WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-02 06:20:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
04dcafe578f9cd6d98ad525529341b35f424ad4e
fedora-infra_ansible/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
Jeremy Cline 15b054fc8a fedora-image-uploader: fix deployment trigger on image changes 
I broke the trigger when I switched from one container to multiple
containers in the pod. Syntax-wise, I found this multi-line variant in
the CoreOS Cincinnati deployment config, and it seems like there's not a
way to say "all container images in the spec". Or there might be, but I
couldn't find an example or documentation.

Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com>
2025-05-09 11:37:35 -04:00

191 lines
7.4 KiB
Django/Jinja
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloud-image-uploader
annotations:
image.openshift.io/triggers: >-
[
{"from":{"kind":"ImageStreamTag","name":"cloud-image-uploader:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"azure-image-uploader\")].image"},
{"from":{"kind":"ImageStreamTag","name":"cloud-image-uploader:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"aws-image-uploader\")].image"},
{"from":{"kind":"ImageStreamTag","name":"cloud-image-uploader:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"container-image-uploader\")].image"},
{"from":{"kind":"ImageStreamTag","name":"cloud-image-uploader:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"google-cloud-image-uploader\")].image"}
]
spec:
replicas: 1
selector:
matchLabels:
app: cloud-image-uploader
strategy:
type: Recreate
template:
metadata:
labels:
app: cloud-image-uploader
spec:
volumes:
- name: config-volume
configMap:
name: cloud-image-uploader-configmap
- name: fedora-messaging-ca-volume
secret:
secretName: cloud-image-uploader-fedora-messaging-ca
- name: fedora-messaging-key-volume
secret:
secretName: cloud-image-uploader-fedora-messaging-key
- name: fedora-messaging-cert-volume
secret:
secretName: cloud-image-uploader-fedora-messaging-crt
- name: google-cloud-key-volume
secret:
secretName: cloud-image-uploader-google-cloud-key
# skopeo wants the cert and key in the same directory
- name: registry-fedoraproject
projected:
sources:
- secret:
name: registry-fedoraproject-cert
- secret:
name: registry-fedoraproject-key
containers:
- name: azure-image-uploader
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
imagePullPolicy: Always
workingDir: /srv/cloud-uploader/
env:
- name: AZURE_SECRET
valueFrom:
secretKeyRef:
name: azure-credentials
key: secret
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: azure-credentials
key: client_id
- name: AZURE_TENANT
valueFrom:
secretKeyRef:
name: azure-credentials
key: tenant_id
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: azure-credentials
key: subscription_id
- name: FEDORA_MESSAGING_CONF
value: "/etc/fedora-messaging/azure-config.toml"
volumeMounts:
- name: config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-cert-volume
mountPath: /etc/pki/rabbitmq/cert
readOnly: true
- name: aws-image-uploader
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
imagePullPolicy: Always
workingDir: /srv/cloud-uploader/
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-credentials
key: access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-credentials
key: secret_access_key
- name: FEDORA_MESSAGING_CONF
value: "/etc/fedora-messaging/aws-config.toml"
volumeMounts:
- name: config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-cert-volume
mountPath: /etc/pki/rabbitmq/cert
readOnly: true
- name: container-image-uploader
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
imagePullPolicy: Always
workingDir: /srv/cloud-uploader/
env:
- name: FEDORA_MESSAGING_CONF
value: "/etc/fedora-messaging/container-config.toml"
- name: FEDORA_REGISTRY_USER
valueFrom:
secretKeyRef:
name: podman-credentials
key: fedoraproject_registry_username
- name: FEDORA_REGISTRY_PASSWORD
valueFrom:
secretKeyRef:
name: podman-credentials
key: fedoraproject_registry_password
- name: FEDORA_REGISTRY_CERT_DIR
value: "/etc/pki/registry-fedoraproject-org/"
- name: QUAY_IO_USER
valueFrom:
secretKeyRef:
name: podman-credentials
key: quay_io_username
- name: QUAY_IO_PASSWORD
valueFrom:
secretKeyRef:
name: podman-credentials
key: quay_io_password
volumeMounts:
- name: config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-cert-volume
mountPath: /etc/pki/rabbitmq/cert
readOnly: true
- name: registry-fedoraproject
mountPath: /etc/pki/registry-fedoraproject-org/
readOnly: true
- name: google-cloud-image-uploader
image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
imagePullPolicy: Always
workingDir: /srv/cloud-uploader/
env:
- name: FEDORA_MESSAGING_CONF
value: "/etc/fedora-messaging/gcp-config.toml"
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/pki/google-cloud/google_cloud_image_uploader.json"
volumeMounts:
- name: config-volume
mountPath: /etc/fedora-messaging
readOnly: true
- name: fedora-messaging-ca-volume
mountPath: /etc/pki/rabbitmq/ca
readOnly: true
- name: fedora-messaging-key-volume
mountPath: /etc/pki/rabbitmq/key
readOnly: true
- name: fedora-messaging-cert-volume
mountPath: /etc/pki/rabbitmq/cert
readOnly: true
- name: google-cloud-key-volume
mountPath: /etc/pki/google-cloud/
readOnly: true
Reference in New Issue View Git Blame Copy Permalink