Pass through AWS creds as well. Turn into a secret. Make all optional for folks not using the export

Tiltfile

@@ -95,9 +95,11 @@ local_resource(
 )
 
 # if using local S3 exports
-# k8s_yaml(configmap_from_dict("mev-inspect-export", inputs = {
+# k8s_yaml(secret_from_dict("mev-inspect-export", inputs = {
 #     "export-bucket-name" : "local-export",
 #     "export-bucket-region": "us-east-1",
+#     "export-aws-access-key-id": "foobar",
+#     "export-aws-secret-access-key": "foobar",
 # }))
 # 
 # helm_remote(

k8s/mev-inspect-workers/templates/deployment.yaml

@@ -93,14 +93,28 @@ spec:
                 optional: true
           - name: EXPORT_BUCKET_NAME
             valueFrom:
-              configMapKeyRef:
+              secretKeyRef:
                 name: mev-inspect-export
                 key: export-bucket-name
+                optional: true
           - name: EXPORT_BUCKET_REGION
             valueFrom:
-              configMapKeyRef:
+              secretKeyRef:
                 name: mev-inspect-export
                 key: export-bucket-region
+                optional: true
+          - name: EXPORT_AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: mev-inspect-export
+                key: export-aws-access-key-id
+                optional: true
+          - name: EXPORT_AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: mev-inspect-export
+                key: export-aws-secret-access-key
+                optional: true
           {{- range .Values.extraEnv }}
           - name: {{ .name }}
             value: {{ .value }}

k8s/mev-inspect/templates/deployment.yaml

@@ -93,14 +93,28 @@ spec:
                 optional: true
           - name: EXPORT_BUCKET_NAME
             valueFrom:
-              configMapKeyRef:
+              secretKeyRef:
                 name: mev-inspect-export
                 key: export-bucket-name
+                optional: true
           - name: EXPORT_BUCKET_REGION
             valueFrom:
-              configMapKeyRef:
+              secretKeyRef:
                 name: mev-inspect-export
                 key: export-bucket-region
+                optional: true
+          - name: EXPORT_AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: mev-inspect-export
+                key: export-aws-access-key-id
+                optional: true
+          - name: EXPORT_AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: mev-inspect-export
+                key: export-aws-secret-access-key
+                optional: true
           {{- range .Values.extraEnv }}
           - name: {{ .name }}
             value: {{ .value }}

mev_inspect/s3_export.py

@@ -54,6 +54,8 @@ def get_s3_client():
         "s3",
         endpoint_url=endpoint_url,
         region_name=get_export_bucket_region(),
+        aws_access_key_id=get_export_aws_access_key_id(),
+        aws_secret_access_key=get_export_aws_secret_access_key(),
     )
 
 
@@ -67,3 +69,11 @@ def get_export_bucket_name() -> str:
 
 def get_export_bucket_region() -> str:
     return os.environ["EXPORT_BUCKET_REGION"]
+
+
+def get_export_aws_access_key_id() -> str:
+    return os.environ["EXPORT_AWS_ACCESS_KEY_ID"]
+
+
+def get_export_aws_secret_access_key() -> str:
+    return os.environ["EXPORT_AWS_SECRET_ACCESS_KEY"]