From de3bdb446ec16cda98de4802338561690a68212e Mon Sep 17 00:00:00 2001 From: Deep Mistry Date: Thu, 20 Nov 2025 09:11:19 -0500 Subject: [PATCH] Order secret bootstrap config for deterministic output --- .../ci-secret-bootstrap/_config.yaml | 11948 ++++++++-------- 1 file changed, 5967 insertions(+), 5981 deletions(-) diff --git a/core-services/ci-secret-bootstrap/_config.yaml b/core-services/ci-secret-bootstrap/_config.yaml index 1c5f08cd2c89a..8cf37661c4570 100644 --- a/core-services/ci-secret-bootstrap/_config.yaml +++ b/core-services/ci-secret-bootstrap/_config.yaml @@ -64,190 +64,41 @@ cluster_groups: - build05 secret_configs: - from: - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - rh-cdn.pem: - field: rh-cdn.pem - item: rh-cdn - to: - - cluster_groups: - - build_farm - name: mirror.openshift.com - namespace: ocp -- from: - authorized_keys: - field: authorized_keys - item: sshd-bastion-slack-bot-alpha - to: - - cluster: app.ci - name: sshd-slack-bot-alpha-authorized-keys - namespace: ci -- from: - ssh_host_dsa_key: - field: ssh_host_dsa_key - item: sshd-bastion-slack-bot-alpha - ssh_host_ecdsa_key: - field: ssh_host_ecdsa_key - item: sshd-bastion-slack-bot-alpha - ssh_host_ed25519_key: - field: ssh_host_ed25519_key - item: sshd-bastion-slack-bot-alpha - ssh_host_rsa_key: - field: ssh_host_rsa_key - item: sshd-bastion-slack-bot-alpha + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: aws_ci_infra_ci-app-ci-audit-logs-uploader + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: aws_ci_infra_ci-app-ci-audit-logs-uploader to: - cluster: app.ci - name: sshd-slack-bot-alpha-host-keys - namespace: ci -- from: - authorized_keys: - field: authorized_keys - item: sshd-bastion-z - to: - - cluster_groups: - - bastion - name: sshd-authorized-keys - namespace: bastion-z -- from: - ssh_host_dsa_key: - field: ssh_host_dsa_key - item: sshd-bastion-z - ssh_host_ecdsa_key: - field: ssh_host_ecdsa_key - item: sshd-bastion-z - ssh_host_ed25519_key: - field: ssh_host_ed25519_key - item: sshd-bastion-z - ssh_host_rsa_key: - field: ssh_host_rsa_key - item: sshd-bastion-z - to: - - cluster_groups: - - bastion - name: sshd-host-keys - namespace: bastion-z -- from: - authorized_keys: - field: authorized_keys - item: sshd-bastion-ppc64le - to: - - cluster_groups: - - bastion - name: sshd-authorized-keys - namespace: bastion-ppc64le -- from: - ssh_host_dsa_key: - field: ssh_host_dsa_key - item: sshd-bastion-ppc64le - ssh_host_ecdsa_key: - field: ssh_host_ecdsa_key - item: sshd-bastion-ppc64le - ssh_host_ed25519_key: - field: ssh_host_ed25519_key - item: sshd-bastion-ppc64le - ssh_host_rsa_key: - field: ssh_host_rsa_key - item: sshd-bastion-ppc64le - to: - - cluster_groups: - - bastion - name: sshd-host-keys - namespace: bastion-ppc64le -- from: - authorized_keys: - field: authorized_keys - item: sshd-bastion-ppc64le-libvirt - to: - - cluster_groups: - - bastion - name: sshd-authorized-keys - namespace: bastion-ppc64le-libvirt -- from: - ssh_host_dsa_key: - field: ssh_host_dsa_key - item: sshd-bastion-ppc64le-libvirt - ssh_host_ecdsa_key: - field: ssh_host_ecdsa_key - item: sshd-bastion-ppc64le-libvirt - ssh_host_ed25519_key: - field: ssh_host_ed25519_key - item: sshd-bastion-ppc64le-libvirt - ssh_host_rsa_key: - field: ssh_host_rsa_key - item: sshd-bastion-ppc64le-libvirt - to: - - cluster_groups: - - bastion - name: sshd-host-keys - namespace: bastion-ppc64le-libvirt -- from: - authorized_keys: - field: authorized_keys - item: sshd-bastion-telco - to: - - cluster_groups: - - bastion - name: sshd-authorized-keys - namespace: bastion-telco -- from: - ssh_host_dsa_key: - field: ssh_host_dsa_key - item: sshd-bastion-telco - ssh_host_ecdsa_key: - field: ssh_host_ecdsa_key - item: sshd-bastion-telco - ssh_host_ed25519_key: - field: ssh_host_ed25519_key - item: sshd-bastion-telco - ssh_host_rsa_key: - field: ssh_host_rsa_key - item: sshd-bastion-telco - to: - - cluster_groups: - - bastion - name: sshd-host-keys - namespace: bastion-telco + name: aws-ci-infra-ci-app-ci-audit-logs-uploader-credentials + namespace: api-audit-log - from: - api: - field: api-key - item: openshift-bugzilla-robot + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: cert-manager + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: cert-manager + key.json: + field: service-account.json + item: cert-issuer + openshift-ci-build-farm-cert-issuer.json: + field: service-account.json + item: openshift-ci-build-farm-cert-issuer to: - cluster_groups: - - build_farm - name: bugzilla-credentials-openshift-bugzilla-robot - namespace: ci -- from: - oauth: - field: github-oauth-token - item: openshift-bot - to: - - cluster: app.ci - name: github-credentials-openshift-bot - namespace: ci -- from: - oauth: - field: github-oauth-token - item: openshift-cherrypick-robot - to: - - cluster: app.ci - name: github-credentials-openshift-cherrypick-robot - namespace: ci -- from: - oauth: - field: github-oauth-token - item: openshift-ci-robot - to: - - cluster: app.ci - name: github-credentials-openshift-ci-robot - namespace: ci + - managed_clusters + name: cert-issuer + namespace: cert-manager - from: - oauth: - field: github-oauth-token - item: openshift-merge-robot + sa.ci-monitoring.app.ci.token.txt: + field: sa.ci-monitoring.app.ci.token.txt + item: openshift-monitoring-credentials to: - cluster: app.ci - name: github-credentials-openshift-merge-robot + name: app-ci-openshift-user-workload-monitoring-credentials namespace: ci - from: oauth: @@ -258,2077 +109,2646 @@ secret_configs: name: aws-bedrock-token namespace: ci - from: - oauth: - field: github-oauth-token-peribolos - item: openshift-merge-robot + bw_password: + field: password + item: OpenShift CI Bitwarden Bot to: - cluster: app.ci - name: github-credentials-openshift-merge-robot-peribolos-token + name: bitwarden-credentials-openshift-ci-bitwarden-bot namespace: ci - from: - oauth: - field: private-git-cloner - item: openshift-ci-robot + ci.htpasswd: + field: ci.htpasswd + item: boskos-oauth-proxy + credentials: + field: boskos-credentials + item: boskos-oauth-proxy to: - cluster_groups: - build_farm - name: github-credentials-openshift-ci-robot-private-git-cloner - namespace: ci -- from: - oauth: - field: oauth-token - item: slack-credentials-prow - to: - - cluster: app.ci - name: slack-credentials-prow - namespace: ci -- from: - url: - field: url - item: ci-slack-api-url - to: - - cluster: app.ci - name: ci-slack-api-url + name: boskos-credentials namespace: ci - from: - integration_key: - field: integration_key - item: pagerduty - token: - field: token - item: pagerduty + api: + field: api-key + item: openshift-bugzilla-robot to: - - cluster: app.ci - name: pagerduty + - cluster_groups: + - build_farm + name: bugzilla-credentials-openshift-bugzilla-robot namespace: ci - from: - config.json: - field: client-configuration - item: prow.ci.openshift.org - to: - - cluster: app.ci - name: github-app-credentials - namespace: ci -- from: - config.json: - field: client-configuration - item: deck-internal-ci.apps.ci.l2s4.p1.openshiftapps.com - to: - - cluster: app.ci - name: github-app-credentials-private - namespace: ci -- from: - config.json: - field: client-configuration - item: qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com - to: - - cluster: app.ci - name: github-app-qe-private-deck - namespace: ci -- from: - cookie: - field: cookie32 - item: prow.ci.openshift.org + sa.ci-chat-bot.build01.config: + field: sa.ci-chat-bot.build01.config + item: ci-chat-bot + sa.ci-chat-bot.build01.token.txt: + field: sa.ci-chat-bot.build01.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build02.config: + field: sa.ci-chat-bot.build02.config + item: ci-chat-bot + sa.ci-chat-bot.build02.token.txt: + field: sa.ci-chat-bot.build02.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build03.config: + field: sa.ci-chat-bot.build03.config + item: ci-chat-bot + sa.ci-chat-bot.build03.token.txt: + field: sa.ci-chat-bot.build03.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build04.config: + field: sa.ci-chat-bot.build04.config + item: ci-chat-bot + sa.ci-chat-bot.build04.token.txt: + field: sa.ci-chat-bot.build04.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build05.config: + field: sa.ci-chat-bot.build05.config + item: ci-chat-bot + sa.ci-chat-bot.build05.token.txt: + field: sa.ci-chat-bot.build05.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build06.config: + field: sa.ci-chat-bot.build06.config + item: ci-chat-bot + sa.ci-chat-bot.build06.token.txt: + field: sa.ci-chat-bot.build06.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build07.config: + field: sa.ci-chat-bot.build07.config + item: ci-chat-bot + sa.ci-chat-bot.build07.token.txt: + field: sa.ci-chat-bot.build07.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build08.config: + field: sa.ci-chat-bot.build08.config + item: ci-chat-bot + sa.ci-chat-bot.build08.token.txt: + field: sa.ci-chat-bot.build08.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build09.config: + field: sa.ci-chat-bot.build09.config + item: ci-chat-bot + sa.ci-chat-bot.build09.token.txt: + field: sa.ci-chat-bot.build09.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build10.config: + field: sa.ci-chat-bot.build10.config + item: ci-chat-bot + sa.ci-chat-bot.build10.token.txt: + field: sa.ci-chat-bot.build10.token.txt + item: ci-chat-bot + sa.ci-chat-bot.build11.config: + field: sa.ci-chat-bot.build11.config + item: ci-chat-bot + sa.ci-chat-bot.build11.token.txt: + field: sa.ci-chat-bot.build11.token.txt + item: ci-chat-bot + sa.ci-chat-bot.core-ci.config: + field: sa.ci-chat-bot.core-ci.config + item: ci-chat-bot + sa.ci-chat-bot.core-ci.token.txt: + field: sa.ci-chat-bot.core-ci.token.txt + item: ci-chat-bot + sa.ci-chat-bot.vsphere02.config: + field: sa.ci-chat-bot.vsphere02.config + item: ci-chat-bot + sa.ci-chat-bot.vsphere02.token.txt: + field: sa.ci-chat-bot.vsphere02.token.txt + item: ci-chat-bot + sa.hypershift-workload.hosted-mgmt.config: + field: sa.hypershift-workload.hosted-mgmt.config + item: build_farm + sa.hypershift-workload.hosted-mgmt.token.txt: + field: sa.hypershift-workload.hosted-mgmt.token.txt + item: build_farm to: - cluster: app.ci - name: cookie + name: ci-chat-bot-kubeconfigs namespace: ci - from: - hmac: - field: hmac-token - item: hmac - hmac.yaml: - field: ci-bot-github-app-combined.yaml - item: hmac + sa.ci-images-mirror.app.ci.config: + field: sa.ci-images-mirror.app.ci.config + item: build_farm + sa.ci-images-mirror.app.ci.token.txt: + field: sa.ci-images-mirror.app.ci.token.txt + item: build_farm to: - cluster: app.ci - name: github-webhook-credentials + name: ci-images-mirror namespace: ci - from: - api-key: - field: api-key - item: unsplash.com + url: + field: url + item: ci-slack-api-url to: - cluster: app.ci - name: unsplash-api-key - namespace: ci -- from: - service-account.json: - field: credentials.json - item: gcs-publisher - to: - - cluster_groups: - - build_farm - name: gce-sa-credentials-gcs-publisher - namespace: ci - - cluster_groups: - - build_farm - name: gce-sa-credentials-gcs-publisher - namespace: test-credentials - - cluster: hosted-mgmt - name: gce-sa-credentials-gcs-publisher + name: ci-slack-api-url namespace: ci - from: - service-account.json: - field: credentials.json - item: gcs-tide-publisher + sa.cluster-display.app.ci.config: + field: sa.cluster-display.app.ci.config + item: build_farm + sa.cluster-display.app.ci.token.txt: + field: sa.cluster-display.app.ci.token.txt + item: build_farm + sa.cluster-display.build01.config: + field: sa.cluster-display.build01.config + item: build_farm + sa.cluster-display.build01.token.txt: + field: sa.cluster-display.build01.token.txt + item: build_farm + sa.cluster-display.build02.config: + field: sa.cluster-display.build02.config + item: build_farm + sa.cluster-display.build02.token.txt: + field: sa.cluster-display.build02.token.txt + item: build_farm + sa.cluster-display.build03.config: + field: sa.cluster-display.build03.config + item: build_farm + sa.cluster-display.build03.token.txt: + field: sa.cluster-display.build03.token.txt + item: build_farm + sa.cluster-display.build04.config: + field: sa.cluster-display.build04.config + item: build_farm + sa.cluster-display.build04.token.txt: + field: sa.cluster-display.build04.token.txt + item: build_farm + sa.cluster-display.build05.config: + field: sa.cluster-display.build05.config + item: build_farm + sa.cluster-display.build05.token.txt: + field: sa.cluster-display.build05.token.txt + item: build_farm + sa.cluster-display.build06.config: + field: sa.cluster-display.build06.config + item: build_farm + sa.cluster-display.build06.token.txt: + field: sa.cluster-display.build06.token.txt + item: build_farm + sa.cluster-display.build07.config: + field: sa.cluster-display.build07.config + item: build_farm + sa.cluster-display.build07.token.txt: + field: sa.cluster-display.build07.token.txt + item: build_farm + sa.cluster-display.build08.config: + field: sa.cluster-display.build08.config + item: build_farm + sa.cluster-display.build08.token.txt: + field: sa.cluster-display.build08.token.txt + item: build_farm + sa.cluster-display.build09.config: + field: sa.cluster-display.build09.config + item: build_farm + sa.cluster-display.build09.token.txt: + field: sa.cluster-display.build09.token.txt + item: build_farm + sa.cluster-display.build10.config: + field: sa.cluster-display.build10.config + item: build_farm + sa.cluster-display.build10.token.txt: + field: sa.cluster-display.build10.token.txt + item: build_farm + sa.cluster-display.build11.config: + field: sa.cluster-display.build11.config + item: build_farm + sa.cluster-display.build11.token.txt: + field: sa.cluster-display.build11.token.txt + item: build_farm + sa.cluster-display.core-ci.config: + field: sa.cluster-display.core-ci.config + item: build_farm + sa.cluster-display.core-ci.token.txt: + field: sa.cluster-display.core-ci.token.txt + item: build_farm + sa.cluster-display.hosted-mgmt.config: + field: sa.cluster-display.hosted-mgmt.config + item: build_farm + sa.cluster-display.hosted-mgmt.token.txt: + field: sa.cluster-display.hosted-mgmt.token.txt + item: build_farm + sa.cluster-display.vsphere02.config: + field: sa.cluster-display.vsphere02.config + item: build_farm + sa.cluster-display.vsphere02.token.txt: + field: sa.cluster-display.vsphere02.token.txt + item: build_farm to: - cluster: app.ci - name: gce-sa-credentials-gcs-tide-publisher - namespace: ci -- from: - service-account.json: - field: credentials.json - item: resource-usage-data-publisher - to: - - cluster_groups: - - build_farm - name: gce-sa-credentials-resource-usage-data-publisher + name: cluster-display namespace: ci - from: - service-account.json: - field: credentials.json - item: gcs-private - to: - - cluster_groups: - - build_farm - name: gce-sa-credentials-gcs-private - namespace: ci -- from: - service-account.json: - field: credentials.json - item: gcs-qe-private-deck + sa.cluster-init.build01.config: + field: sa.cluster-init.build01.config + item: build_farm + sa.cluster-init.build01.token.txt: + field: sa.cluster-init.build01.token.txt + item: build_farm + sa.cluster-init.build02.config: + field: sa.cluster-init.build02.config + item: build_farm + sa.cluster-init.build02.token.txt: + field: sa.cluster-init.build02.token.txt + item: build_farm + sa.cluster-init.build03.config: + field: sa.cluster-init.build03.config + item: build_farm + sa.cluster-init.build03.token.txt: + field: sa.cluster-init.build03.token.txt + item: build_farm + sa.cluster-init.build04.config: + field: sa.cluster-init.build04.config + item: build_farm + sa.cluster-init.build04.token.txt: + field: sa.cluster-init.build04.token.txt + item: build_farm + sa.cluster-init.build05.config: + field: sa.cluster-init.build05.config + item: build_farm + sa.cluster-init.build05.token.txt: + field: sa.cluster-init.build05.token.txt + item: build_farm + sa.cluster-init.build06.config: + field: sa.cluster-init.build06.config + item: build_farm + sa.cluster-init.build06.token.txt: + field: sa.cluster-init.build06.token.txt + item: build_farm + sa.cluster-init.build07.config: + field: sa.cluster-init.build07.config + item: build_farm + sa.cluster-init.build07.token.txt: + field: sa.cluster-init.build07.token.txt + item: build_farm + sa.cluster-init.build08.config: + field: sa.cluster-init.build08.config + item: build_farm + sa.cluster-init.build08.token.txt: + field: sa.cluster-init.build08.token.txt + item: build_farm + sa.cluster-init.build09.config: + field: sa.cluster-init.build09.config + item: build_farm + sa.cluster-init.build09.token.txt: + field: sa.cluster-init.build09.token.txt + item: build_farm + sa.cluster-init.build10.config: + field: sa.cluster-init.build10.config + item: build_farm + sa.cluster-init.build10.token.txt: + field: sa.cluster-init.build10.token.txt + item: build_farm + sa.cluster-init.build11.config: + field: sa.cluster-init.build11.config + item: build_farm + sa.cluster-init.build11.token.txt: + field: sa.cluster-init.build11.token.txt + item: build_farm + sa.cluster-init.core-ci.config: + field: sa.cluster-init.core-ci.config + item: build_farm + sa.cluster-init.core-ci.token.txt: + field: sa.cluster-init.core-ci.token.txt + item: build_farm + sa.cluster-init.vsphere02.config: + field: sa.cluster-init.vsphere02.config + item: build_farm + sa.cluster-init.vsphere02.token.txt: + field: sa.cluster-init.vsphere02.token.txt + item: build_farm to: - cluster_groups: - build_farm - name: gce-sa-credentials-gcs-qe-private-deck - namespace: ci -- from: - service-account.json: - field: credentials.json - item: gcs-crier-publisher - to: - - cluster: app.ci - name: gce-sa-credentials-gcs-crier-publisher + name: cluster-init namespace: ci - from: - config.json: - field: push-credentials - item: quay.io/openshift-knative + sa.config-updater.app.ci.config: + field: sa.config-updater.app.ci.config + item: config-updater + sa.config-updater.build01.config: + field: sa.config-updater.build01.config + item: config-updater + sa.config-updater.build02.config: + field: sa.config-updater.build02.config + item: config-updater + sa.config-updater.build03.config: + field: sa.config-updater.build03.config + item: config-updater + sa.config-updater.build04.config: + field: sa.config-updater.build04.config + item: config-updater + sa.config-updater.build05.config: + field: sa.config-updater.build05.config + item: config-updater + sa.config-updater.build06.config: + field: sa.config-updater.build06.config + item: config-updater + sa.config-updater.build07.config: + field: sa.config-updater.build07.config + item: config-updater + sa.config-updater.build08.config: + field: sa.config-updater.build08.config + item: config-updater + sa.config-updater.build09.config: + field: sa.config-updater.build09.config + item: config-updater + sa.config-updater.build10.config: + field: sa.config-updater.build10.config + item: config-updater + sa.config-updater.build11.config: + field: sa.config-updater.build11.config + item: config-updater + sa.config-updater.core-ci.config: + field: sa.config-updater.core-ci.config + item: config-updater + sa.config-updater.hosted-mgmt.config: + field: sa.config-updater.hosted-mgmt.config + item: config-updater + sa.config-updater.vsphere02.config: + field: sa.config-updater.vsphere02.config + item: config-updater to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshift-knative + name: config-updater namespace: ci -- from: - config.json: - field: push-credentials - item: quay.io/openshift-kni - to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshift-kni - namespace: ci + name: config-updater + namespace: vault - from: - config.json: - field: push-credentials - item: quay.io/openshiftio + cookie: + field: cookie32 + item: prow.ci.openshift.org to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshiftio + name: cookie namespace: ci - from: - config.json: - field: push-credentials - item: quay.io/openshift-pipeline + sa.crier.app.ci.config: + field: sa.crier.app.ci.config + item: build_farm + sa.crier.app.ci.token.txt: + field: sa.crier.app.ci.token.txt + item: build_farm + sa.crier.build01.config: + field: sa.crier.build01.config + item: build_farm + sa.crier.build01.token.txt: + field: sa.crier.build01.token.txt + item: build_farm + sa.crier.build02.config: + field: sa.crier.build02.config + item: build_farm + sa.crier.build02.token.txt: + field: sa.crier.build02.token.txt + item: build_farm + sa.crier.build03.config: + field: sa.crier.build03.config + item: build_farm + sa.crier.build03.token.txt: + field: sa.crier.build03.token.txt + item: build_farm + sa.crier.build04.config: + field: sa.crier.build04.config + item: build_farm + sa.crier.build04.token.txt: + field: sa.crier.build04.token.txt + item: build_farm + sa.crier.build05.config: + field: sa.crier.build05.config + item: build_farm + sa.crier.build05.token.txt: + field: sa.crier.build05.token.txt + item: build_farm + sa.crier.build06.config: + field: sa.crier.build06.config + item: build_farm + sa.crier.build06.token.txt: + field: sa.crier.build06.token.txt + item: build_farm + sa.crier.build07.config: + field: sa.crier.build07.config + item: build_farm + sa.crier.build07.token.txt: + field: sa.crier.build07.token.txt + item: build_farm + sa.crier.build08.config: + field: sa.crier.build08.config + item: build_farm + sa.crier.build08.token.txt: + field: sa.crier.build08.token.txt + item: build_farm + sa.crier.build09.config: + field: sa.crier.build09.config + item: build_farm + sa.crier.build09.token.txt: + field: sa.crier.build09.token.txt + item: build_farm + sa.crier.build10.config: + field: sa.crier.build10.config + item: build_farm + sa.crier.build10.token.txt: + field: sa.crier.build10.token.txt + item: build_farm + sa.crier.build11.config: + field: sa.crier.build11.config + item: build_farm + sa.crier.build11.token.txt: + field: sa.crier.build11.token.txt + item: build_farm + sa.crier.core-ci.config: + field: sa.crier.core-ci.config + item: build_farm + sa.crier.core-ci.token.txt: + field: sa.crier.core-ci.token.txt + item: build_farm + sa.crier.vsphere02.config: + field: sa.crier.vsphere02.config + item: build_farm + sa.crier.vsphere02.token.txt: + field: sa.crier.vsphere02.token.txt + item: build_farm to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshift-pipeline + name: crier namespace: ci - from: - config.json: - field: push-credentials - item: quay.io/codeready-toolchain - to: - - cluster: app.ci - name: registry-push-credentials-quay.io-codeready-toolchain - namespace: ci -- from: - config.json: - field: push-credentials - item: quay.io/integr8ly + sa.deck.app.ci.config: + field: sa.deck.app.ci.config + item: build_farm + sa.deck.app.ci.token.txt: + field: sa.deck.app.ci.token.txt + item: build_farm + sa.deck.build01.config: + field: sa.deck.build01.config + item: build_farm + sa.deck.build01.token.txt: + field: sa.deck.build01.token.txt + item: build_farm + sa.deck.build02.config: + field: sa.deck.build02.config + item: build_farm + sa.deck.build02.token.txt: + field: sa.deck.build02.token.txt + item: build_farm + sa.deck.build03.config: + field: sa.deck.build03.config + item: build_farm + sa.deck.build03.token.txt: + field: sa.deck.build03.token.txt + item: build_farm + sa.deck.build04.config: + field: sa.deck.build04.config + item: build_farm + sa.deck.build04.token.txt: + field: sa.deck.build04.token.txt + item: build_farm + sa.deck.build05.config: + field: sa.deck.build05.config + item: build_farm + sa.deck.build05.token.txt: + field: sa.deck.build05.token.txt + item: build_farm + sa.deck.build06.config: + field: sa.deck.build06.config + item: build_farm + sa.deck.build06.token.txt: + field: sa.deck.build06.token.txt + item: build_farm + sa.deck.build07.config: + field: sa.deck.build07.config + item: build_farm + sa.deck.build07.token.txt: + field: sa.deck.build07.token.txt + item: build_farm + sa.deck.build08.config: + field: sa.deck.build08.config + item: build_farm + sa.deck.build08.token.txt: + field: sa.deck.build08.token.txt + item: build_farm + sa.deck.build09.config: + field: sa.deck.build09.config + item: build_farm + sa.deck.build09.token.txt: + field: sa.deck.build09.token.txt + item: build_farm + sa.deck.build10.config: + field: sa.deck.build10.config + item: build_farm + sa.deck.build10.token.txt: + field: sa.deck.build10.token.txt + item: build_farm + sa.deck.build11.config: + field: sa.deck.build11.config + item: build_farm + sa.deck.build11.token.txt: + field: sa.deck.build11.token.txt + item: build_farm + sa.deck.core-ci.config: + field: sa.deck.core-ci.config + item: build_farm + sa.deck.core-ci.token.txt: + field: sa.deck.core-ci.token.txt + item: build_farm + sa.deck.vsphere02.config: + field: sa.deck.vsphere02.config + item: build_farm + sa.deck.vsphere02.token.txt: + field: sa.deck.vsphere02.token.txt + item: build_farm to: - cluster: app.ci - name: registry-push-credentials-quay.io-integr8ly + name: deck namespace: ci - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: push-token - item: quay.io/openshift-psap - registry_url: quay.io - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org + sa.dptp-controller-manager.build01.config: + field: sa.dptp-controller-manager.build01.config + item: build_farm + sa.dptp-controller-manager.build01.token.txt: + field: sa.dptp-controller-manager.build01.token.txt + item: build_farm + sa.dptp-controller-manager.build02.config: + field: sa.dptp-controller-manager.build02.config + item: build_farm + sa.dptp-controller-manager.build02.token.txt: + field: sa.dptp-controller-manager.build02.token.txt + item: build_farm + sa.dptp-controller-manager.build03.config: + field: sa.dptp-controller-manager.build03.config + item: build_farm + sa.dptp-controller-manager.build03.token.txt: + field: sa.dptp-controller-manager.build03.token.txt + item: build_farm + sa.dptp-controller-manager.build04.config: + field: sa.dptp-controller-manager.build04.config + item: build_farm + sa.dptp-controller-manager.build04.token.txt: + field: sa.dptp-controller-manager.build04.token.txt + item: build_farm + sa.dptp-controller-manager.build05.config: + field: sa.dptp-controller-manager.build05.config + item: build_farm + sa.dptp-controller-manager.build05.token.txt: + field: sa.dptp-controller-manager.build05.token.txt + item: build_farm + sa.dptp-controller-manager.build06.config: + field: sa.dptp-controller-manager.build06.config + item: build_farm + sa.dptp-controller-manager.build06.token.txt: + field: sa.dptp-controller-manager.build06.token.txt + item: build_farm + sa.dptp-controller-manager.build07.config: + field: sa.dptp-controller-manager.build07.config + item: build_farm + sa.dptp-controller-manager.build07.token.txt: + field: sa.dptp-controller-manager.build07.token.txt + item: build_farm + sa.dptp-controller-manager.build08.config: + field: sa.dptp-controller-manager.build08.config + item: build_farm + sa.dptp-controller-manager.build08.token.txt: + field: sa.dptp-controller-manager.build08.token.txt + item: build_farm + sa.dptp-controller-manager.build09.config: + field: sa.dptp-controller-manager.build09.config + item: build_farm + sa.dptp-controller-manager.build09.token.txt: + field: sa.dptp-controller-manager.build09.token.txt + item: build_farm + sa.dptp-controller-manager.build10.config: + field: sa.dptp-controller-manager.build10.config + item: build_farm + sa.dptp-controller-manager.build10.token.txt: + field: sa.dptp-controller-manager.build10.token.txt + item: build_farm + sa.dptp-controller-manager.build11.config: + field: sa.dptp-controller-manager.build11.config + item: build_farm + sa.dptp-controller-manager.build11.token.txt: + field: sa.dptp-controller-manager.build11.token.txt + item: build_farm + sa.dptp-controller-manager.core-ci.config: + field: sa.dptp-controller-manager.core-ci.config + item: build_farm + sa.dptp-controller-manager.core-ci.token.txt: + field: sa.dptp-controller-manager.core-ci.token.txt + item: build_farm + sa.dptp-controller-manager.vsphere02.config: + field: sa.dptp-controller-manager.vsphere02.config + item: build_farm + sa.dptp-controller-manager.vsphere02.token.txt: + field: sa.dptp-controller-manager.vsphere02.token.txt + item: build_farm to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshift-psap + name: dptp-controller-manager namespace: ci - type: kubernetes.io/dockerconfigjson - from: - config.json: - field: config.json - item: quay.io/ovirt + service-account.json: + field: credentials.json + item: gcs-crier-publisher to: - cluster: app.ci - name: registry-push-credentials-quay.io-ovirt + name: gce-sa-credentials-gcs-crier-publisher namespace: ci - from: - config.json: - field: push-credentials - item: quay.io/redhat-developer + service-account.json: + field: credentials.json + item: gcs-private to: - - cluster: app.ci - name: registry-push-credentials-quay.io-redhat-developer + - cluster_groups: + - build_farm + name: gce-sa-credentials-gcs-private namespace: ci - from: - config.json: - field: docker.cfg - item: quay.io/open-cluster-management + service-account.json: + field: credentials.json + item: gcs-publisher to: - - cluster: app.ci - name: registry-push-credentials-quay.io-open-cluster-management + - cluster_groups: + - build_farm + name: gce-sa-credentials-gcs-publisher + namespace: ci + - cluster_groups: + - build_farm + name: gce-sa-credentials-gcs-publisher + namespace: test-credentials + - cluster: hosted-mgmt + name: gce-sa-credentials-gcs-publisher namespace: ci - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: push-token - item: quay.io/openshift-ocs-dev - registry_url: quay.io - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org + service-account.json: + field: credentials.json + item: gcs-qe-private-deck to: - - cluster: app.ci - name: registry-push-credentials-quay.io-ocs-dev + - cluster_groups: + - build_farm + name: gce-sa-credentials-gcs-qe-private-deck namespace: ci - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: push-token - item: quay.io/openshift-azure - registry_url: quay.io + service-account.json: + field: credentials.json + item: gcs-tide-publisher to: - cluster: app.ci - name: registry-push-credentials-quay.io-openshift-azure + name: gce-sa-credentials-gcs-tide-publisher namespace: ci - type: kubernetes.io/dockerconfigjson - from: - config.json: - field: pull-credentials - item: quay.io + service-account.json: + field: credentials.json + item: resource-usage-data-publisher + to: + - cluster_groups: + - build_farm + name: gce-sa-credentials-resource-usage-data-publisher + namespace: ci +- from: + credentials.json: + field: credentials.json + item: gcs-quayio-pull-through-cache-service-account to: - cluster: app.ci - name: files-pull-secret - namespace: ci-release - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-priv - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-ppc64le - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-ppc64le-priv - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-s390x - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-s390x-priv - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-arm64 - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-arm64-priv - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-multi - - cluster: app.ci - name: files-pull-secret - namespace: ci-release-multi-priv - - cluster: app.ci - name: git-pull-secret - namespace: ci-release - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-priv - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-ppc64le - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-ppc64le-priv - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-s390x - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-s390x-priv - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-arm64 - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-arm64-priv - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-multi - - cluster: app.ci - name: git-pull-secret - namespace: ci-release-multi-priv - - cluster: app.ci - name: source - namespace: ci-release - - cluster: app.ci - name: source - namespace: ci-release-priv - - cluster: app.ci - name: source - namespace: ci-release-ppc64le - - cluster: app.ci - name: source - namespace: ci-release-ppc64le-priv - - cluster: app.ci - name: source - namespace: ci-release-s390x + name: gcs-sa-quayio-pull-through-cache + namespace: ci +- from: + config.json: + field: client-configuration + item: prow.ci.openshift.org + to: - cluster: app.ci - name: source - namespace: ci-release-s390x-priv + name: github-app-credentials + namespace: ci +- from: + config.json: + field: client-configuration + item: deck-internal-ci.apps.ci.l2s4.p1.openshiftapps.com + to: - cluster: app.ci - name: source - namespace: ci-release-arm64 + name: github-app-credentials-private + namespace: ci +- from: + config.json: + field: client-configuration + item: qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com + to: - cluster: app.ci - name: source - namespace: ci-release-arm64-priv + name: github-app-qe-private-deck + namespace: ci +- from: + oauth: + field: github-oauth-token + item: openshift-bot + to: - cluster: app.ci - name: source - namespace: ci-release-multi + name: github-credentials-openshift-bot + namespace: ci +- from: + oauth: + field: github-oauth-token + item: openshift-cherrypick-robot + to: - cluster: app.ci - name: source - namespace: ci-release-multi-priv + name: github-credentials-openshift-cherrypick-robot + namespace: ci - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + oauth: + field: github-oauth-token + item: openshift-ci-robot to: - - cluster_groups: - - non_app_ci - name: ci-pull-credentials + - cluster: app.ci + name: github-credentials-openshift-ci-robot namespace: ci - type: kubernetes.io/dockerconfigjson +- from: + oauth: + field: private-git-cloner + item: openshift-ci-robot + to: - cluster_groups: - build_farm - name: ci-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-priv - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-ppc64le - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-ppc64le-priv - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-s390x - type: kubernetes.io/dockerconfigjson + name: github-credentials-openshift-ci-robot-private-git-cloner + namespace: ci +- from: + oauth: + field: github-oauth-token + item: openshift-merge-robot + to: - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-s390x-priv - type: kubernetes.io/dockerconfigjson + name: github-credentials-openshift-merge-robot + namespace: ci +- from: + oauth: + field: github-oauth-token-peribolos + item: openshift-merge-robot + to: - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-arm64 - type: kubernetes.io/dockerconfigjson + name: github-credentials-openshift-merge-robot-peribolos-token + namespace: ci +- from: + WebHookSecretKey: + field: Token + item: github-deploymentconfig-webhook-token + to: - cluster: app.ci - name: ci-pull-credentials - namespace: ci-release-arm64-priv - type: kubernetes.io/dockerconfigjson + name: github-deploymentconfig-trigger + namespace: ci - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: cloud.openshift.com-auth - email_field: cloud.openshift.com-email - item: build-farm-global-pull-secret - registry_url: cloud.openshift.com - - auth_field: quay.io-auth - email_field: quay.io-email - item: build-farm-global-pull-secret - registry_url: quay.io - - auth_field: registry.connect.redhat.com-auth - email_field: registry.connect.redhat.com-email - item: build-farm-global-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: registry.redhat.io-auth - email_field: registry.redhat.io-email - item: build-farm-global-pull-secret - registry_url: registry.redhat.io - - auth_field: registry.redhat.io-auth - email_field: registry.redhat.io-email - item: build-farm-global-pull-secret - registry_url: brew.registry.redhat.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + sa.github-ldap-user-group-creator.build01.config: + field: sa.github-ldap-user-group-creator.build01.config + item: build_farm + sa.github-ldap-user-group-creator.build01.token.txt: + field: sa.github-ldap-user-group-creator.build01.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build02.config: + field: sa.github-ldap-user-group-creator.build02.config + item: build_farm + sa.github-ldap-user-group-creator.build02.token.txt: + field: sa.github-ldap-user-group-creator.build02.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build03.config: + field: sa.github-ldap-user-group-creator.build03.config + item: build_farm + sa.github-ldap-user-group-creator.build03.token.txt: + field: sa.github-ldap-user-group-creator.build03.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build04.config: + field: sa.github-ldap-user-group-creator.build04.config + item: build_farm + sa.github-ldap-user-group-creator.build04.token.txt: + field: sa.github-ldap-user-group-creator.build04.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build05.config: + field: sa.github-ldap-user-group-creator.build05.config + item: build_farm + sa.github-ldap-user-group-creator.build05.token.txt: + field: sa.github-ldap-user-group-creator.build05.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build06.config: + field: sa.github-ldap-user-group-creator.build06.config + item: build_farm + sa.github-ldap-user-group-creator.build06.token.txt: + field: sa.github-ldap-user-group-creator.build06.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build07.config: + field: sa.github-ldap-user-group-creator.build07.config + item: build_farm + sa.github-ldap-user-group-creator.build07.token.txt: + field: sa.github-ldap-user-group-creator.build07.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build08.config: + field: sa.github-ldap-user-group-creator.build08.config + item: build_farm + sa.github-ldap-user-group-creator.build08.token.txt: + field: sa.github-ldap-user-group-creator.build08.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build09.config: + field: sa.github-ldap-user-group-creator.build09.config + item: build_farm + sa.github-ldap-user-group-creator.build09.token.txt: + field: sa.github-ldap-user-group-creator.build09.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build10.config: + field: sa.github-ldap-user-group-creator.build10.config + item: build_farm + sa.github-ldap-user-group-creator.build10.token.txt: + field: sa.github-ldap-user-group-creator.build10.token.txt + item: build_farm + sa.github-ldap-user-group-creator.build11.config: + field: sa.github-ldap-user-group-creator.build11.config + item: build_farm + sa.github-ldap-user-group-creator.build11.token.txt: + field: sa.github-ldap-user-group-creator.build11.token.txt + item: build_farm + sa.github-ldap-user-group-creator.core-ci.config: + field: sa.github-ldap-user-group-creator.core-ci.config + item: build_farm + sa.github-ldap-user-group-creator.core-ci.token.txt: + field: sa.github-ldap-user-group-creator.core-ci.token.txt + item: build_farm + sa.github-ldap-user-group-creator.hosted-mgmt.config: + field: sa.github-ldap-user-group-creator.hosted-mgmt.config + item: build_farm + sa.github-ldap-user-group-creator.hosted-mgmt.token.txt: + field: sa.github-ldap-user-group-creator.hosted-mgmt.token.txt + item: build_farm + sa.github-ldap-user-group-creator.vsphere02.config: + field: sa.github-ldap-user-group-creator.vsphere02.config + item: build_farm + sa.github-ldap-user-group-creator.vsphere02.token.txt: + field: sa.github-ldap-user-group-creator.vsphere02.token.txt + item: build_farm to: - - cluster_groups: - - openshift_config_pull_secret - name: pull-secret - namespace: openshift-config - type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: github-ldap-user-group-creator + namespace: ci - from: - .awscred: - field: .awscred - item: cluster-bot-osd-ephemeral - aws-account-id: - field: aws-account-id - item: cluster-bot-osd-ephemeral - pull-secret: + hmac: + field: hmac-token + item: hmac + hmac.yaml: + field: ci-bot-github-app-combined.yaml + item: hmac + to: + - cluster: app.ci + name: github-webhook-credentials + namespace: ci +- from: + sa.hook.app.ci.config: + field: sa.hook.app.ci.config + item: build_farm + sa.hook.app.ci.token.txt: + field: sa.hook.app.ci.token.txt + item: build_farm + sa.hook.build01.config: + field: sa.hook.build01.config + item: build_farm + sa.hook.build01.token.txt: + field: sa.hook.build01.token.txt + item: build_farm + sa.hook.build02.config: + field: sa.hook.build02.config + item: build_farm + sa.hook.build02.token.txt: + field: sa.hook.build02.token.txt + item: build_farm + sa.hook.build03.config: + field: sa.hook.build03.config + item: build_farm + sa.hook.build03.token.txt: + field: sa.hook.build03.token.txt + item: build_farm + sa.hook.build04.config: + field: sa.hook.build04.config + item: build_farm + sa.hook.build04.token.txt: + field: sa.hook.build04.token.txt + item: build_farm + sa.hook.build05.config: + field: sa.hook.build05.config + item: build_farm + sa.hook.build05.token.txt: + field: sa.hook.build05.token.txt + item: build_farm + sa.hook.build06.config: + field: sa.hook.build06.config + item: build_farm + sa.hook.build06.token.txt: + field: sa.hook.build06.token.txt + item: build_farm + sa.hook.build07.config: + field: sa.hook.build07.config + item: build_farm + sa.hook.build07.token.txt: + field: sa.hook.build07.token.txt + item: build_farm + sa.hook.build08.config: + field: sa.hook.build08.config + item: build_farm + sa.hook.build08.token.txt: + field: sa.hook.build08.token.txt + item: build_farm + sa.hook.build09.config: + field: sa.hook.build09.config + item: build_farm + sa.hook.build09.token.txt: + field: sa.hook.build09.token.txt + item: build_farm + sa.hook.build10.config: + field: sa.hook.build10.config + item: build_farm + sa.hook.build10.token.txt: + field: sa.hook.build10.token.txt + item: build_farm + sa.hook.build11.config: + field: sa.hook.build11.config + item: build_farm + sa.hook.build11.token.txt: + field: sa.hook.build11.token.txt + item: build_farm + sa.hook.core-ci.config: + field: sa.hook.core-ci.config + item: build_farm + sa.hook.core-ci.token.txt: + field: sa.hook.core-ci.token.txt + item: build_farm + sa.hook.vsphere02.config: + field: sa.hook.vsphere02.config + item: build_farm + sa.hook.vsphere02.token.txt: + field: sa.hook.vsphere02.token.txt + item: build_farm + to: + - cluster: app.ci + name: hook + namespace: ci +- from: + token: + field: token + item: jira-token-dptp-bot + to: + - cluster: app.ci + name: jira-token-dptp-bot + namespace: ci +- from: + .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: manifest-tool-local-pusher + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com + item: brew.registry.redhat.io-pull-secret + registry_url: brew.registry.redhat.io + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - sso-client-id: - field: ocm-developer-productivity-staging.user - item: cluster-bot-osd-ephemeral - sso-client-secret: - field: ocm-developer-productivity-staging.token - item: cluster-bot-osd-ephemeral to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-osd-ephemeral + - cluster: app.ci + name: multi-arch-mirroring-secrets namespace: ci + type: kubernetes.io/dockerconfigjson - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + openshift-gce-devel-ci-infra-users-to-bigquery.json: + field: openshift-gce-devel-ci-infra-users-to-bigquery.json + item: openshift-gce-devel-ci-infra-users-to-bigquery to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-libvirt-s390x-vpn + - cluster: app.ci + name: openshift-gce-devel-ci-infra-users-to-bigquery-credentials namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials - baseDomain: - field: public_hosted_zone - item: openshift-ci-aws-credentials - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + appid: + field: appid + item: openshift-merge-bot + cert: + field: openshift-merge-bot.2023-10-24.private-key.pem + item: openshift-merge-bot + hmac: + field: hmac + item: openshift-merge-bot to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws + - cluster: app.ci + name: openshift-merge-bot namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + credentials.json: + field: credentials.json + item: openshift-private-viewer to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-arm64 + - cluster: app.ci + name: openshift-private-viewer namespace: ci - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + appid: + field: appid + item: openshift-prow-app + cert: + field: openshift-prow.2020-12-03.private-key.pem + item: openshift-prow-app + hmac: + field: hmac + item: openshift-prow-app to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-oadp-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-1-qe + - cluster: app.ci + name: openshift-prow-github-app namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-autorelease-qe +- from: + integration_key: + field: integration_key + item: pagerduty + token: + field: token + item: pagerduty + to: + - cluster: app.ci + name: pagerduty namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-sd-qe +- from: + sa.pj-rehearse.app.ci.config: + field: sa.pj-rehearse.app.ci.config + item: build_farm + sa.pj-rehearse.app.ci.token.txt: + field: sa.pj-rehearse.app.ci.token.txt + item: build_farm + to: + - cluster: app.ci + name: pj-rehearse namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-oex-aws-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-quay-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-fleet-manager-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-terraform-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-perfscale +- from: + app.ci.config: + field: sa.pod-scaler.app.ci.config + item: pod-scaler + build01.config: + field: sa.pod-scaler.build01.config + item: pod-scaler + build02.config: + field: sa.pod-scaler.build02.config + item: pod-scaler + build03.config: + field: sa.pod-scaler.build03.config + item: pod-scaler + build04.config: + field: sa.pod-scaler.build04.config + item: pod-scaler + build05.config: + field: sa.pod-scaler.build05.config + item: pod-scaler + build06.config: + field: sa.pod-scaler.build06.config + item: pod-scaler + build07.config: + field: sa.pod-scaler.build07.config + item: pod-scaler + build08.config: + field: sa.pod-scaler.build08.config + item: pod-scaler + build09.config: + field: sa.pod-scaler.build09.config + item: pod-scaler + build10.config: + field: sa.pod-scaler.build10.config + item: pod-scaler + build11.config: + field: sa.pod-scaler.build11.config + item: pod-scaler + core-ci.config: + field: sa.pod-scaler.core-ci.config + item: pod-scaler + sa.pod-scaler.app.ci.token.txt: + field: sa.pod-scaler.app.ci.token.txt + item: pod-scaler + sa.pod-scaler.build01.token.txt: + field: sa.pod-scaler.build01.token.txt + item: pod-scaler + sa.pod-scaler.build02.token.txt: + field: sa.pod-scaler.build02.token.txt + item: pod-scaler + sa.pod-scaler.build03.token.txt: + field: sa.pod-scaler.build03.token.txt + item: pod-scaler + sa.pod-scaler.build04.token.txt: + field: sa.pod-scaler.build04.token.txt + item: pod-scaler + sa.pod-scaler.build05.token.txt: + field: sa.pod-scaler.build05.token.txt + item: pod-scaler + sa.pod-scaler.build06.token.txt: + field: sa.pod-scaler.build06.token.txt + item: pod-scaler + sa.pod-scaler.build07.token.txt: + field: sa.pod-scaler.build07.token.txt + item: pod-scaler + sa.pod-scaler.build08.token.txt: + field: sa.pod-scaler.build08.token.txt + item: pod-scaler + sa.pod-scaler.build09.token.txt: + field: sa.pod-scaler.build09.token.txt + item: pod-scaler + sa.pod-scaler.build10.token.txt: + field: sa.pod-scaler.build10.token.txt + item: pod-scaler + sa.pod-scaler.build11.token.txt: + field: sa.pod-scaler.build11.token.txt + item: pod-scaler + sa.pod-scaler.core-ci.token.txt: + field: sa.pod-scaler.core-ci.token.txt + item: pod-scaler + to: + - cluster: app.ci + name: pod-scaler namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-perfscale-okd +- from: + sa.promoted-image-governor.build01.config: + field: sa.promoted-image-governor.build01.config + item: build_farm + sa.promoted-image-governor.build01.token.txt: + field: sa.promoted-image-governor.build01.token.txt + item: build_farm + sa.promoted-image-governor.build02.config: + field: sa.promoted-image-governor.build02.config + item: build_farm + sa.promoted-image-governor.build02.token.txt: + field: sa.promoted-image-governor.build02.token.txt + item: build_farm + sa.promoted-image-governor.build03.config: + field: sa.promoted-image-governor.build03.config + item: build_farm + sa.promoted-image-governor.build03.token.txt: + field: sa.promoted-image-governor.build03.token.txt + item: build_farm + sa.promoted-image-governor.build04.config: + field: sa.promoted-image-governor.build04.config + item: build_farm + sa.promoted-image-governor.build04.token.txt: + field: sa.promoted-image-governor.build04.token.txt + item: build_farm + sa.promoted-image-governor.build05.config: + field: sa.promoted-image-governor.build05.config + item: build_farm + sa.promoted-image-governor.build05.token.txt: + field: sa.promoted-image-governor.build05.token.txt + item: build_farm + sa.promoted-image-governor.build06.config: + field: sa.promoted-image-governor.build06.config + item: build_farm + sa.promoted-image-governor.build06.token.txt: + field: sa.promoted-image-governor.build06.token.txt + item: build_farm + sa.promoted-image-governor.build07.config: + field: sa.promoted-image-governor.build07.config + item: build_farm + sa.promoted-image-governor.build07.token.txt: + field: sa.promoted-image-governor.build07.token.txt + item: build_farm + sa.promoted-image-governor.build08.config: + field: sa.promoted-image-governor.build08.config + item: build_farm + sa.promoted-image-governor.build08.token.txt: + field: sa.promoted-image-governor.build08.token.txt + item: build_farm + sa.promoted-image-governor.build09.config: + field: sa.promoted-image-governor.build09.config + item: build_farm + sa.promoted-image-governor.build09.token.txt: + field: sa.promoted-image-governor.build09.token.txt + item: build_farm + sa.promoted-image-governor.build10.config: + field: sa.promoted-image-governor.build10.config + item: build_farm + sa.promoted-image-governor.build10.token.txt: + field: sa.promoted-image-governor.build10.token.txt + item: build_farm + sa.promoted-image-governor.build11.config: + field: sa.promoted-image-governor.build11.config + item: build_farm + sa.promoted-image-governor.build11.token.txt: + field: sa.promoted-image-governor.build11.token.txt + item: build_farm + sa.promoted-image-governor.core-ci.config: + field: sa.promoted-image-governor.core-ci.config + item: build_farm + sa.promoted-image-governor.core-ci.token.txt: + field: sa.promoted-image-governor.core-ci.token.txt + item: build_farm + sa.promoted-image-governor.vsphere02.config: + field: sa.promoted-image-governor.vsphere02.config + item: build_farm + sa.promoted-image-governor.vsphere02.token.txt: + field: sa.promoted-image-governor.vsphere02.token.txt + item: build_farm + to: + - cluster: app.ci + name: promoted-image-governor namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-confidential-qe +- from: + sa.prow-controller-manager.app.ci.config: + field: sa.prow-controller-manager.app.ci.config + item: build_farm + sa.prow-controller-manager.app.ci.token.txt: + field: sa.prow-controller-manager.app.ci.token.txt + item: build_farm + sa.prow-controller-manager.build01.config: + field: sa.prow-controller-manager.build01.config + item: build_farm + sa.prow-controller-manager.build01.token.txt: + field: sa.prow-controller-manager.build01.token.txt + item: build_farm + sa.prow-controller-manager.build02.config: + field: sa.prow-controller-manager.build02.config + item: build_farm + sa.prow-controller-manager.build02.token.txt: + field: sa.prow-controller-manager.build02.token.txt + item: build_farm + sa.prow-controller-manager.build03.config: + field: sa.prow-controller-manager.build03.config + item: build_farm + sa.prow-controller-manager.build03.token.txt: + field: sa.prow-controller-manager.build03.token.txt + item: build_farm + sa.prow-controller-manager.build04.config: + field: sa.prow-controller-manager.build04.config + item: build_farm + sa.prow-controller-manager.build04.token.txt: + field: sa.prow-controller-manager.build04.token.txt + item: build_farm + sa.prow-controller-manager.build05.config: + field: sa.prow-controller-manager.build05.config + item: build_farm + sa.prow-controller-manager.build05.token.txt: + field: sa.prow-controller-manager.build05.token.txt + item: build_farm + sa.prow-controller-manager.build06.config: + field: sa.prow-controller-manager.build06.config + item: build_farm + sa.prow-controller-manager.build06.token.txt: + field: sa.prow-controller-manager.build06.token.txt + item: build_farm + sa.prow-controller-manager.build07.config: + field: sa.prow-controller-manager.build07.config + item: build_farm + sa.prow-controller-manager.build07.token.txt: + field: sa.prow-controller-manager.build07.token.txt + item: build_farm + sa.prow-controller-manager.build08.config: + field: sa.prow-controller-manager.build08.config + item: build_farm + sa.prow-controller-manager.build08.token.txt: + field: sa.prow-controller-manager.build08.token.txt + item: build_farm + sa.prow-controller-manager.build09.config: + field: sa.prow-controller-manager.build09.config + item: build_farm + sa.prow-controller-manager.build09.token.txt: + field: sa.prow-controller-manager.build09.token.txt + item: build_farm + sa.prow-controller-manager.build10.config: + field: sa.prow-controller-manager.build10.config + item: build_farm + sa.prow-controller-manager.build10.token.txt: + field: sa.prow-controller-manager.build10.token.txt + item: build_farm + sa.prow-controller-manager.build11.config: + field: sa.prow-controller-manager.build11.config + item: build_farm + sa.prow-controller-manager.build11.token.txt: + field: sa.prow-controller-manager.build11.token.txt + item: build_farm + sa.prow-controller-manager.core-ci.config: + field: sa.prow-controller-manager.core-ci.config + item: build_farm + sa.prow-controller-manager.core-ci.token.txt: + field: sa.prow-controller-manager.core-ci.token.txt + item: build_farm + sa.prow-controller-manager.hosted-mgmt.config: + field: sa.prow-controller-manager.hosted-mgmt.config + item: build_farm + sa.prow-controller-manager.hosted-mgmt.token.txt: + field: sa.prow-controller-manager.hosted-mgmt.token.txt + item: build_farm + sa.prow-controller-manager.vsphere02.config: + field: sa.prow-controller-manager.vsphere02.config + item: build_farm + sa.prow-controller-manager.vsphere02.token.txt: + field: sa.prow-controller-manager.vsphere02.token.txt + item: build_farm + to: + - cluster: app.ci + name: prow-controller-manager namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-cpt +- from: + token: + field: token + item: qci-appci-credentials + to: + - cluster: app.ci + name: qci-appci-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-jetlag +- from: + token: + field: token + item: qci-pruner-credentials + to: + - cluster: app.ci + name: qci-pruner-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-osp +- from: + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: cloudflare-r2-bucket-pull-through-cache-us-east-1 + AWS_ENDPOINT_URL: + field: AWS_ENDPOINT_URL + item: cloudflare-r2-bucket-pull-through-cache-us-east-1 + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: cloudflare-r2-bucket-pull-through-cache-us-east-1 + to: + - cluster: app.ci + name: qci-pull-through-cache-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perscale-telco +- from: + password: + field: password + item: quayio-ci-read-only-robot + username: + field: username + item: quayio-ci-read-only-robot + to: + - cluster: app.ci + name: qci-robot-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perscale-selfsched +- from: + credentials.json: + field: credentials.json + item: qe-private-deck-viewer + to: + - cluster: app.ci + name: qe-private-deck-viewer namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-perfscale-okd - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-cpt - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-jetlag - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perfscale-osp - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perscale-telco - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-perscale-selfsched - namespace: test-credentials - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-perfscale-qe +- from: + quay_io_password: + field: quay_io_password + item: quay-io-pull-credentials + quay_io_username: + field: quay_io_username + item: quay-io-pull-credentials + to: + - cluster: app.ci + name: quay-io-pull-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-perfscale-lrc-qe +- from: + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: quayio-pull-through-cache-user + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: quayio-pull-through-cache-user + to: + - cluster: app.ci + name: quayio-pull-through-cache-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-restricted-qe +- from: + R2_ACCESS_KEY_ID: + field: R2_ACCESS_KEY_ID + item: quayio-pull-through-cache-r2-user + R2_SECRET_ACCESS_KEY: + field: R2_SECRET_ACCESS_KEY + item: quayio-pull-through-cache-r2-user + R2_SECRET_REGIONENDPOINT: + field: R2_SECRET_REGIONENDPOINT + item: quayio-pull-through-cache-r2-user + to: + - cluster: app.ci + name: quayio-pull-through-cache-r2-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-outpost-qe +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: registry-pull-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-rhtap-qe + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: registry-pull-credentials + namespace: ci-staging + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: registry-pull-credentials + namespace: test-credentials + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: registry-push-credentials-ci-central namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-konflux-qe + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: registry-push-credentials-ci-images-mirror namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-rhtap-performance + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: registry-push-credentials-ci-images-mirror + namespace: gcr-io + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: push-token + item: quay.io + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + to: + - cluster: app.ci + name: registry-push-credentials-openshift namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-devfile + type: kubernetes.io/dockerconfigjson +- from: + config.json: + field: push-credentials + item: quay.io/codeready-toolchain + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-codeready-toolchain namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-medik8s-aws +- from: + config.json: + field: push-credentials + item: quay.io/integr8ly + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-integr8ly namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-pipelines-performance +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: push-token + item: quay.io/openshift-ocs-dev + registry_url: quay.io + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-ocs-dev namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-rhdh-performance + type: kubernetes.io/dockerconfigjson +- from: + config.json: + field: docker.cfg + item: quay.io/open-cluster-management + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-open-cluster-management namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gitops-aws +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: push-token + item: quay.io/openshift-azure + registry_url: quay.io + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshift-azure namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-che-aws + type: kubernetes.io/dockerconfigjson +- from: + config.json: + field: push-credentials + item: quay.io/openshift-knative + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshift-knative namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-quay-aws +- from: + config.json: + field: push-credentials + item: quay.io/openshift-kni + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshift-kni namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-edge-infra +- from: + config.json: + field: push-credentials + item: quay.io/openshift-pipeline + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshift-pipeline namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-devsandboxci-aws +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: push-token + item: quay.io/openshift-psap + registry_url: quay.io + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshift-psap namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-odf-aws + type: kubernetes.io/dockerconfigjson +- from: + config.json: + field: push-credentials + item: quay.io/openshiftio + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-openshiftio namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-serverless +- from: + config.json: + field: config.json + item: quay.io/ovirt + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-ovirt namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-sustaining-autorelease-412 +- from: + config.json: + field: push-credentials + item: quay.io/redhat-developer + to: + - cluster: app.ci + name: registry-push-credentials-quay.io-redhat-developer namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-stackrox +- from: + sa.release-controller-ocp-arm64-priv.app.ci.config: + field: sa.release-controller-ocp-arm64-priv.app.ci.config + item: release-controller + sa.release-controller-ocp-arm64-priv.app.ci.token.txt: + field: sa.release-controller-ocp-arm64-priv.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-arm64.app.ci.config: + field: sa.release-controller-ocp-arm64.app.ci.config + item: release-controller + sa.release-controller-ocp-arm64.app.ci.token.txt: + field: sa.release-controller-ocp-arm64.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-multi-priv.app.ci.config: + field: sa.release-controller-ocp-multi-priv.app.ci.config + item: release-controller + sa.release-controller-ocp-multi-priv.app.ci.token.txt: + field: sa.release-controller-ocp-multi-priv.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-multi.app.ci.config: + field: sa.release-controller-ocp-multi.app.ci.config + item: release-controller + sa.release-controller-ocp-multi.app.ci.token.txt: + field: sa.release-controller-ocp-multi.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-ppc64le-priv.app.ci.config: + field: sa.release-controller-ocp-ppc64le-priv.app.ci.config + item: release-controller + sa.release-controller-ocp-ppc64le-priv.app.ci.token.txt: + field: sa.release-controller-ocp-ppc64le-priv.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-ppc64le.app.ci.config: + field: sa.release-controller-ocp-ppc64le.app.ci.config + item: release-controller + sa.release-controller-ocp-ppc64le.app.ci.token.txt: + field: sa.release-controller-ocp-ppc64le.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-priv.app.ci.config: + field: sa.release-controller-ocp-priv.app.ci.config + item: release-controller + sa.release-controller-ocp-priv.app.ci.token.txt: + field: sa.release-controller-ocp-priv.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-s390x-priv.app.ci.config: + field: sa.release-controller-ocp-s390x-priv.app.ci.config + item: release-controller + sa.release-controller-ocp-s390x-priv.app.ci.token.txt: + field: sa.release-controller-ocp-s390x-priv.app.ci.token.txt + item: release-controller + sa.release-controller-ocp-s390x.app.ci.config: + field: sa.release-controller-ocp-s390x.app.ci.config + item: release-controller + sa.release-controller-ocp-s390x.app.ci.token.txt: + field: sa.release-controller-ocp-s390x.app.ci.token.txt + item: release-controller + sa.release-controller-ocp.app.ci.config: + field: sa.release-controller-ocp.app.ci.config + item: release-controller + sa.release-controller-ocp.app.ci.token.txt: + field: sa.release-controller-ocp.app.ci.token.txt + item: release-controller + sa.release-controller.app.ci.config: + field: sa.release-controller.app.ci.config + item: release-controller + sa.release-controller.app.ci.token.txt: + field: sa.release-controller.app.ci.token.txt + item: release-controller + to: + - cluster: app.ci + name: release-controller-kubeconfigs namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-kubevirt +- from: + service-account.json: + field: service-account.json + item: openshift-ci-release-signature-publisher + to: + - cluster: app.ci + name: release-controller-signature-publisher namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aro-redhat-tenant +- from: + openshift-ci.gpg: + base64_decode: true + field: openshift-ci.gpg + item: openshift-ci-release-signature-signer + to: + - cluster: app.ci + name: release-controller-signature-signer namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-mco-qe +- from: + github-client-id: + field: github-client-id + item: repo-init-github-client + github-client-secret: + field: github-client-secret + item: repo-init-github-client + github-redirect-uri: + field: github-redirect-uri + item: repo-init-github-client + to: + - cluster: app.ci + name: repo-init-client namespace: ci +- from: + credentials: + field: credentials + item: result-aggregator + passwd: + field: passwd + item: result-aggregator + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-oadp-qe + - build_farm + name: result-aggregator namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-lp-chaos +- from: + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: aws-prow-retester-robot-user-credentials + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: aws-prow-retester-robot-user-credentials + to: + - cluster: app.ci + name: retester-aws-credentials namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-chaos +- from: + service-account.json: + field: gcp-service-account.json + item: ship-help + to: + - cluster: app.ci + name: ship-help-bot-gcp-service-account namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-chaos +- from: + app_token: + field: slack-app-token + item: ship-help + bot_token: + field: slack-bot-token + item: ship-help + to: + - cluster: app.ci + name: ship-help-slack namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-observability +- from: + sa.sinker.app.ci.config: + field: sa.sinker.app.ci.config + item: build_farm + sa.sinker.app.ci.token.txt: + field: sa.sinker.app.ci.token.txt + item: build_farm + sa.sinker.build01.config: + field: sa.sinker.build01.config + item: build_farm + sa.sinker.build01.token.txt: + field: sa.sinker.build01.token.txt + item: build_farm + sa.sinker.build02.config: + field: sa.sinker.build02.config + item: build_farm + sa.sinker.build02.token.txt: + field: sa.sinker.build02.token.txt + item: build_farm + sa.sinker.build03.config: + field: sa.sinker.build03.config + item: build_farm + sa.sinker.build03.token.txt: + field: sa.sinker.build03.token.txt + item: build_farm + sa.sinker.build04.config: + field: sa.sinker.build04.config + item: build_farm + sa.sinker.build04.token.txt: + field: sa.sinker.build04.token.txt + item: build_farm + sa.sinker.build05.config: + field: sa.sinker.build05.config + item: build_farm + sa.sinker.build05.token.txt: + field: sa.sinker.build05.token.txt + item: build_farm + sa.sinker.build06.config: + field: sa.sinker.build06.config + item: build_farm + sa.sinker.build06.token.txt: + field: sa.sinker.build06.token.txt + item: build_farm + sa.sinker.build07.config: + field: sa.sinker.build07.config + item: build_farm + sa.sinker.build07.token.txt: + field: sa.sinker.build07.token.txt + item: build_farm + sa.sinker.build08.config: + field: sa.sinker.build08.config + item: build_farm + sa.sinker.build08.token.txt: + field: sa.sinker.build08.token.txt + item: build_farm + sa.sinker.build09.config: + field: sa.sinker.build09.config + item: build_farm + sa.sinker.build09.token.txt: + field: sa.sinker.build09.token.txt + item: build_farm + sa.sinker.build10.config: + field: sa.sinker.build10.config + item: build_farm + sa.sinker.build10.token.txt: + field: sa.sinker.build10.token.txt + item: build_farm + sa.sinker.build11.config: + field: sa.sinker.build11.config + item: build_farm + sa.sinker.build11.token.txt: + field: sa.sinker.build11.token.txt + item: build_farm + sa.sinker.core-ci.config: + field: sa.sinker.core-ci.config + item: build_farm + sa.sinker.core-ci.token.txt: + field: sa.sinker.core-ci.token.txt + item: build_farm + sa.sinker.vsphere02.config: + field: sa.sinker.vsphere02.config + item: build_farm + sa.sinker.vsphere02.token.txt: + field: sa.sinker.vsphere02.token.txt + item: build_farm + to: + - cluster: app.ci + name: sinker namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-metal-redhat-gs +- from: + app_id: + field: app_id + item: slack-credentials-dptp-bot + client_id: + field: client_id + item: slack-credentials-dptp-bot + client_secret: + field: client_secret + item: slack-credentials-dptp-bot + oauth_token: + field: oauth_token + item: slack-credentials-dptp-bot + signing_secret: + field: signing_secret + item: slack-credentials-dptp-bot + to: + - cluster: app.ci + name: slack-credentials-dptp-bot namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-sandboxed-containers-operator +- from: + app_id: + field: app_id + item: slack-credentials-dptp-bot-alpha + client_id: + field: client_id + item: slack-credentials-dptp-bot-alpha + client_secret: + field: client_secret + item: slack-credentials-dptp-bot-alpha + oauth_token: + field: oauth_token + item: slack-credentials-dptp-bot-alpha + signing_secret: + field: signing_secret + item: slack-credentials-dptp-bot-alpha + to: + - cluster: app.ci + name: slack-credentials-dptp-bot-alpha namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aro-hcp-int +- from: + oauth: + field: oauth-token + item: slack-credentials-prow + to: + - cluster: app.ci + name: slack-credentials-prow namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aro-hcp-stg +- from: + sa.sprint-automation.build01.config: + field: sa.sprint-automation.build01.config + item: build_farm + sa.sprint-automation.build01.token.txt: + field: sa.sprint-automation.build01.token.txt + item: build_farm + sa.sprint-automation.build02.config: + field: sa.sprint-automation.build02.config + item: build_farm + sa.sprint-automation.build02.token.txt: + field: sa.sprint-automation.build02.token.txt + item: build_farm + sa.sprint-automation.build04.config: + field: sa.sprint-automation.build04.config + item: build_farm + sa.sprint-automation.build04.token.txt: + field: sa.sprint-automation.build04.token.txt + item: build_farm + to: + - cluster: app.ci + name: sprint-automation namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aro-hcp-prod +- from: + authorized_keys: + field: authorized_keys + item: sshd-bastion-slack-bot-alpha + to: + - cluster: app.ci + name: sshd-slack-bot-alpha-authorized-keys namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aro-hcp-dev +- from: + ssh_host_dsa_key: + field: ssh_host_dsa_key + item: sshd-bastion-slack-bot-alpha + ssh_host_ecdsa_key: + field: ssh_host_ecdsa_key + item: sshd-bastion-slack-bot-alpha + ssh_host_ed25519_key: + field: ssh_host_ed25519_key + item: sshd-bastion-slack-bot-alpha + ssh_host_rsa_key: + field: ssh_host_rsa_key + item: sshd-bastion-slack-bot-alpha + to: + - cluster: app.ci + name: sshd-slack-bot-alpha-host-keys namespace: ci - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + api-key: + field: api-key + item: unsplash.com to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-china-qe + - cluster: app.ci + name: unsplash-api-key namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + secret: + field: secret + item: vault-secret-collection-manager-cookie-secret to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-cpaas + - cluster: app.ci + name: vault-secret-collection-manager-cookie-secret namespace: ci - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + OPENSHIFT_MONITORING_CI_TOKEN: + field: sa.ci-monitoring.app.ci.token.txt + item: openshift-monitoring-credentials + OPENSHIFT_MONITORING_CI_TOKEN_ON_HOSTED_MGMT: + field: sa.ci-monitoring.hosted-mgmt.token.txt + item: openshift-monitoring-credentials + to: + - cluster: app.ci + name: external-credentials + namespace: ci-grafana +- from: + config.json: + field: pull-credentials + item: quay.io + to: + - cluster: app.ci + name: files-pull-secret + namespace: ci-release + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-priv + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-ppc64le + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-ppc64le-priv + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-s390x + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-s390x-priv + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-arm64 + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-arm64-priv + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-multi + - cluster: app.ci + name: files-pull-secret + namespace: ci-release-multi-priv + - cluster: app.ci + name: git-pull-secret + namespace: ci-release + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-priv + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-ppc64le + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-ppc64le-priv + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-s390x + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-s390x-priv + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-arm64 + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-arm64-priv + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-multi + - cluster: app.ci + name: git-pull-secret + namespace: ci-release-multi-priv + - cluster: app.ci + name: source + namespace: ci-release + - cluster: app.ci + name: source + namespace: ci-release-priv + - cluster: app.ci + name: source + namespace: ci-release-ppc64le + - cluster: app.ci + name: source + namespace: ci-release-ppc64le-priv + - cluster: app.ci + name: source + namespace: ci-release-s390x + - cluster: app.ci + name: source + namespace: ci-release-s390x-priv + - cluster: app.ci + name: source + namespace: ci-release-arm64 + - cluster: app.ci + name: source + namespace: ci-release-arm64-priv + - cluster: app.ci + name: source + namespace: ci-release-multi + - cluster: app.ci + name: source + namespace: ci-release-multi-priv +- from: + .git-credentials: + field: git_url_with_credentials + item: openshift-bot to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-usgov-qe - namespace: ci + - cluster: app.ci + name: git-credentials + namespace: ci-release + - cluster: app.ci + name: git-credentials + namespace: ci-release-priv + - cluster: app.ci + name: git-credentials + namespace: ci-release-ppc64le + - cluster: app.ci + name: git-credentials + namespace: ci-release-ppc64le-priv + - cluster: app.ci + name: git-credentials + namespace: ci-release-s390x + - cluster: app.ci + name: git-credentials + namespace: ci-release-s390x-priv + - cluster: app.ci + name: git-credentials + namespace: ci-release-arm64 + - cluster: app.ci + name: git-credentials + namespace: ci-release-arm64-priv + - cluster: app.ci + name: git-credentials + namespace: ci-release-multi + - cluster: app.ci + name: git-credentials + namespace: ci-release-multi-priv - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + appid: + field: appid + item: openshift-ci-staging-prow-app + cert: + field: cert + item: openshift-ci-staging-prow-app + hmac: + field: hmac + item: openshift-ci-staging-prow-app to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-c2s-qe - namespace: ci + - cluster: app.ci + name: openshift-prow-github-app + namespace: ci-staging - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + api-key: + field: api-key + item: cloudability to: - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-sc2s-qe - namespace: ci + - managed_clusters + name: cloudability-api-key + namespace: cloudability - from: - ci-xpn.json: - field: ci-xpn-sa-credentials.json - item: gcp-openshift-gce-devel-ci - gce.json: - field: ci-provisioner-sa-credentials.json - item: gcp-openshift-gce-devel-ci - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - openshift_gcp_project: - field: openshift_gcp_project - item: gcp-openshift-gce-devel-ci - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - public_hosted_zone: - field: public_hosted_zone - item: gcp-openshift-gce-devel-ci - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - repository-credentials-password: - field: password - item: mirror.openshift.com - repository-credentials-username: - field: username - item: mirror.openshift.com - ssh-privatekey: - field: ssh-privatekey - item: gcp-openshift-gce-devel-ci - ssh-publickey: - field: ssh-publickey - item: gcp-openshift-gce-devel-ci - telemeter-token: - field: telemeter-token - item: telemeter + app.ci-id: + field: app.ci-id + item: dex + app.ci-secret: + field: app.ci-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-arm64 - namespace: ci + - cluster: app.ci + name: app.ci-secret + namespace: dex - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + art-id: + field: art-id + item: dex + art-secret: + field: art-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-outpost - namespace: ci + - cluster: app.ci + name: art-secret + namespace: dex - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + build01-id: + field: build01-id + item: dex + build01-secret: + field: build01-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-local-zones + - cluster: app.ci + name: build01-secret + namespace: dex + - cluster: app.ci + name: build01-dex-oidc namespace: ci - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + build02-id: + field: build02-id + item: dex + build02-secret: + field: build02-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-observability + - cluster: app.ci + name: build02-secret + namespace: dex + - cluster: app.ci + name: build02-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-qe-c3-metal +- from: + build03-id: + field: build03-id + item: dex + build03-secret: + field: build03-secret + item: dex + to: + - cluster: app.ci + name: build03-secret + namespace: dex + - cluster: app.ci + name: build03-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-autorelease-qe +- from: + build04-id: + field: build04-id + item: dex + build04-secret: + field: build04-secret + item: dex + to: + - cluster: app.ci + name: build04-secret + namespace: dex + - cluster: app.ci + name: build04-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-sustaining-autorelease-412 +- from: + build05-id: + field: build05-id + item: dex + build05-secret: + field: build05-secret + item: dex + to: + - cluster: app.ci + name: build05-secret + namespace: dex +- from: + build06-id: + field: build06-id + item: dex + build06-secret: + field: build06-secret + item: dex + to: + - cluster: app.ci + name: build06-secret + namespace: dex + - cluster: app.ci + name: build06-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-quay-qe +- from: + build07-id: + field: build07-id + item: dex + build07-secret: + field: build07-secret + item: dex + to: + - cluster: app.ci + name: build07-secret + namespace: dex + - cluster: app.ci + name: build07-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-confidential-qe +- from: + build08-id: + field: build08-id + item: dex + build08-secret: + field: build08-secret + item: dex + to: + - cluster: app.ci + name: build08-secret + namespace: dex + - cluster: app.ci + name: build08-dex-oidc namespace: ci - from: - gce.json: - field: credentials.json - item: gcp-openshift-gce-devel-ci-2 - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - openshift_gcp_project: - field: openshift_gcp_project - item: gcp-openshift-gce-devel-ci-2 - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - public_hosted_zone: - field: public_hosted_zone - item: gcp-openshift-gce-devel-ci-2 - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: gcp-openshift-gce-devel-ci-2 - ssh-publickey: - field: ssh-publickey - item: gcp-openshift-gce-devel-ci-2 - telemeter-token: - field: telemeter-token - item: telemeter + build09-id: + field: build09-id + item: dex + build09-secret: + field: build09-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-openshift-gce-devel-ci-2 + - cluster: app.ci + name: build09-secret + namespace: dex + - cluster: app.ci + name: build09-dex-oidc namespace: ci - from: - gce.json: - field: credentials.json - item: gcp-openshift-gce-devel-ci-3 - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - openshift_gcp_project: - field: openshift_gcp_project - item: gcp-openshift-gce-devel-ci-3 - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - public_hosted_zone: - field: public_hosted_zone - item: gcp-openshift-gce-devel-ci-3 - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: gcp-openshift-gce-devel-ci-3 - ssh-publickey: - field: ssh-publickey - item: gcp-openshift-gce-devel-ci-3 - telemeter-token: - field: telemeter-token - item: telemeter + build10-id: + field: build10-id + item: dex + build10-secret: + field: build10-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-gcp-3 + - cluster: app.ci + name: build10-secret + namespace: dex + - cluster: app.ci + name: build10-dex-oidc namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - repository-credentials-password: - field: password - item: mirror.openshift.com - repository-credentials-username: - field: username - item: mirror.openshift.com - ssh-privatekey: - field: ssh-privatekey - item: gcp-openshift-gce-devel-ci - ssh-publickey: - field: ssh-publickey - item: gcp-openshift-gce-devel-ci - telemeter-token: - field: telemeter-token - item: telemeter + build11-id: + field: build11-id + item: dex + build11-secret: + field: build11-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-osl-gcp + - cluster: app.ci + name: build11-secret + namespace: dex + - cluster: app.ci + name: build11-dex-oidc namespace: ci - from: - .awscred: - field: .awscred - item: openstack - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openstack - ssh-publickey: - field: ssh-publickey - item: openstack + core-ci-id: + field: core-ci-id + item: dex + core-ci-secret: + field: core-ci-secret + item: dex to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-vexxhost + - cluster: app.ci + name: core-ci-secret + namespace: dex + - cluster: app.ci + name: core-ci-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-hwoffload +- from: + dpcr-id: + field: dpcr-id + item: dex + dpcr-secret: + field: dpcr-secret + item: dex + to: + - cluster: app.ci + name: dpcr-secret + namespace: dex +- from: + hosted-mgmt-id: + field: hosted-mgmt-id + item: dex + hosted-mgmt-secret: + field: hosted-mgmt-secret + item: dex + to: + - cluster: app.ci + name: hosted-mgmt-secret + namespace: dex + - cluster: app.ci + name: hosted-mgmt-dex-oidc namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-nfv +- from: + client-id: + field: rh-internal-sso-client-id + item: dex + client-secret: + field: rh-internal-sso-client-secret + item: dex + to: + - cluster: app.ci + name: rh-sso + namespace: dex +- from: + vault-secret-manager-id: + field: vault-secret-manager-client-id + item: dex + vault-secret-manager-secret: + field: vault-secret-manager-client-secret + item: dex + to: + - cluster: app.ci + name: vault-secret-manager + namespace: dex + - cluster: app.ci + name: vault-secret-collection-manager-oauth namespace: ci +- from: + aws_access_key_id: + field: aws_access_key_id + item: openshift-ci-audit-credentials + aws_secret_access_key: + field: aws_secret_access_key + item: openshift-ci-audit-credentials + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-vh-mecha-central - namespace: ci + - managed_clusters + name: cloudwatch-receiver-token + namespace: log-forwarding +- from: + hecToken: + field: hecToken + item: log-forwarder + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-vh-mecha-az0 - namespace: ci + - build_farm + name: splunk-receiver-token + namespace: log-forwarding + - cluster: hosted-mgmt + name: splunk-receiver-token + namespace: log-forwarding +- from: + client-id: + field: client-id + item: loki-collector + client-secret: + field: client-secret + item: loki-collector + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-nerc-dev - namespace: ci + - build_farm + name: promtail-prod-creds + namespace: loki +- from: + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + rh-cdn.pem: + field: rh-cdn.pem + item: rh-cdn + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-rhoso - namespace: ci + - build_farm + name: mirror.openshift.com + namespace: ocp +- from: + content: + field: content + item: cloudfront-app-ci-internal-registry-private-key + to: + - cluster: app.ci + name: cloudfront-app-ci-internal-registry-private-key + namespace: openshift-image-registry +- from: + kubeconfig: + field: sa.hypershift-workload.hosted-mgmt.config + item: build_farm + sa.hypershift-workload.hosted-mgmt.token.txt: + field: sa.hypershift-workload.hosted-mgmt.token.txt + item: build_farm + to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-rhos-ci - namespace: ci + - build_farm + name: hypershift-workload-credentials + namespace: test-credentials - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-vh-bm-rhos + - build_farm + name: hypershift-workload-credentials namespace: ci - from: - ca-cert.pem: - field: ca-cert.pem - item: openstack-ppc64le - clouds.yaml: - field: clouds.yaml - item: openstack-ppc64le - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openstack-ppc64le - ssh-publickey: - field: ssh-publickey - item: openstack-ppc64le + api-token: + field: api-token + item: snyk-credentials to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-ppc64le - namespace: ci + - build_farm + name: snyk-credentials + namespace: test-credentials - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openstack - ssh-publickey: - field: ssh-publickey - item: openstack + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: aws_ci_infra_ci-build01-audit-logs-uploader + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: aws_ci_infra_ci-build01-audit-logs-uploader + to: + - cluster: build01 + name: aws-ci-infra-ci-build01-audit-logs-uploader-credentials + namespace: api-audit-log +- from: + authorized_keys: + field: authorized_keys + item: sshd-bastion-ppc64le to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-osuosl - namespace: ci + - bastion + name: sshd-authorized-keys + namespace: bastion-ppc64le - from: - .awscred: - field: .awscred - item: openstack - clouds.yaml: - field: clouds.yaml - item: openstack - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openstack - ssh-publickey: - field: ssh-publickey - item: openstack + ssh_host_dsa_key: + field: ssh_host_dsa_key + item: sshd-bastion-ppc64le + ssh_host_ecdsa_key: + field: ssh_host_ecdsa_key + item: sshd-bastion-ppc64le + ssh_host_ed25519_key: + field: ssh_host_ed25519_key + item: sshd-bastion-ppc64le + ssh_host_rsa_key: + field: ssh_host_rsa_key + item: sshd-bastion-ppc64le to: - cluster_groups: - - non_app_ci - name: cluster-secrets-openstack-operators-vexxhost - namespace: ci + - bastion + name: sshd-host-keys + namespace: bastion-ppc64le - from: - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + authorized_keys: + field: authorized_keys + item: sshd-bastion-ppc64le-libvirt to: - cluster_groups: - - non_app_ci - name: cluster-secrets-alibabacloud - namespace: ci + - bastion + name: sshd-authorized-keys + namespace: bastion-ppc64le-libvirt - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + ssh_host_dsa_key: + field: ssh_host_dsa_key + item: sshd-bastion-ppc64le-libvirt + ssh_host_ecdsa_key: + field: ssh_host_ecdsa_key + item: sshd-bastion-ppc64le-libvirt + ssh_host_ed25519_key: + field: ssh_host_ed25519_key + item: sshd-bastion-ppc64le-libvirt + ssh_host_rsa_key: + field: ssh_host_rsa_key + item: sshd-bastion-ppc64le-libvirt to: - cluster_groups: - - non_app_ci - name: cluster-secrets-alibabacloud-qe - namespace: ci + - bastion + name: sshd-host-keys + namespace: bastion-ppc64le-libvirt - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + authorized_keys: + field: authorized_keys + item: sshd-bastion-telco to: - cluster_groups: - - non_app_ci - name: cluster-secrets-alibabacloud-cn-qe - namespace: ci + - bastion + name: sshd-authorized-keys + namespace: bastion-telco - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials - vmc.secret.auto.tfvars: - field: vmc.secret.auto.tfvars - item: vsphere-credentials + ssh_host_dsa_key: + field: ssh_host_dsa_key + item: sshd-bastion-telco + ssh_host_ecdsa_key: + field: ssh_host_ecdsa_key + item: sshd-bastion-telco + ssh_host_ed25519_key: + field: ssh_host_ed25519_key + item: sshd-bastion-telco + ssh_host_rsa_key: + field: ssh_host_rsa_key + item: sshd-bastion-telco to: - cluster_groups: - - non_app_ci - name: cluster-secrets-vsphere - namespace: ci + - bastion + name: sshd-host-keys + namespace: bastion-telco - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials - .packetcred: - field: .packetcred - item: packet.net - .slackhook: - field: .slackhook - item: packet.net - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + authorized_keys: + field: authorized_keys + item: sshd-bastion-z to: - cluster_groups: - - non_app_ci - name: cluster-secrets-metal - namespace: ci + - bastion + name: sshd-authorized-keys + namespace: bastion-z - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + ssh_host_dsa_key: + field: ssh_host_dsa_key + item: sshd-bastion-z + ssh_host_ecdsa_key: + field: ssh_host_ecdsa_key + item: sshd-bastion-z + ssh_host_ed25519_key: + field: ssh_host_ed25519_key + item: sshd-bastion-z + ssh_host_rsa_key: + field: ssh_host_rsa_key + item: sshd-bastion-z + to: + - cluster_groups: + - bastion + name: sshd-host-keys + namespace: bastion-z +- from: + kubeconfig: + field: sa.ci-operator.app.ci.config + item: build_farm + sa.ci-operator.app.ci.config: + field: sa.ci-operator.app.ci.config + item: build_farm + sa.ci-operator.app.ci.token.txt: + field: sa.ci-operator.app.ci.token.txt + item: build_farm to: - cluster_groups: - non_app_ci - name: cluster-secrets-libvirt-s390x + name: app.ci-ci-operator-credentials namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: + .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-libvirt-s390x-1 - namespace: ci -- from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-libvirt-s390x-2 - namespace: ci -- from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2337,113 +2757,96 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-libvirt-s390x-amd64 + name: ci-pull-credentials namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster_groups: + - build_farm + name: ci-pull-credentials + namespace: test-credentials + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-priv + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-ppc64le + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-ppc64le-priv + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-s390x + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-s390x-priv + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-arm64 + type: kubernetes.io/dockerconfigjson + - cluster: app.ci + name: ci-pull-credentials + namespace: ci-release-arm64-priv + type: kubernetes.io/dockerconfigjson - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + AWS_ACCESS_KEY_ID: + field: AWS_ACCESS_KEY_ID + item: cluster-bot-aws-account-for-ephemeral-osd + AWS_ACCOUNT_ID: + field: AWS_ACCOUNT_ID + item: cluster-bot-aws-account-for-ephemeral-osd + AWS_SECRET_ACCESS_KEY: + field: AWS_SECRET_ACCESS_KEY + item: cluster-bot-aws-account-for-ephemeral-osd to: - cluster_groups: - non_app_ci - name: cluster-secrets-libvirt-ppc64le + name: cluster-bot-aws-account-for-ephemeral-osd namespace: ci +- from: + token: + field: ocm-developer-productivity-staging + item: cluster-bot-cloud-sso-for-ocm-ephemeral-osd + to: - cluster_groups: - non_app_ci - name: cluster-secrets-libvirt-ppc64le-s2s + name: cluster-bot-cloud-sso-for-ocm-ephemeral-osd namespace: ci - from: + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2452,31 +2855,37 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-packet + name: cluster-secrets-alibabacloud namespace: ci - from: pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2485,61 +2894,31 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: registry.build11.ci.openshift.org to: - cluster_groups: - non_app_ci - name: cluster-secrets-equinix-ocp-metal + name: cluster-secrets-alibabacloud-cn-qe namespace: ci - from: pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2548,61 +2927,43 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: registry.build11.ci.openshift.org to: - cluster_groups: - non_app_ci - name: cluster-secrets-equinix-ocp-hcp + name: cluster-secrets-alibabacloud-qe namespace: ci - from: + .awscred: + field: .awscred + item: openshift-ci-aws-credentials + baseDomain: + field: public_hosted_zone + item: openshift-ci-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2611,61 +2972,49 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: registry.build11.ci.openshift.org + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-equinix-ocp-metal-qe + name: cluster-secrets-aws namespace: ci - from: + .awscred: + field: .awscred + item: openshift-ci-2-aws-credentials + baseDomain: + field: public_hosted_zone + item: openshift-ci-2-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2674,61 +3023,100 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_build11_reg_auth_value.txt + ssh-privatekey: + field: id_rsa + item: openshift-ci-2-aws-credentials + ssh-publickey: + field: id_rsa.pub + item: openshift-ci-2-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-2 + namespace: ci +- from: + .awscred: + field: .awscred + item: openshift-ci-3-aws-credentials + baseDomain: + field: public_hosted_zone + item: openshift-ci-3-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm - registry_url: registry.build11.ci.openshift.org + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: id_rsa + item: openshift-ci-3-aws-credentials + ssh-publickey: + field: id_rsa.pub + item: openshift-ci-3-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-equinix-edge-enablement + name: cluster-secrets-aws-3 namespace: ci - from: + .awscred: + field: .awscred + item: openshift-ci-4-aws-credentials + baseDomain: + field: public_hosted_zone + item: openshift-ci-4-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2737,34 +3125,49 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: auth - item: brew.registry.redhat.io-pull-secret - registry_url: brew.registry.redhat.io + ssh-privatekey: + field: id_rsa + item: openshift-ci-4-aws-credentials + ssh-publickey: + field: id_rsa.pub + item: openshift-ci-4-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-packet-assisted + name: cluster-secrets-aws-4 namespace: ci - from: + .awscred: + field: .awscred + item: openshift-ci-5-aws-credentials + baseDomain: + field: public_hosted_zone + item: openshift-ci-5-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2773,31 +3176,46 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: id_rsa + item: openshift-ci-5-aws-credentials + ssh-publickey: + field: id_rsa.pub + item: openshift-ci-5-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-packet-sno + name: cluster-secrets-aws-5 namespace: ci - from: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2806,61 +3224,40 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: registry.build11.ci.openshift.org + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-oci-agent-qe + name: cluster-secrets-aws-arm64 namespace: ci - from: pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2872,34 +3269,31 @@ secret_configs: to: - cluster_groups: - non_app_ci - name: cluster-secrets-oci-assisted + name: cluster-secrets-aws-c2s-qe namespace: ci - from: - baseDomain: - field: public_hosted_zone - item: os4-installer.openshift-ci.azure - osServicePrincipal.json: - field: osServicePrincipal.json - item: os4-installer.openshift-ci.azure pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2908,41 +3302,37 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-azure4 - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-arm64 + name: cluster-secrets-aws-china-qe namespace: ci - from: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2951,37 +3341,34 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-azuremag + name: cluster-secrets-aws-cpaas namespace: ci - from: pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -2990,34 +3377,31 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org to: - cluster_groups: - non_app_ci - name: cluster-secrets-azuremag-qe + name: cluster-secrets-aws-local-zones namespace: ci - from: pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -3026,81 +3410,31 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org to: - cluster_groups: - non_app_ci - name: cluster-secrets-azure-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-observability - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-ovn-perfscale - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-perfscale - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-hcp-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-autorelease-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-sustaining-autorelease-412 - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-arm64-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azurestack-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azurestack-dev - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-quay-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-confidential-qe + name: cluster-secrets-aws-managed-osd-rhoai-qe namespace: ci - from: - osServicePrincipal.json: - field: osServicePrincipal.json - item: os4-installer.openshift-ci.azure pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -3109,43 +3443,34 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-azurestack + name: cluster-secrets-aws-managed-rosa-rhoai-qe namespace: ci - from: - baseDomain: - field: public_hosted_zone - item: os4-installer.openshift-ci2.azure - osServicePrincipal.json: - field: osServicePrincipal.json - item: os4-installer.openshift-ci2.azure pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -3154,1971 +3479,1671 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-azure-2 - namespace: ci -- from: - token: - field: redhat-developer-service-binding-operator - item: codecov-tokens - to: - - cluster: build01 - name: redhat-developer-service-binding-operator-codecov-token - namespace: ci - - cluster: build04 - name: redhat-developer-service-binding-operator-codecov-token - namespace: ci -- from: - app.ci.config: - field: sa.pod-scaler.app.ci.config - item: pod-scaler - build01.config: - field: sa.pod-scaler.build01.config - item: pod-scaler - build02.config: - field: sa.pod-scaler.build02.config - item: pod-scaler - build03.config: - field: sa.pod-scaler.build03.config - item: pod-scaler - build04.config: - field: sa.pod-scaler.build04.config - item: pod-scaler - build05.config: - field: sa.pod-scaler.build05.config - item: pod-scaler - build06.config: - field: sa.pod-scaler.build06.config - item: pod-scaler - build07.config: - field: sa.pod-scaler.build07.config - item: pod-scaler - build08.config: - field: sa.pod-scaler.build08.config - item: pod-scaler - build09.config: - field: sa.pod-scaler.build09.config - item: pod-scaler - build10.config: - field: sa.pod-scaler.build10.config - item: pod-scaler - build11.config: - field: sa.pod-scaler.build11.config - item: pod-scaler - core-ci.config: - field: sa.pod-scaler.core-ci.config - item: pod-scaler - sa.pod-scaler.app.ci.token.txt: - field: sa.pod-scaler.app.ci.token.txt - item: pod-scaler - sa.pod-scaler.build01.token.txt: - field: sa.pod-scaler.build01.token.txt - item: pod-scaler - sa.pod-scaler.build02.token.txt: - field: sa.pod-scaler.build02.token.txt - item: pod-scaler - sa.pod-scaler.build03.token.txt: - field: sa.pod-scaler.build03.token.txt - item: pod-scaler - sa.pod-scaler.build04.token.txt: - field: sa.pod-scaler.build04.token.txt - item: pod-scaler - sa.pod-scaler.build05.token.txt: - field: sa.pod-scaler.build05.token.txt - item: pod-scaler - sa.pod-scaler.build06.token.txt: - field: sa.pod-scaler.build06.token.txt - item: pod-scaler - sa.pod-scaler.build07.token.txt: - field: sa.pod-scaler.build07.token.txt - item: pod-scaler - sa.pod-scaler.build08.token.txt: - field: sa.pod-scaler.build08.token.txt - item: pod-scaler - sa.pod-scaler.build09.token.txt: - field: sa.pod-scaler.build09.token.txt - item: pod-scaler - sa.pod-scaler.build10.token.txt: - field: sa.pod-scaler.build10.token.txt - item: pod-scaler - sa.pod-scaler.build11.token.txt: - field: sa.pod-scaler.build11.token.txt - item: pod-scaler - sa.pod-scaler.core-ci.token.txt: - field: sa.pod-scaler.core-ci.token.txt - item: pod-scaler - to: - - cluster: app.ci - name: pod-scaler + name: cluster-secrets-aws-outpost namespace: ci - from: - kubeconfig: - field: sa.ci-operator.build01.config - item: build_farm - sa.ci-operator.build01.token.txt: - field: sa.ci-operator.build01.token.txt - item: build_farm - to: - - cluster: build01 - name: ci-operator - namespace: test-credentials -- from: - kubeconfig: - field: sa.ci-operator.build02.config - item: build_farm - sa.ci-operator.build02.token.txt: - field: sa.ci-operator.build02.token.txt - item: build_farm - to: - - cluster: build02 - name: ci-operator - namespace: test-credentials -- from: - kubeconfig: - field: sa.ci-operator.build04.config - item: build_farm - sa.ci-operator.build04.token.txt: - field: sa.ci-operator.build04.token.txt - item: build_farm - to: - - cluster: build04 - name: ci-operator - namespace: test-credentials -- from: - kubeconfig: - field: sa.ci-operator.app.ci.config - item: build_farm - sa.ci-operator.app.ci.config: - field: sa.ci-operator.app.ci.config - item: build_farm - sa.ci-operator.app.ci.token.txt: - field: sa.ci-operator.app.ci.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quay.io/multi-arch + registry_url: quay.io/multi-arch + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - cluster_groups: - non_app_ci - name: app.ci-ci-operator-credentials + name: cluster-secrets-aws-qe namespace: ci -- from: - kubeconfig: - field: sa.promotion-quay-tagger.app.ci.config - item: build_farm - sa.promotion-quay-tagger.app.ci.config: - field: sa.promotion-quay-tagger.app.ci.config - item: build_farm - sa.promotion-quay-tagger.app.ci.token.txt: - field: sa.promotion-quay-tagger.app.ci.token.txt - item: build_farm - to: - cluster_groups: - non_app_ci - name: promotion-quay-tagger-kubeconfig + name: cluster-secrets-azure-oadp-qe namespace: ci -- from: - kubeconfig: - field: sa.hive.hosted-mgmt.config - item: build_farm - sa.hive.hosted-mgmt.token.txt: - field: sa.hive.hosted-mgmt.token.txt - item: build_farm - to: - cluster_groups: - non_app_ci - name: hive-hive-credentials + name: cluster-secrets-aws-1-qe namespace: ci - cluster_groups: - non_app_ci - name: hive-hive-credentials - namespace: test-credentials -- from: - kubeconfig: - field: sa.clusterpool-manager.hosted-mgmt.config - item: build_farm - sa.clusterpool-manager.hosted-mgmt.token.txt: - field: sa.clusterpool-manager.hosted-mgmt.token.txt - item: build_farm - to: + name: cluster-secrets-aws-autorelease-qe + namespace: ci - cluster_groups: - non_app_ci - name: clusterpool-manager-credentials + name: cluster-secrets-aws-sd-qe namespace: ci -- from: - kubeconfig: - field: sa.hypershift-workload.hosted-mgmt.config - item: build_farm - sa.hypershift-workload.hosted-mgmt.token.txt: - field: sa.hypershift-workload.hosted-mgmt.token.txt - item: build_farm - to: - cluster_groups: - - build_farm - name: hypershift-workload-credentials - namespace: test-credentials + - non_app_ci + name: cluster-secrets-oex-aws-qe + namespace: ci - cluster_groups: - - build_farm - name: hypershift-workload-credentials + - non_app_ci + name: cluster-secrets-aws-quay-qe namespace: ci -- from: - ci.htpasswd: - field: ci.htpasswd - item: boskos-oauth-proxy - credentials: - field: boskos-credentials - item: boskos-oauth-proxy - to: - cluster_groups: - - build_farm - name: boskos-credentials + - non_app_ci + name: cluster-secrets-fleet-manager-qe namespace: ci -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: aws_ci_infra_ci-app-ci-audit-logs-uploader - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: aws_ci_infra_ci-app-ci-audit-logs-uploader - to: - - cluster: app.ci - name: aws-ci-infra-ci-app-ci-audit-logs-uploader-credentials - namespace: api-audit-log -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: aws_ci_infra_ci-build01-audit-logs-uploader - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: aws_ci_infra_ci-build01-audit-logs-uploader - to: - - cluster: build01 - name: aws-ci-infra-ci-build01-audit-logs-uploader-credentials - namespace: api-audit-log -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: aws_ci_infra_ci-build04-audit-logs-uploader - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: aws_ci_infra_ci-build04-audit-logs-uploader - to: - - cluster: build04 - name: aws-ci-infra-ci-build04-audit-logs-uploader-credentials - namespace: api-audit-log -- from: - .git-credentials: - field: git_url_with_credentials - item: openshift-bot - to: - - cluster: app.ci - name: git-credentials - namespace: ci-release - - cluster: app.ci - name: git-credentials - namespace: ci-release-priv - - cluster: app.ci - name: git-credentials - namespace: ci-release-ppc64le - - cluster: app.ci - name: git-credentials - namespace: ci-release-ppc64le-priv - - cluster: app.ci - name: git-credentials - namespace: ci-release-s390x - - cluster: app.ci - name: git-credentials - namespace: ci-release-s390x-priv - - cluster: app.ci - name: git-credentials - namespace: ci-release-arm64 - - cluster: app.ci - name: git-credentials - namespace: ci-release-arm64-priv - - cluster: app.ci - name: git-credentials - namespace: ci-release-multi - - cluster: app.ci - name: git-credentials - namespace: ci-release-multi-priv -- from: - sa.release-controller-ocp-arm64-priv.app.ci.config: - field: sa.release-controller-ocp-arm64-priv.app.ci.config - item: release-controller - sa.release-controller-ocp-arm64-priv.app.ci.token.txt: - field: sa.release-controller-ocp-arm64-priv.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-arm64.app.ci.config: - field: sa.release-controller-ocp-arm64.app.ci.config - item: release-controller - sa.release-controller-ocp-arm64.app.ci.token.txt: - field: sa.release-controller-ocp-arm64.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-multi-priv.app.ci.config: - field: sa.release-controller-ocp-multi-priv.app.ci.config - item: release-controller - sa.release-controller-ocp-multi-priv.app.ci.token.txt: - field: sa.release-controller-ocp-multi-priv.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-multi.app.ci.config: - field: sa.release-controller-ocp-multi.app.ci.config - item: release-controller - sa.release-controller-ocp-multi.app.ci.token.txt: - field: sa.release-controller-ocp-multi.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-ppc64le-priv.app.ci.config: - field: sa.release-controller-ocp-ppc64le-priv.app.ci.config - item: release-controller - sa.release-controller-ocp-ppc64le-priv.app.ci.token.txt: - field: sa.release-controller-ocp-ppc64le-priv.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-ppc64le.app.ci.config: - field: sa.release-controller-ocp-ppc64le.app.ci.config - item: release-controller - sa.release-controller-ocp-ppc64le.app.ci.token.txt: - field: sa.release-controller-ocp-ppc64le.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-priv.app.ci.config: - field: sa.release-controller-ocp-priv.app.ci.config - item: release-controller - sa.release-controller-ocp-priv.app.ci.token.txt: - field: sa.release-controller-ocp-priv.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-s390x-priv.app.ci.config: - field: sa.release-controller-ocp-s390x-priv.app.ci.config - item: release-controller - sa.release-controller-ocp-s390x-priv.app.ci.token.txt: - field: sa.release-controller-ocp-s390x-priv.app.ci.token.txt - item: release-controller - sa.release-controller-ocp-s390x.app.ci.config: - field: sa.release-controller-ocp-s390x.app.ci.config - item: release-controller - sa.release-controller-ocp-s390x.app.ci.token.txt: - field: sa.release-controller-ocp-s390x.app.ci.token.txt - item: release-controller - sa.release-controller-ocp.app.ci.config: - field: sa.release-controller-ocp.app.ci.config - item: release-controller - sa.release-controller-ocp.app.ci.token.txt: - field: sa.release-controller-ocp.app.ci.token.txt - item: release-controller - sa.release-controller.app.ci.config: - field: sa.release-controller.app.ci.config - item: release-controller - sa.release-controller.app.ci.token.txt: - field: sa.release-controller.app.ci.token.txt - item: release-controller - to: - - cluster: app.ci - name: release-controller-kubeconfigs + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-terraform-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-perfscale + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-perfscale-okd + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-confidential-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-cpt + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-jetlag + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-osp + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perscale-telco + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perscale-selfsched + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-perfscale-okd + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-cpt + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-jetlag + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perfscale-osp + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perscale-telco + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-perscale-selfsched + namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-perfscale-qe namespace: ci -- from: - bw_password: - field: password - item: OpenShift CI Bitwarden Bot - to: - - cluster: app.ci - name: bitwarden-credentials-openshift-ci-bitwarden-bot + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-perfscale-lrc-qe namespace: ci -- from: - sa.crier.app.ci.config: - field: sa.crier.app.ci.config - item: build_farm - sa.crier.app.ci.token.txt: - field: sa.crier.app.ci.token.txt - item: build_farm - sa.crier.build01.config: - field: sa.crier.build01.config - item: build_farm - sa.crier.build01.token.txt: - field: sa.crier.build01.token.txt - item: build_farm - sa.crier.build02.config: - field: sa.crier.build02.config - item: build_farm - sa.crier.build02.token.txt: - field: sa.crier.build02.token.txt - item: build_farm - sa.crier.build03.config: - field: sa.crier.build03.config - item: build_farm - sa.crier.build03.token.txt: - field: sa.crier.build03.token.txt - item: build_farm - sa.crier.build04.config: - field: sa.crier.build04.config - item: build_farm - sa.crier.build04.token.txt: - field: sa.crier.build04.token.txt - item: build_farm - sa.crier.build05.config: - field: sa.crier.build05.config - item: build_farm - sa.crier.build05.token.txt: - field: sa.crier.build05.token.txt - item: build_farm - sa.crier.build06.config: - field: sa.crier.build06.config - item: build_farm - sa.crier.build06.token.txt: - field: sa.crier.build06.token.txt - item: build_farm - sa.crier.build07.config: - field: sa.crier.build07.config - item: build_farm - sa.crier.build07.token.txt: - field: sa.crier.build07.token.txt - item: build_farm - sa.crier.build08.config: - field: sa.crier.build08.config - item: build_farm - sa.crier.build08.token.txt: - field: sa.crier.build08.token.txt - item: build_farm - sa.crier.build09.config: - field: sa.crier.build09.config - item: build_farm - sa.crier.build09.token.txt: - field: sa.crier.build09.token.txt - item: build_farm - sa.crier.build10.config: - field: sa.crier.build10.config - item: build_farm - sa.crier.build10.token.txt: - field: sa.crier.build10.token.txt - item: build_farm - sa.crier.build11.config: - field: sa.crier.build11.config - item: build_farm - sa.crier.build11.token.txt: - field: sa.crier.build11.token.txt - item: build_farm - sa.crier.core-ci.config: - field: sa.crier.core-ci.config - item: build_farm - sa.crier.core-ci.token.txt: - field: sa.crier.core-ci.token.txt - item: build_farm - sa.crier.vsphere02.config: - field: sa.crier.vsphere02.config - item: build_farm - sa.crier.vsphere02.token.txt: - field: sa.crier.vsphere02.token.txt - item: build_farm - to: - - cluster: app.ci - name: crier + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-restricted-qe namespace: ci -- from: - sa.config-updater.app.ci.config: - field: sa.config-updater.app.ci.config - item: config-updater - sa.config-updater.build01.config: - field: sa.config-updater.build01.config - item: config-updater - sa.config-updater.build02.config: - field: sa.config-updater.build02.config - item: config-updater - sa.config-updater.build03.config: - field: sa.config-updater.build03.config - item: config-updater - sa.config-updater.build04.config: - field: sa.config-updater.build04.config - item: config-updater - sa.config-updater.build05.config: - field: sa.config-updater.build05.config - item: config-updater - sa.config-updater.build06.config: - field: sa.config-updater.build06.config - item: config-updater - sa.config-updater.build07.config: - field: sa.config-updater.build07.config - item: config-updater - sa.config-updater.build08.config: - field: sa.config-updater.build08.config - item: config-updater - sa.config-updater.build09.config: - field: sa.config-updater.build09.config - item: config-updater - sa.config-updater.build10.config: - field: sa.config-updater.build10.config - item: config-updater - sa.config-updater.build11.config: - field: sa.config-updater.build11.config - item: config-updater - sa.config-updater.core-ci.config: - field: sa.config-updater.core-ci.config - item: config-updater - sa.config-updater.hosted-mgmt.config: - field: sa.config-updater.hosted-mgmt.config - item: config-updater - sa.config-updater.vsphere02.config: - field: sa.config-updater.vsphere02.config - item: config-updater - to: - - cluster: app.ci - name: config-updater + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-outpost-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-rhtap-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-konflux-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-rhtap-performance + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-devfile + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-medik8s-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-pipelines-performance + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-rhdh-performance + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gitops-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-che-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-quay-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-edge-infra + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-devsandboxci-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-odf-aws + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-serverless + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-sustaining-autorelease-412 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-stackrox + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-kubevirt + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aro-redhat-tenant + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-mco-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-oadp-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-lp-chaos + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-chaos + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-chaos + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-observability + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal-redhat-gs + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-sandboxed-containers-operator + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aro-hcp-int + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aro-hcp-stg + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aro-hcp-prod + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aro-hcp-dev namespace: ci - - cluster: app.ci - name: config-updater - namespace: vault - from: - sa.deck.app.ci.config: - field: sa.deck.app.ci.config - item: build_farm - sa.deck.app.ci.token.txt: - field: sa.deck.app.ci.token.txt - item: build_farm - sa.deck.build01.config: - field: sa.deck.build01.config - item: build_farm - sa.deck.build01.token.txt: - field: sa.deck.build01.token.txt - item: build_farm - sa.deck.build02.config: - field: sa.deck.build02.config - item: build_farm - sa.deck.build02.token.txt: - field: sa.deck.build02.token.txt - item: build_farm - sa.deck.build03.config: - field: sa.deck.build03.config - item: build_farm - sa.deck.build03.token.txt: - field: sa.deck.build03.token.txt - item: build_farm - sa.deck.build04.config: - field: sa.deck.build04.config - item: build_farm - sa.deck.build04.token.txt: - field: sa.deck.build04.token.txt - item: build_farm - sa.deck.build05.config: - field: sa.deck.build05.config - item: build_farm - sa.deck.build05.token.txt: - field: sa.deck.build05.token.txt - item: build_farm - sa.deck.build06.config: - field: sa.deck.build06.config - item: build_farm - sa.deck.build06.token.txt: - field: sa.deck.build06.token.txt - item: build_farm - sa.deck.build07.config: - field: sa.deck.build07.config - item: build_farm - sa.deck.build07.token.txt: - field: sa.deck.build07.token.txt - item: build_farm - sa.deck.build08.config: - field: sa.deck.build08.config - item: build_farm - sa.deck.build08.token.txt: - field: sa.deck.build08.token.txt - item: build_farm - sa.deck.build09.config: - field: sa.deck.build09.config - item: build_farm - sa.deck.build09.token.txt: - field: sa.deck.build09.token.txt - item: build_farm - sa.deck.build10.config: - field: sa.deck.build10.config - item: build_farm - sa.deck.build10.token.txt: - field: sa.deck.build10.token.txt - item: build_farm - sa.deck.build11.config: - field: sa.deck.build11.config - item: build_farm - sa.deck.build11.token.txt: - field: sa.deck.build11.token.txt - item: build_farm - sa.deck.core-ci.config: - field: sa.deck.core-ci.config - item: build_farm - sa.deck.core-ci.token.txt: - field: sa.deck.core-ci.token.txt - item: build_farm - sa.deck.vsphere02.config: - field: sa.deck.vsphere02.config - item: build_farm - sa.deck.vsphere02.token.txt: - field: sa.deck.vsphere02.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: deck + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-rhoai-qe namespace: ci - from: - sa.hook.app.ci.config: - field: sa.hook.app.ci.config - item: build_farm - sa.hook.app.ci.token.txt: - field: sa.hook.app.ci.token.txt - item: build_farm - sa.hook.build01.config: - field: sa.hook.build01.config - item: build_farm - sa.hook.build01.token.txt: - field: sa.hook.build01.token.txt - item: build_farm - sa.hook.build02.config: - field: sa.hook.build02.config - item: build_farm - sa.hook.build02.token.txt: - field: sa.hook.build02.token.txt - item: build_farm - sa.hook.build03.config: - field: sa.hook.build03.config - item: build_farm - sa.hook.build03.token.txt: - field: sa.hook.build03.token.txt - item: build_farm - sa.hook.build04.config: - field: sa.hook.build04.config - item: build_farm - sa.hook.build04.token.txt: - field: sa.hook.build04.token.txt - item: build_farm - sa.hook.build05.config: - field: sa.hook.build05.config - item: build_farm - sa.hook.build05.token.txt: - field: sa.hook.build05.token.txt - item: build_farm - sa.hook.build06.config: - field: sa.hook.build06.config - item: build_farm - sa.hook.build06.token.txt: - field: sa.hook.build06.token.txt - item: build_farm - sa.hook.build07.config: - field: sa.hook.build07.config - item: build_farm - sa.hook.build07.token.txt: - field: sa.hook.build07.token.txt - item: build_farm - sa.hook.build08.config: - field: sa.hook.build08.config - item: build_farm - sa.hook.build08.token.txt: - field: sa.hook.build08.token.txt - item: build_farm - sa.hook.build09.config: - field: sa.hook.build09.config - item: build_farm - sa.hook.build09.token.txt: - field: sa.hook.build09.token.txt - item: build_farm - sa.hook.build10.config: - field: sa.hook.build10.config - item: build_farm - sa.hook.build10.token.txt: - field: sa.hook.build10.token.txt - item: build_farm - sa.hook.build11.config: - field: sa.hook.build11.config - item: build_farm - sa.hook.build11.token.txt: - field: sa.hook.build11.token.txt - item: build_farm - sa.hook.core-ci.config: - field: sa.hook.core-ci.config - item: build_farm - sa.hook.core-ci.token.txt: - field: sa.hook.core-ci.token.txt - item: build_farm - sa.hook.vsphere02.config: - field: sa.hook.vsphere02.config - item: build_farm - sa.hook.vsphere02.token.txt: - field: sa.hook.vsphere02.