ .../main-pipeline-service-configuration.yaml | 30 ++----------------- .../production/stone-prod-p01/deploy.yaml | 5 ++-- 5 files changed, 38 insertions(+), 30 deletions(-) create mode 100644 components/pipeline-service/base/external-secrets/tekton-logging/kustomization.yaml create mode 100644 components/pipeline-service/base/external-secrets/tekton-logging/tekton-results-s3.yaml diff --git a/components/pipeline-service/base/external-secrets/kustomization.yaml b/components/pipeline-service/base/external-secrets/kustomization.yaml index dc20e2ee026..a6d12ca0ebb 100644 --- a/components/pipeline-service/base/external-secrets/kustomization.yaml +++ b/components/pipeline-service/base/external-secrets/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - openshift-pipelines - tekton-results + - tekton-logging diff --git a/components/pipeline-service/base/external-secrets/tekton-logging/kustomization.yaml b/components/pipeline-service/base/external-secrets/tekton-logging/kustomization.yaml new file mode 100644 index 00000000000..0c02c984d73 --- /dev/null +++ b/components/pipeline-service/base/external-secrets/tekton-logging/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - tekton-results-s3.yaml +namespace: tekton-logging diff --git a/components/pipeline-service/base/external-secrets/tekton-logging/tekton-results-s3.yaml b/components/pipeline-service/base/external-secrets/tekton-logging/tekton-results-s3.yaml new file mode 100644 index 00000000000..f1707461bd3 --- /dev/null +++ b/components/pipeline-service/base/external-secrets/tekton-logging/tekton-results-s3.yaml @@ -0,0 +1,27 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: tekton-results-s3 + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" +spec: + dataFrom: + - extract: + key: "" # will be added by the overlays + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: appsre-vault + target: + creationPolicy: Owner + deletionPolicy: Delete + name: tekton-results-s3 + template: + data: + aws_access_key_id: "{{ .aws_access_key_id }}" + aws_secret_access_key: "{{ .aws_secret_access_key }}" + aws_region: "{{ .aws_region }}" + bucket: "{{ .bucket }}" + endpoint: "https://{{ .endpoint }}" + s3_url: "s3://{{ .bucket }}" diff --git a/components/pipeline-service/production/base/main-pipeline-service-configuration.yaml b/components/pipeline-service/production/base/main-pipeline-service-configuration.yaml index 2fbdabdfce7..0bc5e8bbf54 100644 --- a/components/pipeline-service/production/base/main-pipeline-service-configuration.yaml +++ b/components/pipeline-service/production/base/main-pipeline-service-configuration.yaml @@ -771,6 +771,8 @@ data: runAt: 5 5 * * 0 kind: ConfigMap metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true labels: app.kubernetes.io/name: tekton-results-retention-policy app.kubernetes.io/part-of: tekton-results @@ -1692,34 +1694,6 @@ spec: - name: AUTOINSTALL_COMPONENTS value: "false" --- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - annotations: - argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true - argocd.argoproj.io/sync-wave: "-1" - name: s3-conf - namespace: tekton-logging -spec: - dataFrom: - - extract: - key: integrations-output/terraform-resources/appsres07ue1/stonesoup-infra-stage/redhat-stg-plnsvc-s3 - refreshInterval: 1h - secretStoreRef: - kind: ClusterSecretStore - name: appsre-vault - target: - creationPolicy: Owner - deletionPolicy: Delete - name: tekton-results-s3 - template: - data: - aws_access_key_id: '{{ .aws_access_key_id }}' - aws_region: '{{ .aws_region }}' - aws_secret_access_key: '{{ .aws_secret_access_key }}' - bucket: '{{ .bucket }}' - endpoint: https://{{ .endpoint }} ---- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: diff --git a/components/pipeline-service/production/stone-prod-p01/deploy.yaml b/components/pipeline-service/production/stone-prod-p01/deploy.yaml index 1403bb5e5dd..63556b0be94 100644 --- a/components/pipeline-service/production/stone-prod-p01/deploy.yaml +++ b/components/pipeline-service/production/stone-prod-p01/deploy.yaml @@ -1929,12 +1929,12 @@ metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: "-1" - name: s3-conf + name: tekton-results-s3 namespace: tekton-logging spec: dataFrom: - extract: - key: integrations-output/terraform-resources/appsres07ue1/stonesoup-infra-stage/redhat-stg-plnsvc-s3 + key: integrations-output/terraform-resources/appsrep09ue1/stone-prod-p01/stone-prod-p01-plnsvc-s3 refreshInterval: 1h secretStoreRef: kind: ClusterSecretStore @@ -1950,6 +1950,7 @@ spec: aws_secret_access_key: '{{ .aws_secret_access_key }}' bucket: '{{ .bucket }}' endpoint: https://{{ .endpoint }} + s3_url: s3://{{ .bucket }} --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret