Add ramen cloud credentials secret in managed clusters

We configured ramen to access velero cloud-credentials secret: veleroNamespaceSecretKeyRef: key: cloud name: cloud-credentials Using the secret created by `velero install`. However this secret is installed in `velero` namespace and we need it in `ramen-system` namespace. Signed-off-by: Nir Soffer <nsoffer@redhat.com>
nirs · Jul 18, 2023 · 0205e7c · 0205e7c
1 parent d6f4e02
commit 0205e7c
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/ramenctl/ramenctl/config.py b/ramenctl/ramenctl/config.py
@@ -40,6 +40,28 @@ def run(args):
         log=command.debug,
     )
 
+    command.debug(
+        "Getting velero cloud credentials from cluster '%s'",
+        env["clusters"][0],
+    )
+    cloud = kubectl.get(
+        "secret/cloud-credentials",
+        "--namespace=velero",
+        "--output=jsonpath={.data.cloud}",
+        context=env["clusters"][0],
+    )
+    template = drenv.template(command.resource("cloud-credentials-secret.yaml"))
+    yaml = template.substitute(cloud=cloud, namespace=args.ramen_namespace)
+
+    for cluster in env["clusters"]:
+        command.info("Creating cloud credentials secret in cluster '%s'", cluster)
+        kubectl.apply(
+            "--filename=-",
+            input=yaml,
+            context=cluster,
+            log=command.debug,
+        )
+
     command.info("Updating ramen config map")
     template = drenv.template(command.resource("configmap.yaml"))
     yaml = template.substitute(

diff --git a/ramenctl/ramenctl/resources/cloud-credentials-secret.yaml b/ramenctl/ramenctl/resources/cloud-credentials-secret.yaml
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: The RamenDR authors
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: cloud-credentials
+  namespace: $namespace
+data:
+  cloud: $cloud
diff --git a/ramenctl/ramenctl/unconfig.py b/ramenctl/ramenctl/unconfig.py
@@ -47,3 +47,16 @@ def run(args):
         context=env["hub"],
         log=command.debug,
     )
+
+    template = drenv.template(command.resource("cloud-credentials-secret.yaml"))
+    yaml = template.substitute(cloud="", namespace=args.ramen_namespace)
+
+    for cluster in env["clusters"]:
+        command.info("Deleting cloud credentials secret in cluster '%s'", cluster)
+        kubectl.delete(
+            "--filename=-",
+            "--ignore-not-found",
+            input=yaml,
+            context=cluster,
+            log=command.debug,
+        )