From 62320bb7924d75d9738c105d28ba605c7f0161a0 Mon Sep 17 00:00:00 2001 From: Christopher Tate Date: Wed, 27 Nov 2024 07:00:01 -0700 Subject: [PATCH] Fixing SecretStore reference for dex and minio on test There isn't a ClusterSecretStore in the nerc-ocp-test cluster, so we will use namespace SecretStores instead for dex and minio. --- .../nerc-ocp-test/secretstores/dex/kustomization.yaml | 5 +++++ .../overlays/nerc-ocp-test/secretstores/kustomization.yaml | 2 ++ .../nerc-ocp-test/secretstores/minio/kustomization.yaml | 5 +++++ dex/base/externalsecrets/dex-clients.yaml | 4 ++-- minio/base/externalsecret-minio-admin-credentials.yaml | 4 ++-- .../config/overlays/nerc-ocp-infra/config/nerc-ocp-test.yaml | 1 + 6 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 cluster-scope/overlays/nerc-ocp-test/secretstores/dex/kustomization.yaml create mode 100644 cluster-scope/overlays/nerc-ocp-test/secretstores/minio/kustomization.yaml diff --git a/cluster-scope/overlays/nerc-ocp-test/secretstores/dex/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-test/secretstores/dex/kustomization.yaml new file mode 100644 index 00000000..ab632b95 --- /dev/null +++ b/cluster-scope/overlays/nerc-ocp-test/secretstores/dex/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: dex +components: + - ../../../../components/nerc-secret-store diff --git a/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml index 75422be1..919c69a3 100644 --- a/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml +++ b/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml @@ -6,3 +6,5 @@ resources: - openshift-logging - group-sync-operator - curator-system +- dex +- minio diff --git a/cluster-scope/overlays/nerc-ocp-test/secretstores/minio/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-test/secretstores/minio/kustomization.yaml new file mode 100644 index 00000000..f67b983c --- /dev/null +++ b/cluster-scope/overlays/nerc-ocp-test/secretstores/minio/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio +components: + - ../../../../components/nerc-secret-store diff --git a/dex/base/externalsecrets/dex-clients.yaml b/dex/base/externalsecrets/dex-clients.yaml index f9362354..d6be5396 100644 --- a/dex/base/externalsecrets/dex-clients.yaml +++ b/dex/base/externalsecrets/dex-clients.yaml @@ -4,8 +4,8 @@ metadata: name: dex-clients spec: secretStoreRef: - name: nerc-cluster-secrets - kind: ClusterSecretStore + name: nerc-secret-store + kind: SecretStore refreshInterval: "1h" target: name: dex-clients diff --git a/minio/base/externalsecret-minio-admin-credentials.yaml b/minio/base/externalsecret-minio-admin-credentials.yaml index ba561906..c95c3652 100644 --- a/minio/base/externalsecret-minio-admin-credentials.yaml +++ b/minio/base/externalsecret-minio-admin-credentials.yaml @@ -6,8 +6,8 @@ metadata: spec: refreshInterval: "1h" secretStoreRef: - name: nerc-cluster-secrets - kind: ClusterSecretStore + name: nerc-secret-store + kind: SecretStore target: name: minio-admin-credentials dataFrom: diff --git a/vault/config/overlays/nerc-ocp-infra/config/nerc-ocp-test.yaml b/vault/config/overlays/nerc-ocp-infra/config/nerc-ocp-test.yaml index d975e83c..c3e1e79f 100644 --- a/vault/config/overlays/nerc-ocp-infra/config/nerc-ocp-test.yaml +++ b/vault/config/overlays/nerc-ocp-infra/config/nerc-ocp-test.yaml @@ -21,6 +21,7 @@ auth: - curator-system - csi-wekafsplugin - dex + - minio name: secret-reader policies: - nerc-common-reader