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quay.io/multi-arch + registry_url: quay.io/multi-arch + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: hook + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-sc2s-qe namespace: ci - from: - sa.prow-controller-manager.app.ci.config: - field: sa.prow-controller-manager.app.ci.config - item: build_farm - sa.prow-controller-manager.app.ci.token.txt: - field: sa.prow-controller-manager.app.ci.token.txt - item: build_farm - sa.prow-controller-manager.build01.config: - field: sa.prow-controller-manager.build01.config - item: build_farm - sa.prow-controller-manager.build01.token.txt: - field: sa.prow-controller-manager.build01.token.txt - item: build_farm - sa.prow-controller-manager.build02.config: - field: sa.prow-controller-manager.build02.config - item: build_farm - sa.prow-controller-manager.build02.token.txt: - field: sa.prow-controller-manager.build02.token.txt - item: build_farm - sa.prow-controller-manager.build03.config: - field: sa.prow-controller-manager.build03.config - item: build_farm - sa.prow-controller-manager.build03.token.txt: - field: sa.prow-controller-manager.build03.token.txt - item: build_farm - sa.prow-controller-manager.build04.config: - field: sa.prow-controller-manager.build04.config - item: build_farm - sa.prow-controller-manager.build04.token.txt: - field: sa.prow-controller-manager.build04.token.txt - item: build_farm - sa.prow-controller-manager.build05.config: - field: sa.prow-controller-manager.build05.config - item: build_farm - sa.prow-controller-manager.build05.token.txt: - field: sa.prow-controller-manager.build05.token.txt - item: build_farm - sa.prow-controller-manager.build06.config: - field: sa.prow-controller-manager.build06.config - item: build_farm - sa.prow-controller-manager.build06.token.txt: - field: sa.prow-controller-manager.build06.token.txt - item: build_farm - sa.prow-controller-manager.build07.config: - field: sa.prow-controller-manager.build07.config - item: build_farm - sa.prow-controller-manager.build07.token.txt: - field: sa.prow-controller-manager.build07.token.txt - item: build_farm - sa.prow-controller-manager.build08.config: - field: sa.prow-controller-manager.build08.config - item: build_farm - sa.prow-controller-manager.build08.token.txt: - field: sa.prow-controller-manager.build08.token.txt - item: build_farm - sa.prow-controller-manager.build09.config: - field: sa.prow-controller-manager.build09.config - item: build_farm - sa.prow-controller-manager.build09.token.txt: - field: sa.prow-controller-manager.build09.token.txt - item: build_farm - sa.prow-controller-manager.build10.config: - field: sa.prow-controller-manager.build10.config - item: build_farm - sa.prow-controller-manager.build10.token.txt: - field: sa.prow-controller-manager.build10.token.txt - item: build_farm - sa.prow-controller-manager.build11.config: - field: sa.prow-controller-manager.build11.config - item: build_farm - sa.prow-controller-manager.build11.token.txt: - field: sa.prow-controller-manager.build11.token.txt - item: build_farm - sa.prow-controller-manager.core-ci.config: - field: sa.prow-controller-manager.core-ci.config - item: build_farm - sa.prow-controller-manager.core-ci.token.txt: - field: sa.prow-controller-manager.core-ci.token.txt - item: build_farm - sa.prow-controller-manager.hosted-mgmt.config: - field: sa.prow-controller-manager.hosted-mgmt.config - item: build_farm - sa.prow-controller-manager.hosted-mgmt.token.txt: - field: sa.prow-controller-manager.hosted-mgmt.token.txt - item: build_farm - sa.prow-controller-manager.vsphere02.config: - field: sa.prow-controller-manager.vsphere02.config - item: build_farm - sa.prow-controller-manager.vsphere02.token.txt: - field: sa.prow-controller-manager.vsphere02.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quay.io/multi-arch + registry_url: quay.io/multi-arch + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: prow-controller-manager + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-usgov-qe namespace: ci - from: - sa.sprint-automation.build01.config: - field: sa.sprint-automation.build01.config - item: build_farm - sa.sprint-automation.build01.token.txt: - field: sa.sprint-automation.build01.token.txt - item: build_farm - sa.sprint-automation.build02.config: - field: sa.sprint-automation.build02.config - item: build_farm - sa.sprint-automation.build02.token.txt: - field: sa.sprint-automation.build02.token.txt - item: build_farm - sa.sprint-automation.build04.config: - field: sa.sprint-automation.build04.config - item: build_farm - sa.sprint-automation.build04.token.txt: - field: sa.sprint-automation.build04.token.txt - item: build_farm + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: sprint-automation + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-virtualization + namespace: ci +- from: + baseDomain: + field: public_hosted_zone + item: os4-installer.openshift-ci2.azure + osServicePrincipal.json: + field: osServicePrincipal.json + item: os4-installer.openshift-ci2.azure + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-2 namespace: ci - from: - sa.sinker.app.ci.config: - field: sa.sinker.app.ci.config - item: build_farm - sa.sinker.app.ci.token.txt: - field: sa.sinker.app.ci.token.txt - item: build_farm - sa.sinker.build01.config: - field: sa.sinker.build01.config - item: build_farm - sa.sinker.build01.token.txt: - field: sa.sinker.build01.token.txt - item: build_farm - sa.sinker.build02.config: - field: sa.sinker.build02.config - item: build_farm - sa.sinker.build02.token.txt: - field: sa.sinker.build02.token.txt - item: build_farm - sa.sinker.build03.config: - field: sa.sinker.build03.config - item: build_farm - sa.sinker.build03.token.txt: - field: sa.sinker.build03.token.txt - item: build_farm - sa.sinker.build04.config: - field: sa.sinker.build04.config - item: build_farm - sa.sinker.build04.token.txt: - field: sa.sinker.build04.token.txt - item: build_farm - sa.sinker.build05.config: - field: sa.sinker.build05.config - item: build_farm - sa.sinker.build05.token.txt: - field: sa.sinker.build05.token.txt - item: build_farm - sa.sinker.build06.config: - field: sa.sinker.build06.config - item: build_farm - sa.sinker.build06.token.txt: - field: sa.sinker.build06.token.txt - item: build_farm - sa.sinker.build07.config: - field: sa.sinker.build07.config - item: build_farm - sa.sinker.build07.token.txt: - field: sa.sinker.build07.token.txt - item: build_farm - sa.sinker.build08.config: - field: sa.sinker.build08.config - item: build_farm - sa.sinker.build08.token.txt: - field: sa.sinker.build08.token.txt - item: build_farm - sa.sinker.build09.config: - field: sa.sinker.build09.config - item: build_farm - sa.sinker.build09.token.txt: - field: sa.sinker.build09.token.txt - item: build_farm - sa.sinker.build10.config: - field: sa.sinker.build10.config - item: build_farm - sa.sinker.build10.token.txt: - field: sa.sinker.build10.token.txt - item: build_farm - sa.sinker.build11.config: - field: sa.sinker.build11.config - item: build_farm - sa.sinker.build11.token.txt: - field: sa.sinker.build11.token.txt - item: build_farm - sa.sinker.core-ci.config: - field: sa.sinker.core-ci.config - item: build_farm - sa.sinker.core-ci.token.txt: - field: sa.sinker.core-ci.token.txt - item: build_farm - sa.sinker.vsphere02.config: - field: sa.sinker.vsphere02.config - item: build_farm - sa.sinker.vsphere02.token.txt: - field: sa.sinker.vsphere02.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: sinker + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-observability + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-aws-ovn-perfscale + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-perfscale + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-hcp-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-autorelease-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-sustaining-autorelease-412 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-arm64-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azurestack-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azurestack-dev + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-quay-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-confidential-qe namespace: ci - from: - sa.dptp-controller-manager.build01.config: - field: sa.dptp-controller-manager.build01.config - item: build_farm - sa.dptp-controller-manager.build01.token.txt: - field: sa.dptp-controller-manager.build01.token.txt - item: build_farm - sa.dptp-controller-manager.build02.config: - field: sa.dptp-controller-manager.build02.config - item: build_farm - sa.dptp-controller-manager.build02.token.txt: - field: sa.dptp-controller-manager.build02.token.txt - item: build_farm - sa.dptp-controller-manager.build03.config: - field: sa.dptp-controller-manager.build03.config - item: build_farm - sa.dptp-controller-manager.build03.token.txt: - field: sa.dptp-controller-manager.build03.token.txt - item: build_farm - sa.dptp-controller-manager.build04.config: - field: sa.dptp-controller-manager.build04.config - item: build_farm - sa.dptp-controller-manager.build04.token.txt: - field: sa.dptp-controller-manager.build04.token.txt - item: build_farm - sa.dptp-controller-manager.build05.config: - field: sa.dptp-controller-manager.build05.config - item: build_farm - sa.dptp-controller-manager.build05.token.txt: - field: sa.dptp-controller-manager.build05.token.txt - item: build_farm - sa.dptp-controller-manager.build06.config: - field: sa.dptp-controller-manager.build06.config - item: build_farm - sa.dptp-controller-manager.build06.token.txt: - field: sa.dptp-controller-manager.build06.token.txt - item: build_farm - sa.dptp-controller-manager.build07.config: - field: sa.dptp-controller-manager.build07.config - item: build_farm - sa.dptp-controller-manager.build07.token.txt: - field: sa.dptp-controller-manager.build07.token.txt - item: build_farm - sa.dptp-controller-manager.build08.config: - field: sa.dptp-controller-manager.build08.config - item: build_farm - sa.dptp-controller-manager.build08.token.txt: - field: sa.dptp-controller-manager.build08.token.txt - item: build_farm - sa.dptp-controller-manager.build09.config: - field: sa.dptp-controller-manager.build09.config - item: build_farm - sa.dptp-controller-manager.build09.token.txt: - field: sa.dptp-controller-manager.build09.token.txt - item: build_farm - sa.dptp-controller-manager.build10.config: - field: sa.dptp-controller-manager.build10.config - item: build_farm - sa.dptp-controller-manager.build10.token.txt: - field: sa.dptp-controller-manager.build10.token.txt - item: build_farm - sa.dptp-controller-manager.build11.config: - field: sa.dptp-controller-manager.build11.config - item: build_farm - sa.dptp-controller-manager.build11.token.txt: - field: sa.dptp-controller-manager.build11.token.txt - item: build_farm - sa.dptp-controller-manager.core-ci.config: - field: sa.dptp-controller-manager.core-ci.config - item: build_farm - sa.dptp-controller-manager.core-ci.token.txt: - field: sa.dptp-controller-manager.core-ci.token.txt - item: build_farm - sa.dptp-controller-manager.vsphere02.config: - field: sa.dptp-controller-manager.vsphere02.config - item: build_farm - sa.dptp-controller-manager.vsphere02.token.txt: - field: sa.dptp-controller-manager.vsphere02.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: dptp-controller-manager + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-virtualization namespace: ci - from: - sa.promoted-image-governor.build01.config: - field: sa.promoted-image-governor.build01.config - item: build_farm - sa.promoted-image-governor.build01.token.txt: - field: sa.promoted-image-governor.build01.token.txt - item: build_farm - sa.promoted-image-governor.build02.config: - field: sa.promoted-image-governor.build02.config - item: build_farm - sa.promoted-image-governor.build02.token.txt: - field: sa.promoted-image-governor.build02.token.txt - item: build_farm - sa.promoted-image-governor.build03.config: - field: sa.promoted-image-governor.build03.config - item: build_farm - sa.promoted-image-governor.build03.token.txt: - field: sa.promoted-image-governor.build03.token.txt - item: build_farm - sa.promoted-image-governor.build04.config: - field: sa.promoted-image-governor.build04.config - item: build_farm - sa.promoted-image-governor.build04.token.txt: - field: sa.promoted-image-governor.build04.token.txt - item: build_farm - sa.promoted-image-governor.build05.config: - field: sa.promoted-image-governor.build05.config - item: build_farm - sa.promoted-image-governor.build05.token.txt: - field: sa.promoted-image-governor.build05.token.txt - item: build_farm - sa.promoted-image-governor.build06.config: - field: sa.promoted-image-governor.build06.config - item: build_farm - sa.promoted-image-governor.build06.token.txt: - field: sa.promoted-image-governor.build06.token.txt - item: build_farm - sa.promoted-image-governor.build07.config: - field: sa.promoted-image-governor.build07.config - item: build_farm - sa.promoted-image-governor.build07.token.txt: - field: sa.promoted-image-governor.build07.token.txt - item: build_farm - sa.promoted-image-governor.build08.config: - field: sa.promoted-image-governor.build08.config - item: build_farm - sa.promoted-image-governor.build08.token.txt: - field: sa.promoted-image-governor.build08.token.txt - item: build_farm - sa.promoted-image-governor.build09.config: - field: sa.promoted-image-governor.build09.config - item: build_farm - sa.promoted-image-governor.build09.token.txt: - field: sa.promoted-image-governor.build09.token.txt - item: build_farm - sa.promoted-image-governor.build10.config: - field: sa.promoted-image-governor.build10.config - item: build_farm - sa.promoted-image-governor.build10.token.txt: - field: sa.promoted-image-governor.build10.token.txt - item: build_farm - sa.promoted-image-governor.build11.config: - field: sa.promoted-image-governor.build11.config - item: build_farm - sa.promoted-image-governor.build11.token.txt: - field: sa.promoted-image-governor.build11.token.txt - item: build_farm - sa.promoted-image-governor.core-ci.config: - field: sa.promoted-image-governor.core-ci.config - item: build_farm - sa.promoted-image-governor.core-ci.token.txt: - field: sa.promoted-image-governor.core-ci.token.txt - item: build_farm - sa.promoted-image-governor.vsphere02.config: - field: sa.promoted-image-governor.vsphere02.config - item: build_farm - sa.promoted-image-governor.vsphere02.token.txt: - field: sa.promoted-image-governor.vsphere02.token.txt - item: build_farm + baseDomain: + field: public_hosted_zone + item: os4-installer.openshift-ci.azure + osServicePrincipal.json: + field: osServicePrincipal.json + item: os4-installer.openshift-ci.azure + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: promoted-image-governor + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure4 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-azure-arm64 namespace: ci - from: - credentials: - field: credentials - item: result-aggregator - passwd: - field: passwd - item: result-aggregator + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-azuremag + namespace: ci +- from: + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-azuremag-qe + namespace: ci +- from: + osServicePrincipal.json: + field: osServicePrincipal.json + item: os4-installer.openshift-ci.azure + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - - build_farm - name: result-aggregator - namespace: ci -- from: - sa.pj-rehearse.app.ci.config: - field: sa.pj-rehearse.app.ci.config - item: build_farm - sa.pj-rehearse.app.ci.token.txt: - field: sa.pj-rehearse.app.ci.token.txt - item: build_farm - to: - - cluster: app.ci - name: pj-rehearse + - non_app_ci + name: cluster-secrets-azurestack namespace: ci - from: - sa.ci-chat-bot.build01.config: - field: sa.ci-chat-bot.build01.config - item: ci-chat-bot - sa.ci-chat-bot.build01.token.txt: - field: sa.ci-chat-bot.build01.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build02.config: - field: sa.ci-chat-bot.build02.config - item: ci-chat-bot - sa.ci-chat-bot.build02.token.txt: - field: sa.ci-chat-bot.build02.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build03.config: - field: sa.ci-chat-bot.build03.config - item: ci-chat-bot - sa.ci-chat-bot.build03.token.txt: - field: sa.ci-chat-bot.build03.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build04.config: - field: sa.ci-chat-bot.build04.config - item: ci-chat-bot - sa.ci-chat-bot.build04.token.txt: - field: sa.ci-chat-bot.build04.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build05.config: - field: sa.ci-chat-bot.build05.config - item: ci-chat-bot - sa.ci-chat-bot.build05.token.txt: - field: sa.ci-chat-bot.build05.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build06.config: - field: sa.ci-chat-bot.build06.config - item: ci-chat-bot - sa.ci-chat-bot.build06.token.txt: - field: sa.ci-chat-bot.build06.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build07.config: - field: sa.ci-chat-bot.build07.config - item: ci-chat-bot - sa.ci-chat-bot.build07.token.txt: - field: sa.ci-chat-bot.build07.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build08.config: - field: sa.ci-chat-bot.build08.config - item: ci-chat-bot - sa.ci-chat-bot.build08.token.txt: - field: sa.ci-chat-bot.build08.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build09.config: - field: sa.ci-chat-bot.build09.config - item: ci-chat-bot - sa.ci-chat-bot.build09.token.txt: - field: sa.ci-chat-bot.build09.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build10.config: - field: sa.ci-chat-bot.build10.config - item: ci-chat-bot - sa.ci-chat-bot.build10.token.txt: - field: sa.ci-chat-bot.build10.token.txt - item: ci-chat-bot - sa.ci-chat-bot.build11.config: - field: sa.ci-chat-bot.build11.config - item: ci-chat-bot - sa.ci-chat-bot.build11.token.txt: - field: sa.ci-chat-bot.build11.token.txt - item: ci-chat-bot - sa.ci-chat-bot.core-ci.config: - field: sa.ci-chat-bot.core-ci.config - item: ci-chat-bot - sa.ci-chat-bot.core-ci.token.txt: - field: sa.ci-chat-bot.core-ci.token.txt - item: ci-chat-bot - sa.ci-chat-bot.vsphere02.config: - field: sa.ci-chat-bot.vsphere02.config - item: ci-chat-bot - sa.ci-chat-bot.vsphere02.token.txt: - field: sa.ci-chat-bot.vsphere02.token.txt - item: ci-chat-bot - sa.hypershift-workload.hosted-mgmt.config: - field: sa.hypershift-workload.hosted-mgmt.config - item: build_farm - sa.hypershift-workload.hosted-mgmt.token.txt: - field: sa.hypershift-workload.hosted-mgmt.token.txt - item: build_farm + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: ci-chat-bot-kubeconfigs - namespace: ci -- from: - sa.github-ldap-user-group-creator.build01.config: - field: sa.github-ldap-user-group-creator.build01.config - item: build_farm - sa.github-ldap-user-group-creator.build01.token.txt: - field: sa.github-ldap-user-group-creator.build01.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build02.config: - field: sa.github-ldap-user-group-creator.build02.config - item: build_farm - sa.github-ldap-user-group-creator.build02.token.txt: - field: sa.github-ldap-user-group-creator.build02.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build03.config: - field: sa.github-ldap-user-group-creator.build03.config - item: build_farm - sa.github-ldap-user-group-creator.build03.token.txt: - field: sa.github-ldap-user-group-creator.build03.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build04.config: - field: sa.github-ldap-user-group-creator.build04.config - item: build_farm - sa.github-ldap-user-group-creator.build04.token.txt: - field: sa.github-ldap-user-group-creator.build04.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build05.config: - field: sa.github-ldap-user-group-creator.build05.config - item: build_farm - sa.github-ldap-user-group-creator.build05.token.txt: - field: sa.github-ldap-user-group-creator.build05.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build06.config: - field: sa.github-ldap-user-group-creator.build06.config - item: build_farm - sa.github-ldap-user-group-creator.build06.token.txt: - field: sa.github-ldap-user-group-creator.build06.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build07.config: - field: sa.github-ldap-user-group-creator.build07.config - item: build_farm - sa.github-ldap-user-group-creator.build07.token.txt: - field: sa.github-ldap-user-group-creator.build07.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build08.config: - field: sa.github-ldap-user-group-creator.build08.config - item: build_farm - sa.github-ldap-user-group-creator.build08.token.txt: - field: sa.github-ldap-user-group-creator.build08.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build09.config: - field: sa.github-ldap-user-group-creator.build09.config - item: build_farm - sa.github-ldap-user-group-creator.build09.token.txt: - field: sa.github-ldap-user-group-creator.build09.