Rework AWS credentials secret data

Since CAPA requires exactly AWS_B64ENCODED_CREDENTIALS key
K0rdent · Aug 27, 2024 · 05b9847 · 05b9847
1 parent 7d611a7
commit 05b9847
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -266,7 +266,7 @@ dev-templates: templates-generate
 
 .PHONY: dev-aws
 dev-aws: yq
-	@$(YQ) e ".data.credentials = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f -
+	@$(YQ) e ".stringData.AWS_B64ENCODED_CREDENTIALS = \"${AWS_CREDENTIALS}\"" config/dev/awscredentials.yaml | $(KUBECTL) -n $(NAMESPACE) apply -f -
 
 .PHONY: dev-apply
 dev-apply: kind-deploy registry-deploy dev-push dev-deploy dev-templates dev-aws

diff --git a/README.md b/README.md
@@ -66,7 +66,8 @@ spec:
   providers:
   - template: k0smotron
   - config:
-      credentialsSecretName: aws-credentials
+      configSecret:
+       name: aws-variables
     template: cluster-api-provider-aws
 ```
 

diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go
@@ -25,7 +25,9 @@ const (
 	DefaultCoreCAPITemplate = "cluster-api"
 
 	DefaultCAPAConfig = `{
-		"credentialsSecretName": "aws-credentials"
+		"configSecret": {
+           "name": "aws-variables"
+        }
 	}`
 
 	ManagementName      = "hmc"

diff --git a/config/dev/awscredentials.yaml b/config/dev/awscredentials.yaml
@@ -1,11 +1,11 @@
 apiVersion: v1
-data:
-  credentials: Cg==
+stringData:
+  AWS_B64ENCODED_CREDENTIALS: Cg==
 kind: Secret
 metadata:
   labels:
     cluster.x-k8s.io/provider: infrastructure-aws
     clusterctl.cluster.x-k8s.io: ""
-  name: aws-credentials
+  name: aws-variables
   namespace: hmc-system
 type: Opaque
diff --git a/docs/aws/credentials.md b/docs/aws/credentials.md
@@ -21,8 +21,15 @@ export AWS_SESSION_TOKEN=<session-token> # Optional. If you are using Multi-Fact
 export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile)
 ```
 
-4. Create the secret with AWS credentials in the `hmc-system` namespace:
+4. Create the secret with AWS variables:
+
+> By default, HMC fetches the AWS variables configuration from the `aws-variables` secret in the `hmc-system`
+> namespace. If you want to change the name of the secret you should overwrite the configuration of the cluster 
+> API provider AWS in the HMC Management object. \
+> For details, see: [Extended Management Configuration](../../README.md#extended-management-configuration)
+
+> You can also provide additional configuration variables, but the `AWS_B64ENCODED_CREDENTIALS` parameter is required.
 
 ```
-kubectl create secret generic aws-credentials -n hmc-system --from-literal credentials="$(echo $AWS_B64ENCODED_CREDENTIALS | base64 -d)"
+kubectl create secret generic aws-variables -n hmc-system --from-literal AWS_B64ENCODED_CREDENTIALS="$AWS_B64ENCODED_CREDENTIALS"
 ```