diff --git a/docs/user/environment-variables.md b/docs/user/environment-variables.md index b9ae79b0ed0..bedd18a0e28 100644 --- a/docs/user/environment-variables.md +++ b/docs/user/environment-variables.md @@ -38,6 +38,8 @@ The installer accepts a number of environment variable that allow the interactiv ## Platform-Specific +* `AWS_PROFILE`: + The AWS profile that corresponds to value in `${HOME}/.aws/credentials`. If not provided, the default is "default". * `OPENSHIFT_INSTALL_AWS_REGION`: The AWS region to be used for installation. * `OPENSHIFT_INSTALL_LIBVIRT_URI`: diff --git a/pkg/asset/manifests/content/tectonic/aws-creds-secret.go b/pkg/asset/manifests/content/tectonic/aws-creds-secret.go new file mode 100644 index 00000000000..6d541ed7652 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/aws-creds-secret.go @@ -0,0 +1,23 @@ +package tectonic + +import ( + "text/template" +) + +var ( + // AwsCredsSecret is the constant to represent contents of aws-creds-secret.yaml file + AwsCredsSecret = template.Must(template.New("aws-creds-secret.json").Parse(` +{ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "namespace": "kube-system", + "name": "aws-creds-secret" + }, + "data": { + "aws_access_key_id": "{{.Base64encodeAWSaccessKeyID}}", + "aws_secret_access_key": "{{.Base64encodeAWSsecretAccessKey}}" + } +} +`)) +) diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go index bbee48962b8..85570921745 100644 --- a/pkg/asset/manifests/tectonic.go +++ b/pkg/asset/manifests/tectonic.go @@ -5,6 +5,7 @@ import ( "encoding/base64" "path/filepath" + "github.com/aws/aws-sdk-go/aws/credentials" "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" content "github.com/openshift/installer/pkg/asset/manifests/content/tectonic" @@ -39,8 +40,20 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error { ingressCertKey := &tls.IngressCertKey{} kubeCA := &tls.KubeCA{} dependencies.Get(installConfig, ingressCertKey, kubeCA) + // TODO: Fix this... to initiate an empty creds.... + creds := credentials.Value{AccessKeyID: "", SecretAccessKey: ""} + var err error + if installConfig.Config.Platform.AWS != nil { + p := credentials.SharedCredentialsProvider{} + creds, err = p.Retrieve() + if err != nil { + return err + } + } templateData := &tectonicTemplateData{ + Base64encodeAWSaccessKeyID: base64.StdEncoding.EncodeToString([]byte(creds.AccessKeyID)), + Base64encodeAWSsecretAccessKey: base64.StdEncoding.EncodeToString([]byte(creds.SecretAccessKey)), IngressCaCert: base64.StdEncoding.EncodeToString(kubeCA.Cert()), IngressKind: "haproxy-router", IngressStatusPassword: installConfig.Config.Admin.Password, // FIXME: generate a new random one instead? @@ -55,6 +68,7 @@ func (t *Tectonic) Generate(dependencies asset.Parents) error { } assetData := map[string][]byte{ + "99_aws-creds-secret.json": applyTemplateData(content.AwsCredsSecret, templateData), "99_binding-discovery.yaml": []byte(content.BindingDiscovery), "99_kube-addon-00-appversion.yaml": []byte(content.AppVersionKubeAddon), "99_kube-addon-01-operator.yaml": applyTemplateData(content.KubeAddonOperator, templateData), diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 0913c86294e..c6e685c1b82 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -33,6 +33,8 @@ type bootkubeTemplateData struct { } type tectonicTemplateData struct { + Base64encodeAWSaccessKeyID string + Base64encodeAWSsecretAccessKey string IngressCaCert string IngressKind string IngressStatusPassword string