Patch vault path for route53 key in each overlay

While we have a "nerc-certificate-issuer" component, it was only used on nerc-ocp-prod. In order to use this on other clusters, we'll need to patch the ExternalSecret resource with a new key path. This commit implements that behavior for nerc-ocp-prod to keep things consistent as we add new clusters. Part-of: nerc-project/operations#285
OCP-on-NERC · Nov 14, 2023 · e4b2e46 · e4b2e46
1 parent 7e7e069
commit e4b2e46
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/cluster-scope/components/nerc-certificate-issuer/aws-route53-credentials.yaml b/cluster-scope/components/nerc-certificate-issuer/aws-route53-credentials.yaml
@@ -18,4 +18,4 @@ spec:
         labels: {}
   dataFrom:
     - extract:
-        key: nerc/nerc-ocp-prod/aws-route53-credentials
+        key: REPLACE_IN_OVERLAY
diff --git a/cluster-scope/overlays/nerc-ocp-prod/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-prod/kustomization.yaml
@@ -91,6 +91,13 @@ patches:
     - op: replace
       path: /spec/data/0/remoteRef/key
       value: nerc/nerc-ocp-prod/openshift-config/oauths-clientsecret-nerc
+- target:
+    kind: ExternalSecret
+    name: aws-route53-credentials
+  patch: |
+    - op: replace
+      path: /spec/dataFrom/0/extract/key
+      value: nerc/nerc-ocp-prod/aws-route53-credentials
 - target:
     kind: ExternalSecret
     name: github-client-secret