From 4dbe6ed2d7d85b3331a5fcd01b6f3891021fd599 Mon Sep 17 00:00:00 2001 From: Luke Van Seters Date: Wed, 9 Feb 2022 08:42:57 -0500 Subject: [PATCH] Pass through AWS creds as well. Turn into a secret. Make all optional for folks not using the export --- Tiltfile | 4 +++- .../templates/deployment.yaml | 18 ++++++++++++++++-- k8s/mev-inspect/templates/deployment.yaml | 18 ++++++++++++++++-- mev_inspect/s3_export.py | 10 ++++++++++ 4 files changed, 45 insertions(+), 5 deletions(-) diff --git a/Tiltfile b/Tiltfile index 7b324c7..0ccc758 100644 --- a/Tiltfile +++ b/Tiltfile @@ -95,9 +95,11 @@ local_resource( ) # if using local S3 exports -# k8s_yaml(configmap_from_dict("mev-inspect-export", inputs = { +# k8s_yaml(secret_from_dict("mev-inspect-export", inputs = { # "export-bucket-name" : "local-export", # "export-bucket-region": "us-east-1", +# "export-aws-access-key-id": "foobar", +# "export-aws-secret-access-key": "foobar", # })) # # helm_remote( diff --git a/k8s/mev-inspect-workers/templates/deployment.yaml b/k8s/mev-inspect-workers/templates/deployment.yaml index 63808da..0a3238f 100644 --- a/k8s/mev-inspect-workers/templates/deployment.yaml +++ b/k8s/mev-inspect-workers/templates/deployment.yaml @@ -93,14 +93,28 @@ spec: optional: true - name: EXPORT_BUCKET_NAME valueFrom: - configMapKeyRef: + secretKeyRef: name: mev-inspect-export key: export-bucket-name + optional: true - name: EXPORT_BUCKET_REGION valueFrom: - configMapKeyRef: + secretKeyRef: name: mev-inspect-export key: export-bucket-region + optional: true + - name: EXPORT_AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: mev-inspect-export + key: export-aws-access-key-id + optional: true + - name: EXPORT_AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mev-inspect-export + key: export-aws-secret-access-key + optional: true {{- range .Values.extraEnv }} - name: {{ .name }} value: {{ .value }} diff --git a/k8s/mev-inspect/templates/deployment.yaml b/k8s/mev-inspect/templates/deployment.yaml index 4dda409..b9da25e 100644 --- a/k8s/mev-inspect/templates/deployment.yaml +++ b/k8s/mev-inspect/templates/deployment.yaml @@ -93,14 +93,28 @@ spec: optional: true - name: EXPORT_BUCKET_NAME valueFrom: - configMapKeyRef: + secretKeyRef: name: mev-inspect-export key: export-bucket-name + optional: true - name: EXPORT_BUCKET_REGION valueFrom: - configMapKeyRef: + secretKeyRef: name: mev-inspect-export key: export-bucket-region + optional: true + - name: EXPORT_AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: mev-inspect-export + key: export-aws-access-key-id + optional: true + - name: EXPORT_AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mev-inspect-export + key: export-aws-secret-access-key + optional: true {{- range .Values.extraEnv }} - name: {{ .name }} value: {{ .value }} diff --git a/mev_inspect/s3_export.py b/mev_inspect/s3_export.py index 8477287..e1db97f 100644 --- a/mev_inspect/s3_export.py +++ b/mev_inspect/s3_export.py @@ -54,6 +54,8 @@ def get_s3_client(): "s3", endpoint_url=endpoint_url, region_name=get_export_bucket_region(), + aws_access_key_id=get_export_aws_access_key_id(), + aws_secret_access_key=get_export_aws_secret_access_key(), ) @@ -67,3 +69,11 @@ def get_export_bucket_name() -> str: def get_export_bucket_region() -> str: return os.environ["EXPORT_BUCKET_REGION"] + + +def get_export_aws_access_key_id() -> str: + return os.environ["EXPORT_AWS_ACCESS_KEY_ID"] + + +def get_export_aws_secret_access_key() -> str: + return os.environ["EXPORT_AWS_SECRET_ACCESS_KEY"]