Skip secret generation for production env

Retales-To: #654 Change-Id: I984cfbc0e67ec32ae70ae3646bd59f5911494afb
airshipit · Dec 1, 2021 · 4ed3a80 · 4ed3a80
1 parent 6d79781
commit 4ed3a80
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml b/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
@@ -43,6 +43,13 @@
   path: "/spec/containers/6/env/10/value"
   value: none
 
+# The following relate to secret regeneration
+# Set this to "true" in production environment to prevent secret generation
+# and secret show
+- op: replace
+  path: "/spec/containers/6/env/11/value"
+  value: "false"
+
 # The following relate to authorization for pulling the airshipctl repository
 # This is the type of authorization to use. Currently supported types are
 # [none http-basic ssh-key]

diff --git a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
@@ -332,6 +332,8 @@ spec:
         value:
       - name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE
         value: "none"
+      - name: SKIP_REGENERATE
+        value:
 
     volumeMounts:
       - name: cache

diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
@@ -76,7 +76,10 @@ else
   export NO_CHECKOUT="true"
 fi
 ./tools/deployment/23_pull_documents.sh
-./tools/deployment/23_generate_secrets.sh
+
+if [[ "$SKIP_REGENERATE" = "false"  ]]; then
+  ./tools/deployment/23_generate_secrets.sh
+fi
 
 repo_url=$(yq -r .manifests.dummy_manifest.repositories.primary.url /root/.airship/config)
 repo_name=$(basename ${repo_url})