diff --git a/Makefile b/Makefile index cac0b388f..fd18a36ca 100644 --- a/Makefile +++ b/Makefile @@ -266,7 +266,7 @@ dev-templates: templates-generate .PHONY: dev-aws dev-aws: yq - @$(YQ) e ".data.credentials = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f - + @$(YQ) e ".stringData.AWS_B64ENCODED_CREDENTIALS = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f - .PHONY: dev-apply dev-apply: kind-deploy registry-deploy dev-push dev-deploy dev-templates dev-aws diff --git a/README.md b/README.md index 591018e96..916c32164 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,8 @@ spec: providers: - template: k0smotron - config: - credentialsSecretName: aws-credentials + configSecret: + name: aws-variables template: cluster-api-provider-aws ``` diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go index 6963f7c9d..14baad517 100644 --- a/api/v1alpha1/management_types.go +++ b/api/v1alpha1/management_types.go @@ -25,7 +25,9 @@ const ( DefaultCoreCAPITemplate = "cluster-api" DefaultCAPAConfig = `{ - "credentialsSecretName": "aws-credentials" + "configSecret": { + "name": "aws-variables" + } }` ManagementName = "hmc" diff --git a/config/dev/awscredentials.yaml b/config/dev/awscredentials.yaml index e4546e87c..56ae826f7 100644 --- a/config/dev/awscredentials.yaml +++ b/config/dev/awscredentials.yaml @@ -1,11 +1,11 @@ apiVersion: v1 -data: - credentials: Cg== +stringData: + AWS_B64ENCODED_CREDENTIALS: Cg== kind: Secret metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws clusterctl.cluster.x-k8s.io: "" - name: aws-credentials + name: aws-variables namespace: hmc-system type: Opaque diff --git a/docs/aws/credentials.md b/docs/aws/credentials.md index 7f11fdd8a..6f96dda16 100644 --- a/docs/aws/credentials.md +++ b/docs/aws/credentials.md @@ -21,8 +21,15 @@ export AWS_SESSION_TOKEN= # Optional. If you are using Multi-Fact export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile) ``` -4. Create the secret with AWS credentials in the `hmc-system` namespace: +4. Create the secret with AWS variables: + +> By default, HMC fetches the AWS variables configuration from the `aws-variables` secret in the `hmc-system` +> namespace. If you want to change the name of the secret you should overwrite the configuration of the cluster +> API provider AWS in the HMC Management object. \ +> For details, see: [Extended Management Configuration](../../README.md#extended-management-configuration) + +> You can also provide additional configuration variables, but the `AWS_B64ENCODED_CREDENTIALS` parameter is required. ``` -kubectl create secret generic aws-credentials -n hmc-system --from-literal credentials="$(echo $AWS_B64ENCODED_CREDENTIALS | base64 -d)" +kubectl create secret generic aws-variables -n hmc-system --from-literal AWS_B64ENCODED_CREDENTIALS="$AWS_B64ENCODED_CREDENTIALS" ```