Create enduro-am-secret with secretGenerator

jraddaoui · jraddaoui · commit e3299b106232 · 2023-11-30T18:51:47.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,4 @@
 /covreport
 /dist
 /.tilt.env
-/*.secret
+*.secret
diff --git a/enduro.toml b/enduro.toml
@@ -113,6 +113,7 @@ transferDeadline = "1h"
 
 [am.sftp]
 host = "" # The Archivematica Storage Service hostname.
+port = ""
 user = ""
 knownHostsFile = ""
 remoteDir = "/transfer_source"
diff --git a/hack/kube/overlays/dev-am/enduro-am.yaml b/hack/kube/overlays/dev-am/enduro-am.yaml
@@ -81,15 +81,30 @@ spec:
                 secretKeyRef:
                   name: enduro-am-secret
                   key: sftp_host
+            - name: ENDURO_AM_SFTP_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: enduro-am-secret
+                  key: sftp_port
             - name: ENDURO_AM_SFTP_USER
               valueFrom:
                 secretKeyRef:
                   name: enduro-am-secret
                   key: sftp_user
+            - name: ENDURO_AM_SFTP_REMOTEDIR
+              valueFrom:
+                secretKeyRef:
+                  name: enduro-am-secret
+                  key: sftp_remote_dir
             - name: ENDURO_AM_SFTP_KNOWNHOSTSFILE
               value: "/etc/ssh/known_hosts"
             - name: ENDURO_AM_SFTP_PRIVATEKEY_PATH
               value: "/etc/ssh/id_ed25519"
+            - name: ENDURO_AM_SFTP_PRIVATEKEY_PASSPHRASE
+              valueFrom:
+                secretKeyRef:
+                  name: enduro-am-secret
+                  key: sftp_private_key_passphrase
           volumeMounts:
             - name: ssh-volume
               mountPath: "/etc/ssh"
@@ -99,9 +114,9 @@ spec:
           secret:
             secretName: enduro-am-secret
             items:
-              - key: id_ed25519
+              - key: .id_ed25519.secret
                 defaultMode: 0600
                 path: id_ed25519
-              - key: known_hosts
+              - key: .known_hosts.secret
                 defaultMode: 0644
                 path: known_hosts
diff --git a/hack/kube/overlays/dev-am/kustomization.yaml b/hack/kube/overlays/dev-am/kustomization.yaml
@@ -24,3 +24,11 @@ patches:
       kind: Deployment
       name: enduro
     path: enduro-patch.yaml
+secretGenerator:
+  - name: enduro-am-secret
+    behavior: replace
+    envs:
+      - .am.secret
+    files:
+      - .id_ed25519.secret
+      - .known_hosts.secret