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build10.config: - field: sa.github-ldap-user-group-creator.build10.config - item: build_farm - sa.github-ldap-user-group-creator.build10.token.txt: - field: sa.github-ldap-user-group-creator.build10.token.txt - item: build_farm - sa.github-ldap-user-group-creator.build11.config: - field: sa.github-ldap-user-group-creator.build11.config - item: build_farm - sa.github-ldap-user-group-creator.build11.token.txt: - field: sa.github-ldap-user-group-creator.build11.token.txt - item: build_farm - sa.github-ldap-user-group-creator.core-ci.config: - field: sa.github-ldap-user-group-creator.core-ci.config - item: build_farm - sa.github-ldap-user-group-creator.core-ci.token.txt: - field: sa.github-ldap-user-group-creator.core-ci.token.txt - item: build_farm - sa.github-ldap-user-group-creator.hosted-mgmt.config: - field: sa.github-ldap-user-group-creator.hosted-mgmt.config - item: build_farm - sa.github-ldap-user-group-creator.hosted-mgmt.token.txt: - field: sa.github-ldap-user-group-creator.hosted-mgmt.token.txt - item: build_farm - sa.github-ldap-user-group-creator.vsphere02.config: - field: sa.github-ldap-user-group-creator.vsphere02.config - item: build_farm - sa.github-ldap-user-group-creator.vsphere02.token.txt: - field: sa.github-ldap-user-group-creator.vsphere02.token.txt - item: build_farm + - cluster_groups: + - non_app_ci + name: cluster-secrets-equinix-edge-enablement + namespace: ci +- from: + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: github-ldap-user-group-creator + - cluster_groups: + - non_app_ci + name: cluster-secrets-equinix-ocp-hcp namespace: ci - from: - sa.ci-monitoring.app.ci.token.txt: - field: sa.ci-monitoring.app.ci.token.txt - item: openshift-monitoring-credentials + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: app-ci-openshift-user-workload-monitoring-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-equinix-ocp-metal namespace: ci - from: - openshift-gce-devel-ci-infra-users-to-bigquery.json: - field: openshift-gce-devel-ci-infra-users-to-bigquery.json - item: openshift-gce-devel-ci-infra-users-to-bigquery + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: openshift-gce-devel-ci-infra-users-to-bigquery-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-equinix-ocp-metal-qe namespace: ci - from: - token: - field: ocm-developer-productivity-staging - item: cluster-bot-cloud-sso-for-ocm-ephemeral-osd + ci-xpn.json: + field: ci-xpn-sa-credentials.json + item: gcp-openshift-gce-devel-ci + gce.json: + field: ci-provisioner-sa-credentials.json + item: gcp-openshift-gce-devel-ci + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + openshift_gcp_project: + field: openshift_gcp_project + item: gcp-openshift-gce-devel-ci + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + public_hosted_zone: + field: public_hosted_zone + item: gcp-openshift-gce-devel-ci + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + repository-credentials-password: + field: password + item: mirror.openshift.com + repository-credentials-username: + field: username + item: mirror.openshift.com + ssh-privatekey: + field: ssh-privatekey + item: gcp-openshift-gce-devel-ci + ssh-publickey: + field: ssh-publickey + item: gcp-openshift-gce-devel-ci + telemeter-token: + field: telemeter-token + item: telemeter to: - cluster_groups: - non_app_ci - name: cluster-bot-cloud-sso-for-ocm-ephemeral-osd + name: cluster-secrets-gcp namespace: ci -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: cluster-bot-aws-account-for-ephemeral-osd - AWS_ACCOUNT_ID: - field: AWS_ACCOUNT_ID - item: cluster-bot-aws-account-for-ephemeral-osd - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: cluster-bot-aws-account-for-ephemeral-osd - to: - cluster_groups: - non_app_ci - name: cluster-bot-aws-account-for-ephemeral-osd - namespace: ci -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: cert-manager - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: cert-manager - key.json: - field: service-account.json - item: cert-issuer - openshift-ci-build-farm-cert-issuer.json: - field: service-account.json - item: openshift-ci-build-farm-cert-issuer - to: - - cluster_groups: - - managed_clusters - name: cert-issuer - namespace: cert-manager -- from: - service-account.json: - field: service-account.json - item: openshift-ci-release-signature-publisher - to: - - cluster: app.ci - name: release-controller-signature-publisher - namespace: ci -- from: - openshift-ci.gpg: - base64_decode: true - field: openshift-ci.gpg - item: openshift-ci-release-signature-signer - to: - - cluster: app.ci - name: release-controller-signature-signer - namespace: ci -- from: - credentials.json: - field: credentials.json - item: openshift-private-viewer - to: - - cluster: app.ci - name: openshift-private-viewer + name: cluster-secrets-gcp-arm64 namespace: ci - from: - credentials.json: + gce.json: field: credentials.json - item: qe-private-deck-viewer - to: - - cluster: app.ci - name: qe-private-deck-viewer - namespace: ci -- from: - app_id: - field: app_id - item: slack-credentials-dptp-bot - client_id: - field: client_id - item: slack-credentials-dptp-bot - client_secret: - field: client_secret - item: slack-credentials-dptp-bot - oauth_token: - field: oauth_token - item: slack-credentials-dptp-bot - signing_secret: - field: signing_secret - item: slack-credentials-dptp-bot - to: - - cluster: app.ci - name: slack-credentials-dptp-bot - namespace: ci -- from: - app_id: - field: app_id - item: slack-credentials-dptp-bot-alpha - client_id: - field: client_id - item: slack-credentials-dptp-bot-alpha - client_secret: - field: client_secret - item: slack-credentials-dptp-bot-alpha - oauth_token: - field: oauth_token - item: slack-credentials-dptp-bot-alpha - signing_secret: - field: signing_secret - item: slack-credentials-dptp-bot-alpha - to: - - cluster: app.ci - name: slack-credentials-dptp-bot-alpha - namespace: ci -- from: - token: - field: token - item: jira-token-dptp-bot - to: - - cluster: app.ci - name: jira-token-dptp-bot - namespace: ci -- from: - .dockerconfigjson: + item: gcp-openshift-gce-devel-ci-3 + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + openshift_gcp_project: + field: openshift_gcp_project + item: gcp-openshift-gce-devel-ci-3 + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + public_hosted_zone: + field: public_hosted_zone + item: gcp-openshift-gce-devel-ci-3 + pull-secret: dockerconfigJSON: - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: gcp-openshift-gce-devel-ci-3 + ssh-publickey: + field: ssh-publickey + item: gcp-openshift-gce-devel-ci-3 + telemeter-token: + field: telemeter-token + item: telemeter to: - - cluster: app.ci - name: registry-push-credentials-ci-central + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-3 namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + gce.json: + field: credentials.json + item: gcp-openshift-gce-devel-ci-2 + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + openshift_gcp_project: + field: openshift_gcp_project + item: gcp-openshift-gce-devel-ci-2 + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + public_hosted_zone: + field: public_hosted_zone + item: gcp-openshift-gce-devel-ci-2 + pull-secret: dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: gcp-openshift-gce-devel-ci-2 + ssh-publickey: + field: ssh-publickey + item: gcp-openshift-gce-devel-ci-2 + telemeter-token: + field: telemeter-token + item: telemeter to: - - cluster: app.ci - name: registry-push-credentials-ci-images-mirror + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-openshift-gce-devel-ci-2 namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: registry-push-credentials-ci-images-mirror - namespace: gcr-io - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: build01 - name: registry-push-credentials-ci-central + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-observability + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-qe-c3-metal + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-autorelease-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-sustaining-autorelease-412 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-quay-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-confidential-qe namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build01 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org - to: - - cluster: build02 - name: registry-push-credentials-ci-central - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build02 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + repository-credentials-password: + field: password + item: mirror.openshift.com + repository-credentials-username: + field: username + item: mirror.openshift.com + ssh-privatekey: + field: ssh-privatekey + item: gcp-openshift-gce-devel-ci + ssh-publickey: + field: ssh-publickey + item: gcp-openshift-gce-devel-ci + telemeter-token: + field: telemeter-token + item: telemeter to: - - cluster: build04 - name: registry-push-credentials-ci-central + - cluster_groups: + - non_app_ci + name: cluster-secrets-gcp-virtualization namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build04 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + .awscred: + field: .awscred + item: openshift-ci-aws-credentials + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: registry-pull-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-hypershift namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: registry-pull-credentials - namespace: ci-staging - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: registry-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: build01 - name: registry-pull-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-hypershift-powervs namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build01 - name: registry-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: build01 - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - - cluster: build01 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: build02 - name: registry-pull-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-hypershift-powervs-cb namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build02 - name: registry-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: build02 - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - - cluster: build02 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build04_reg_auth_value.txt - item: build_farm - registry_url: registry.build04.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: build04 - name: registry-pull-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-qe-2 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-gpu namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build04 - name: registry-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: build04 - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - - cluster: build04 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson - from: insights-live.yaml: field: insights-live.yaml item: insights-ci-account - to: - - cluster_groups: - - non_app_ci - name: insights-live - namespace: test-credentials -- from: - .dockerconfigjson: + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: dockerconfigJSON: - - auth_field: push-token - item: quay.io - registry_url: quay.io + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: registry-push-credentials-openshift - namespace: ci - type: kubernetes.io/dockerconfigjson -- from: - appid: - field: appid - item: openshift-prow-app - cert: - field: openshift-prow.2020-12-03.private-key.pem - item: openshift-prow-app - hmac: - field: hmac - item: openshift-prow-app - to: - - cluster: app.ci - name: openshift-prow-github-app - namespace: ci -- from: - appid: - field: appid - item: openshift-merge-bot - cert: - field: openshift-merge-bot.2023-10-24.private-key.pem - item: openshift-merge-bot - hmac: - field: hmac - item: openshift-merge-bot - to: - - cluster: app.ci - name: openshift-merge-bot - namespace: ci -- from: - appid: - field: appid - item: openshift-ci-staging-prow-app - cert: - field: cert - item: openshift-ci-staging-prow-app - hmac: - field: hmac - item: openshift-ci-staging-prow-app - to: - - cluster: app.ci - name: openshift-prow-github-app - namespace: ci-staging -- from: - client-id: - field: rh-internal-sso-client-id - item: dex - client-secret: - field: rh-internal-sso-client-secret - item: dex - to: - - cluster: app.ci - name: rh-sso - namespace: dex -- from: - app.ci-id: - field: app.ci-id - item: dex - app.ci-secret: - field: app.ci-secret - item: dex - to: - - cluster: app.ci - name: app.ci-secret - namespace: dex -- from: - build01-id: - field: build01-id - item: dex - build01-secret: - field: build01-secret - item: dex - to: - - cluster: app.ci - name: build01-secret - namespace: dex - - cluster: app.ci - name: build01-dex-oidc - namespace: ci -- from: - clientSecret: - field: build01-secret - item: dex - to: - - cluster: build01 - name: dex-rh-sso - namespace: openshift-config -- from: - build02-id: - field: build02-id - item: dex - build02-secret: - field: build02-secret - item: dex - to: - - cluster: app.ci - name: build02-secret - namespace: dex - - cluster: app.ci - name: build02-dex-oidc + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-multi-ppc64le namespace: ci -- from: - build04-id: - field: build04-id - item: dex - build04-secret: - field: build04-secret - item: dex - to: - - cluster: app.ci - name: build04-secret - namespace: dex - - cluster: app.ci - name: build04-dex-oidc + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-multi-s390x namespace: ci -- from: - build05-id: - field: build05-id - item: dex - build05-secret: - field: build05-secret - item: dex - to: - - cluster: app.ci - name: build05-secret - namespace: dex -- from: - build11-id: - field: build11-id - item: dex - build11-secret: - field: build11-secret - item: dex - to: - - cluster: app.ci - name: build11-secret - namespace: dex - - cluster: app.ci - name: build11-dex-oidc + - cluster_groups: + - non_app_ci + name: cluster-secrets-powervs-multi-1 namespace: ci - from: - dpcr-id: - field: dpcr-id - item: dex - dpcr-secret: - field: dpcr-secret - item: dex - to: - - cluster: app.ci - name: dpcr-secret - namespace: dex -- from: - hosted-mgmt-id: - field: hosted-mgmt-id - item: dex - hosted-mgmt-secret: - field: hosted-mgmt-secret - item: dex + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: app.ci - name: hosted-mgmt-secret - namespace: dex - - cluster: app.ci - name: hosted-mgmt-dex-oidc + - cluster_groups: + - non_app_ci + name: cluster-secrets-ibmcloud-rhoai-qe namespace: ci - from: - art-id: - field: art-id - item: dex - art-secret: - field: art-secret - item: dex - to: - - cluster: app.ci - name: art-secret - namespace: dex -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: aws-prow-retester-robot-user-credentials - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: aws-prow-retester-robot-user-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: retester-aws-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-libvirt-ppc64le + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-libvirt-ppc64le-s2s namespace: ci - from: - clientSecret: - field: build02-secret - item: dex - to: - - cluster: build02 - name: dex-rh-sso - namespace: openshift-config -- from: - clientSecret: - field: build04-secret - item: dex - to: - - cluster: build04 - name: dex-rh-sso - namespace: openshift-config -- from: - clientSecret: - field: hosted-mgmt-secret - item: dex + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: hosted-mgmt - name: dex-rh-sso - namespace: openshift-config + - cluster_groups: + - non_app_ci + name: cluster-secrets-libvirt-s390x + namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-2-aws-credentials - baseDomain: - field: public_hosted_zone - item: openshift-ci-2-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account @@ -5127,23 +5152,29 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5153,23 +5184,17 @@ secret_configs: item: registry.redhat.io-pull-secret registry_url: registry.redhat.io ssh-privatekey: - field: id_rsa - item: openshift-ci-2-aws-credentials + field: ssh-privatekey + item: openshift-ci-aws-credentials ssh-publickey: - field: id_rsa.pub - item: openshift-ci-2-aws-credentials + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-aws-2 + name: cluster-secrets-libvirt-s390x-1 namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-3-aws-credentials - baseDomain: - field: public_hosted_zone - item: openshift-ci-3-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account @@ -5178,23 +5203,29 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5204,23 +5235,17 @@ secret_configs: item: registry.redhat.io-pull-secret registry_url: registry.redhat.io ssh-privatekey: - field: id_rsa - item: openshift-ci-3-aws-credentials + field: ssh-privatekey + item: openshift-ci-aws-credentials ssh-publickey: - field: id_rsa.pub - item: openshift-ci-3-aws-credentials + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-aws-3 + name: cluster-secrets-libvirt-s390x-2 namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-4-aws-credentials - baseDomain: - field: public_hosted_zone - item: openshift-ci-4-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account @@ -5229,23 +5254,62 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-libvirt-s390x-amd64 + namespace: ci +- from: + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5255,48 +5319,138 @@ secret_configs: item: registry.redhat.io-pull-secret registry_url: registry.redhat.io ssh-privatekey: - field: id_rsa - item: openshift-ci-4-aws-credentials + field: ssh-privatekey + item: openshift-ci-aws-credentials ssh-publickey: - field: id_rsa.pub - item: openshift-ci-4-aws-credentials + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-aws-4 + name: cluster-secrets-libvirt-s390x-vpn namespace: ci - from: .awscred: field: .awscred - item: openshift-ci-5-aws-credentials - baseDomain: - field: public_hosted_zone - item: openshift-ci-5-aws-credentials + item: openshift-ci-aws-credentials + .packetcred: + field: .packetcred + item: packet.net + .slackhook: + field: .slackhook + item: packet.net insights-live.yaml: field: insights-live.yaml item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-metal + namespace: ci +- from: + .awscred: + field: .awscred + item: openshift-ci-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + pull-secret: + dockerconfigJSON: - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials + to: + - cluster_groups: + - non_app_ci + name: cluster-secrets-nutanix + namespace: ci +- from: + .awscred: + field: .awscred + item: openshift-ci-aws-credentials + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5305,37 +5459,77 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: id_rsa - item: openshift-ci-5-aws-credentials - ssh-publickey: - field: id_rsa.pub - item: openshift-ci-5-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-aws-5 + name: cluster-secrets-nutanix-qe + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-nutanix-qe-dis + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-nutanix-qe-zone + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-nutanix-qe-gpu + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-nutanix-qe-flow namespace: ci - from: - .dockerconfigjson: + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5345,47 +5539,30 @@ secret_configs: item: registry.redhat.io-pull-secret registry_url: registry.redhat.io to: - - cluster: hosted-mgmt - name: pull-secret - namespace: ci-cluster-pool - type: kubernetes.io/dockerconfigjson -- from: - aws_access_key_id: - field: aws_access_key_id - item: openshift-ci-pools-hive - aws_secret_access_key: - field: aws_secret_access_key - item: openshift-ci-pools-hive - to: - - cluster: hosted-mgmt - name: hive-aws-credentials - namespace: ci-cluster-pool - - cluster: hosted-mgmt - name: hive-aws-credentials - namespace: fake-cluster-pool + - cluster_groups: + - non_app_ci + name: cluster-secrets-oci-agent-qe + namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5393,195 +5570,38 @@ secret_configs: - auth_field: auth email_field: email item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-hypershift - namespace: ci -- from: - vault-secret-manager-id: - field: vault-secret-manager-client-id - item: dex - vault-secret-manager-secret: - field: vault-secret-manager-client-secret - item: dex - to: - - cluster: app.ci - name: vault-secret-manager - namespace: dex - - cluster: app.ci - name: vault-secret-collection-manager-oauth - namespace: ci -- from: - secret: - field: secret - item: vault-secret-collection-manager-cookie-secret - to: - - cluster: app.ci - name: vault-secret-collection-manager-cookie-secret - namespace: ci -- from: - client-id: - field: client-id - item: loki-collector - client-secret: - field: client-secret - item: loki-collector - to: - - cluster_groups: - - build_farm - name: promtail-prod-creds - namespace: loki -- from: - WebHookSecretKey: - field: Token - item: github-deploymentconfig-webhook-token - to: - - cluster: app.ci - name: github-deploymentconfig-trigger - namespace: ci -- from: - sa.cluster-display.app.ci.config: - field: sa.cluster-display.app.ci.config - item: build_farm - sa.cluster-display.app.ci.token.txt: - field: sa.cluster-display.app.ci.token.txt - item: build_farm - sa.cluster-display.build01.config: - field: sa.cluster-display.build01.config - item: build_farm - sa.cluster-display.build01.token.txt: - field: sa.cluster-display.build01.token.txt - item: build_farm - sa.cluster-display.build02.config: - field: sa.cluster-display.build02.config - item: build_farm - sa.cluster-display.build02.token.txt: - field: sa.cluster-display.build02.token.txt - item: build_farm - sa.cluster-display.build03.config: - field: sa.cluster-display.build03.config - item: build_farm - sa.cluster-display.build03.token.txt: - field: sa.cluster-display.build03.token.txt - item: build_farm - sa.cluster-display.build04.config: - field: sa.cluster-display.build04.config - item: build_farm - sa.cluster-display.build04.token.txt: - field: sa.cluster-display.build04.token.txt - item: build_farm - sa.cluster-display.build05.config: - field: sa.cluster-display.build05.config - item: build_farm - sa.cluster-display.build05.token.txt: - field: sa.cluster-display.build05.token.txt - item: build_farm - sa.cluster-display.build06.config: - field: sa.cluster-display.build06.config - item: build_farm - sa.cluster-display.build06.token.txt: - field: sa.cluster-display.build06.token.txt - item: build_farm - sa.cluster-display.build07.config: - field: sa.cluster-display.build07.config - item: build_farm - sa.cluster-display.build07.token.txt: - field: sa.cluster-display.build07.token.txt - item: build_farm - sa.cluster-display.build08.config: - field: sa.cluster-display.build08.config - item: build_farm - sa.cluster-display.build08.token.txt: - field: sa.cluster-display.build08.token.txt - item: build_farm - sa.cluster-display.build09.config: - field: sa.cluster-display.build09.config - item: build_farm - sa.cluster-display.build09.token.txt: - field: sa.cluster-display.build09.token.txt - item: build_farm - sa.cluster-display.build10.config: - field: sa.cluster-display.build10.config - item: build_farm - sa.cluster-display.build10.token.txt: - field: sa.cluster-display.build10.token.txt - item: build_farm - sa.cluster-display.build11.config: - field: sa.cluster-display.build11.config - item: build_farm - sa.cluster-display.build11.token.txt: - field: sa.cluster-display.build11.token.txt - item: build_farm - sa.cluster-display.core-ci.config: - field: sa.cluster-display.core-ci.config - item: build_farm - sa.cluster-display.core-ci.token.txt: - field: sa.cluster-display.core-ci.token.txt - item: build_farm - sa.cluster-display.hosted-mgmt.config: - field: sa.cluster-display.hosted-mgmt.config - item: build_farm - sa.cluster-display.hosted-mgmt.token.txt: - field: sa.cluster-display.hosted-mgmt.token.txt - item: build_farm - sa.cluster-display.vsphere02.config: - field: sa.cluster-display.vsphere02.config - item: build_farm - sa.cluster-display.vsphere02.token.txt: - field: sa.cluster-display.vsphere02.token.txt - item: build_farm - to: - - cluster: app.ci - name: cluster-display - namespace: ci -- from: - github-client-id: - field: github-client-id - item: repo-init-github-client - github-client-secret: - field: github-client-secret - item: repo-init-github-client - github-redirect-uri: - field: github-redirect-uri - item: repo-init-github-client + registry_url: registry.redhat.io to: - - cluster: app.ci - name: repo-init-client + - cluster_groups: + - non_app_ci + name: cluster-secrets-oci-assisted namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com + .awscred: + field: .awscred + item: openstack + clouds.yaml: + field: clouds.yaml + item: openstack pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5590,49 +5610,127 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openstack + ssh-publickey: + field: ssh-publickey + item: openstack to: - cluster_groups: - non_app_ci - name: cluster-secrets-ibmcloud - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-ibmcloud-qe + name: cluster-secrets-openstack-operators-vexxhost namespace: ci +- from: + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openstack + ssh-publickey: + field: ssh-publickey + item: openstack + to: - cluster_groups: - non_app_ci - name: cluster-secrets-ibmcloud-qe-2 + name: cluster-secrets-openstack-osuosl namespace: ci +- from: + ca-cert.pem: + field: ca-cert.pem + item: openstack-ppc64le + clouds.yaml: + field: clouds.yaml + item: openstack-ppc64le + pull-secret: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openstack-ppc64le + ssh-publickey: + field: ssh-publickey + item: openstack-ppc64le + to: - cluster_groups: - non_app_ci - name: cluster-secrets-ibmcloud-gpu + name: cluster-secrets-openstack-ppc64le namespace: ci - from: + .awscred: + field: .awscred + item: openstack insights-live.yaml: field: insights-live.yaml item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5643,49 +5741,73 @@ secret_configs: registry_url: registry.redhat.io ssh-privatekey: field: ssh-privatekey - item: openshift-ci-aws-credentials + item: openstack ssh-publickey: field: ssh-publickey - item: openshift-ci-aws-credentials + item: openstack to: - cluster_groups: - non_app_ci - name: cluster-secrets-ibmcloud-multi-ppc64le + name: cluster-secrets-openstack-vexxhost namespace: ci - cluster_groups: - non_app_ci - name: cluster-secrets-ibmcloud-multi-s390x + name: cluster-secrets-openstack-hwoffload namespace: ci - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-multi-1 + name: cluster-secrets-openstack-nfv + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-vh-mecha-central + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-vh-mecha-az0 + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-nerc-dev + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-rhoso + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-rhos-ci + namespace: ci + - cluster_groups: + - non_app_ci + name: cluster-secrets-openstack-vh-bm-rhos namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com + .awscred: + field: .awscred + item: cluster-bot-osd-ephemeral + aws-account-id: + field: aws-account-id + item: cluster-bot-osd-ephemeral pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5694,16 +5816,16 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + sso-client-id: + field: ocm-developer-productivity-staging.user + item: cluster-bot-osd-ephemeral + sso-client-secret: + field: ocm-developer-productivity-staging.token + item: cluster-bot-osd-ephemeral to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-1 + name: cluster-secrets-osd-ephemeral namespace: ci - from: insights-live.yaml: @@ -5714,23 +5836,23 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5739,43 +5861,46 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + repository-credentials-password: + field: password + item: mirror.openshift.com + repository-credentials-username: + field: username + item: mirror.openshift.com ssh-privatekey: field: ssh-privatekey - item: openshift-ci-aws-credentials + item: gcp-openshift-gce-devel-ci ssh-publickey: field: ssh-publickey - item: openshift-ci-aws-credentials + item: gcp-openshift-gce-devel-ci + telemeter-token: + field: telemeter-token + item: telemeter to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-2 + name: cluster-secrets-osl-gcp namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5784,43 +5909,34 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-3 + name: cluster-secrets-packet namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org + - auth_field: auth + item: brew.registry.redhat.io-pull-secret + registry_url: brew.registry.redhat.io - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5829,43 +5945,31 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-4 + name: cluster-secrets-packet-assisted namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5874,16 +5978,10 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-5 + name: cluster-secrets-packet-sno namespace: ci - from: insights-live.yaml: @@ -5894,23 +5992,23 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5928,7 +6026,7 @@ secret_configs: to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-6 + name: cluster-secrets-powervs-1 namespace: ci - from: insights-live.yaml: @@ -5939,23 +6037,23 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -5973,7 +6071,7 @@ secret_configs: to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-7 + name: cluster-secrets-powervs-2 namespace: ci - from: insights-live.yaml: @@ -5984,23 +6082,23 @@ secret_configs: item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6018,61 +6116,34 @@ secret_configs: to: - cluster_groups: - non_app_ci - name: cluster-secrets-powervs-8 + name: cluster-secrets-powervs-3 namespace: ci - from: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-hypershift-powervs - namespace: ci -- from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6081,138 +6152,43 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-hypershift-powervs-cb - namespace: ci -- from: - hecToken: - field: hecToken - item: log-forwarder - to: - - cluster_groups: - - build_farm - name: splunk-receiver-token - namespace: log-forwarding - - cluster: hosted-mgmt - name: splunk-receiver-token - namespace: log-forwarding -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - to: - - cluster: build05 - name: registry-push-credentials-ci-central - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build05 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build05_reg_auth_value.txt - item: build_farm - registry_url: registry.build05.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - to: - - cluster: build05 - name: registry-pull-credentials - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build05 - name: registry-pull-credentials - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - - cluster: build05 - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - - cluster: build05 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build05.config - item: build_farm - sa.ci-operator.build05.token.txt: - field: sa.ci-operator.build05.token.txt - item: build_farm - to: - - cluster: build05 - name: ci-operator - namespace: test-credentials + - cluster_groups: + - non_app_ci + name: cluster-secrets-powervs-4 + namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6230,34 +6206,34 @@ secret_configs: to: - cluster_groups: - non_app_ci - name: cluster-secrets-nutanix + name: cluster-secrets-powervs-5 namespace: ci - from: - .awscred: - field: .awscred - item: openshift-ci-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6266,173 +6242,133 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-nutanix-qe - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-nutanix-qe-dis - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-nutanix-qe-zone - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-nutanix-qe-gpu - namespace: ci - - cluster_groups: - - non_app_ci - name: cluster-secrets-nutanix-qe-flow - namespace: ci -- from: - api-token: - field: api-token - item: snyk-credentials - to: - - cluster_groups: - - build_farm - name: snyk-credentials - namespace: test-credentials -- from: - content: - field: content - item: cloudfront-app-ci-internal-registry-private-key - to: - - cluster: app.ci - name: cloudfront-app-ci-internal-registry-private-key - namespace: openshift-image-registry -- from: - content: - field: content - item: cloudfront-buildfarm-internal-registry-private-key - to: - - cluster_groups: - - non_app_ci - name: cloudfront-buildfarm-internal-registry-private-key - namespace: openshift-image-registry -- from: - AWS_ACCESS_KEY_ID: - field: AWS_ACCESS_KEY_ID - item: quayio-pull-through-cache-user - AWS_SECRET_ACCESS_KEY: - field: AWS_SECRET_ACCESS_KEY - item: quayio-pull-through-cache-user - to: - - cluster: app.ci - name: quayio-pull-through-cache-credentials - namespace: ci -- from: - R2_ACCESS_KEY_ID: - field: R2_ACCESS_KEY_ID - item: quayio-pull-through-cache-r2-user - R2_SECRET_ACCESS_KEY: - field: R2_SECRET_ACCESS_KEY - item: quayio-pull-through-cache-r2-user - R2_SECRET_REGIONENDPOINT: - field: R2_SECRET_REGIONENDPOINT - item: quayio-pull-through-cache-r2-user - to: - - cluster: app.ci - name: quayio-pull-through-cache-r2-credentials - namespace: ci -- from: - credentials.json: - field: credentials.json - item: gcs-quayio-pull-through-cache-service-account - to: - - cluster: app.ci - name: gcs-sa-quayio-pull-through-cache + name: cluster-secrets-powervs-6 namespace: ci - from: - .dockerconfigjson: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: dockerconfigJSON: - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - auth_field: auth - item: brew.registry.redhat.io-pull-secret - registry_url: brew.registry.redhat.io + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth + email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - - cluster: app.ci - name: multi-arch-mirroring-secrets + - cluster_groups: + - non_app_ci + name: cluster-secrets-powervs-7 namespace: ci - type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + ops-mirror.pem: + field: cert-key.pem + item: mirror.openshift.com + pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - - auth_field: registry.redhat.io-auth - email_field: registry.redhat.io-email - item: build-farm-global-pull-secret - registry_url: brew.registry.redhat.io + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io + ssh-privatekey: + field: ssh-privatekey + item: openshift-ci-aws-credentials + ssh-publickey: + field: ssh-publickey + item: openshift-ci-aws-credentials to: - cluster_groups: - - osd_global_pull_secret - name: pull-secret - namespace: openshift-config -- from: - OPENSHIFT_MONITORING_CI_TOKEN: - field: sa.ci-monitoring.app.ci.token.txt - item: openshift-monitoring-credentials - OPENSHIFT_MONITORING_CI_TOKEN_ON_HOSTED_MGMT: - field: sa.ci-monitoring.hosted-mgmt.token.txt - item: openshift-monitoring-credentials - to: - - cluster: app.ci - name: external-credentials - namespace: ci-grafana + - non_app_ci + name: cluster-secrets-powervs-8 + namespace: ci - from: + .awscred: + field: .awscred + item: openshift-ci-aws-credentials insights-live.yaml: field: insights-live.yaml item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6447,37 +6383,37 @@ secret_configs: ssh-publickey: field: ssh-publickey item: openshift-ci-aws-credentials + vmc.secret.auto.tfvars: + field: vmc.secret.auto.tfvars + item: vsphere-credentials to: - cluster_groups: - non_app_ci - name: cluster-secrets-aws-virtualization + name: cluster-secrets-vsphere namespace: ci - from: - insights-live.yaml: - field: insights-live.yaml - item: insights-ci-account - ops-mirror.pem: - field: cert-key.pem - item: mirror.openshift.com pull-secret: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: cloud.openshift.com-pull-secret registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + item: quay.io/multi-arch + registry_url: quay.io/multi-arch - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: registry.connect.redhat.com-pull-secret @@ -6486,552 +6422,830 @@ secret_configs: email_field: email item: registry.redhat.io-pull-secret registry_url: registry.redhat.io - repository-credentials-password: - field: password - item: mirror.openshift.com - repository-credentials-username: - field: username - item: mirror.openshift.com - ssh-privatekey: - field: ssh-privatekey - item: gcp-openshift-gce-devel-ci - ssh-publickey: - field: ssh-publickey - item: gcp-openshift-gce-devel-ci - telemeter-token: - field: telemeter-token - item: telemeter to: - cluster_groups: - non_app_ci - name: cluster-secrets-gcp-virtualization + name: cluster-secrets-vsphere-qe namespace: ci - from: - pull-secret: + kubeconfig: + field: sa.clusterpool-manager.hosted-mgmt.config + item: build_farm + sa.clusterpool-manager.hosted-mgmt.token.txt: + field: sa.clusterpool-manager.hosted-mgmt.token.txt + item: build_farm + to: + - cluster_groups: + - non_app_ci + name: clusterpool-manager-credentials + namespace: ci +- from: + kubeconfig: + field: sa.hive.hosted-mgmt.config + item: build_farm + sa.hive.hosted-mgmt.token.txt: + field: sa.hive.hosted-mgmt.token.txt + item: build_farm + to: + - cluster_groups: + - non_app_ci + name: hive-hive-credentials + namespace: ci + - cluster_groups: + - non_app_ci + name: hive-hive-credentials + namespace: test-credentials +- from: + .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + - auth_field: token_image-pusher_build01_reg_auth_value.txt item: build_farm - registry_url: registry.ci.openshift.org + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + to: + - cluster: build01 + name: manifest-tool-local-pusher + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build01 + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + kubeconfig: + field: sa.promotion-quay-tagger.app.ci.config + item: build_farm + sa.promotion-quay-tagger.app.ci.config: + field: sa.promotion-quay-tagger.app.ci.config + item: build_farm + sa.promotion-quay-tagger.app.ci.token.txt: + field: sa.promotion-quay-tagger.app.ci.token.txt + item: build_farm + to: + - cluster_groups: + - non_app_ci + name: promotion-quay-tagger-kubeconfig + namespace: ci +- from: + token: + field: redhat-developer-service-binding-operator + item: codecov-tokens + to: + - cluster: build01 + name: redhat-developer-service-binding-operator-codecov-token + namespace: ci + - cluster: build04 + name: redhat-developer-service-binding-operator-codecov-token + namespace: ci +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: build01 + name: registry-pull-credentials + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build01 + name: registry-pull-credentials + namespace: test-credentials + type: kubernetes.io/dockerconfigjson + - cluster: build01 + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson + - cluster: build01 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build01_reg_auth_value.txt + item: build_farm + registry_url: registry.build01.ci.openshift.org + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: build01 + name: registry-push-credentials-ci-central + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build01 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + access_key_id: + field: access_key_id + item: net-observ-loki-build01-credentials + access_key_secret: + field: access_key_secret + item: net-observ-loki-build01-credentials + bucketnames: + field: bucketnames + item: net-observ-loki-build01-credentials + endpoint: + field: endpoint + item: net-observ-loki-build01-credentials + region: + field: region + item: net-observ-loki-build01-credentials + to: + - cluster: build01 + name: loki-s3 + namespace: netobserv +- from: + clientSecret: + field: build01-secret + item: dex + to: + - cluster: build01 + name: dex-rh-sso + namespace: openshift-config +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: registry.redhat.io-auth + email_field: registry.redhat.io-email + item: build-farm-global-pull-secret + registry_url: brew.registry.redhat.io + - auth_field: cloud.openshift.com-auth + email_field: cloud.openshift.com-email + item: build-farm-global-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: quay.io-auth + email_field: quay.io-email + item: build-farm-global-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: registry.connect.redhat.com-auth + email_field: registry.connect.redhat.com-email + item: build-farm-global-pull-secret registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - ssh-privatekey: - field: ssh-privatekey - item: openshift-ci-aws-credentials - ssh-publickey: - field: ssh-publickey - item: openshift-ci-aws-credentials + - auth_field: registry.redhat.io-auth + email_field: registry.redhat.io-email + item: build-farm-global-pull-secret + registry_url: registry.redhat.io to: - cluster_groups: - - non_app_ci - name: cluster-secrets-azure-virtualization - namespace: ci + - openshift_config_pull_secret + name: pull-secret + namespace: openshift-config + type: kubernetes.io/dockerconfigjson - from: - quay_io_password: - field: quay_io_password - item: quay-io-pull-credentials - quay_io_username: - field: quay_io_username - item: quay-io-pull-credentials + content: + field: content + item: cloudfront-buildfarm-internal-registry-private-key to: - - cluster: app.ci - name: quay-io-pull-credentials - namespace: ci + - cluster_groups: + - non_app_ci + name: cloudfront-buildfarm-internal-registry-private-key + namespace: openshift-image-registry - from: - sa.ci-images-mirror.app.ci.config: - field: sa.ci-images-mirror.app.ci.config + kubeconfig: + field: sa.ci-operator.build01.config item: build_farm - sa.ci-images-mirror.app.ci.token.txt: - field: sa.ci-images-mirror.app.ci.token.txt + sa.ci-operator.build01.token.txt: + field: sa.ci-operator.build01.token.txt item: build_farm to: - - cluster: app.ci - name: ci-images-mirror - namespace: ci + - cluster: build01 + name: ci-operator + namespace: test-credentials +- from: + insights-live.yaml: + field: insights-live.yaml + item: insights-ci-account + to: + - cluster_groups: + - non_app_ci + name: insights-live + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + - auth_field: token_image-pusher_build02_reg_auth_value.txt item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + to: + - cluster: build02 + name: manifest-tool-local-pusher + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build02 + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-pusher_build02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.apps.build02.vmc.ci.openshift.org + registry_url: quay.io - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: vsphere02 - name: registry-push-credentials-ci-central + - cluster: build02 + name: multi-arch-builder-controller-build02-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: vsphere02 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + - auth_field: token_image-puller_build02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + - auth_field: token_image-puller_build02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_vsphere02_reg_auth_value.txt - item: build_farm - registry_url: registry.apps.build02.vmc.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: vsphere02 + - cluster: build02 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: vsphere02 + - cluster: build02 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: vsphere02 + - cluster: build02 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.vsphere02.config - item: build_farm - sa.ci-operator.vsphere02.token.txt: - field: sa.ci-operator.vsphere02.token.txt - item: build_farm - to: - - cluster: vsphere02 - name: ci-operator - namespace: test-credentials + - cluster: build02 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build02_reg_auth_value.txt + item: build_farm + registry_url: registry.build02.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org to: - - cluster: app.ci - name: manifest-tool-local-pusher + - cluster: build02 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: app.ci - name: manifest-tool-local-pusher + - cluster: build02 + name: registry-push-credentials-ci-central namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-pusher_build01_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build01_reg_auth_value.txt - item: build_farm - registry_url: registry.build01.ci.openshift.org + clientSecret: + field: build02-secret + item: dex to: - - cluster: build01 - name: manifest-tool-local-pusher - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build01 - name: manifest-tool-local-pusher - namespace: test-credentials - type: kubernetes.io/dockerconfigjson + - cluster: build02 + name: dex-rh-sso + namespace: openshift-config - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-pusher_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.build02.ci.openshift.org + kubeconfig: + field: sa.ci-operator.build02.config + item: build_farm + sa.ci-operator.build02.token.txt: + field: sa.ci-operator.build02.token.txt + item: build_farm to: - cluster: build02 - name: manifest-tool-local-pusher - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build02 - name: manifest-tool-local-pusher + name: ci-operator namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build04_reg_auth_value.txt + - auth_field: token_image-pusher_build03_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build04_reg_auth_value.txt + - auth_field: token_image-pusher_build03_reg_auth_value.txt item: build_farm - registry_url: registry.build04.ci.openshift.org + registry_url: registry.build03.ci.openshift.org to: - - cluster: build04 + - cluster: build03 name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build04 + - cluster: build03 name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build05_reg_auth_value.txt + - auth_field: token_image-pusher_build03_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build05_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.build05.ci.openshift.org + registry_url: quay.io + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: build05 - name: manifest-tool-local-pusher + - cluster: build03 + name: multi-arch-builder-controller-build03-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build05 - name: manifest-tool-local-pusher - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build06_reg_auth_value.txt + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_build03_reg_auth_value.txt item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build06_reg_auth_value.txt + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm - registry_url: registry.build06.ci.openshift.org + registry_url: registry.ci.openshift.org to: - - cluster: build06 - name: manifest-tool-local-pusher + - cluster: build03 + name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build06 - name: manifest-tool-local-pusher + - cluster: build03 + name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson + - cluster: build03 + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson + - cluster: build03 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_vsphere02_reg_auth_value.txt + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build03_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build03_reg_auth_value.txt + item: build_farm + registry_url: registry.build03.ci.openshift.org + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: vsphere02 - name: manifest-tool-local-pusher + - cluster: build03 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: vsphere02 - name: manifest-tool-local-pusher + - cluster: build03 + name: registry-push-credentials-ci-central namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: - password: - field: password - item: quayio-ci-read-only-robot - username: - field: username - item: quayio-ci-read-only-robot + clientSecret: + field: build03-secret + item: dex to: - - cluster: app.ci - name: qci-robot-credentials - namespace: ci + - cluster: build03 + name: dex-rh-sso + namespace: openshift-config - from: - token: - field: token - item: qci-appci-credentials + kubeconfig: + field: sa.ci-operator.build03.config + item: build_farm + sa.ci-operator.build03.token.txt: + field: sa.ci-operator.build03.token.txt + item: build_farm to: - - cluster: app.ci - name: qci-appci-credentials - namespace: ci + - cluster: build03 + name: ci-operator + namespace: test-credentials - from: AWS_ACCESS_KEY_ID: field: AWS_ACCESS_KEY_ID - item: cloudflare-r2-bucket-pull-through-cache-us-east-1 - AWS_ENDPOINT_URL: - field: AWS_ENDPOINT_URL - item: cloudflare-r2-bucket-pull-through-cache-us-east-1 + item: aws_ci_infra_ci-build04-audit-logs-uploader AWS_SECRET_ACCESS_KEY: field: AWS_SECRET_ACCESS_KEY - item: cloudflare-r2-bucket-pull-through-cache-us-east-1 - to: - - cluster: app.ci - name: qci-pull-through-cache-credentials - namespace: ci -- from: - token: - field: token - item: qci-pruner-credentials - to: - - cluster: app.ci - name: qci-pruner-credentials - namespace: ci -- from: - bucket: - field: bucket - item: hypershift-oidc - credentials: - field: credentials - item: hypershift-oidc - region: - field: region - item: hypershift-oidc + item: aws_ci_infra_ci-build04-audit-logs-uploader to: - - cluster: hosted-mgmt - name: hypershift-operator-oidc-provider-s3-credentials - namespace: hypershift - - cluster: app.ci - name: hypershift-operator-oidc-provider-s3-credentials - namespace: ci + - cluster: build04 + name: aws-ci-infra-ci-build04-audit-logs-uploader-credentials + namespace: api-audit-log - from: .dockerconfigjson: - field: .dockerconfigjson - item: hive-global-pull-secret - to: - - cluster: hosted-mgmt - name: global-pull-secret - namespace: hive -- from: - aws_access_key_id: - field: aws_access_key_id - item: openshift-ci-audit-credentials - aws_secret_access_key: - field: aws_secret_access_key - item: openshift-ci-audit-credentials - to: - - cluster_groups: - - managed_clusters - name: cloudwatch-receiver-token - namespace: log-forwarding -- from: - access_key_id: - field: access_key_id - item: net-observ-loki-build01-credentials - access_key_secret: - field: access_key_secret - item: net-observ-loki-build01-credentials - bucketnames: - field: bucketnames - item: net-observ-loki-build01-credentials - endpoint: - field: endpoint - item: net-observ-loki-build01-credentials - region: - field: region - item: net-observ-loki-build01-credentials - to: - - cluster: build01 - name: loki-s3 - namespace: netobserv -- from: - api-key: - field: api-key - item: cloudability - to: - - cluster_groups: - - managed_clusters - name: cloudability-api-key - namespace: cloudability -- from: - sa.cluster-init.build01.config: - field: sa.cluster-init.build01.config - item: build_farm - sa.cluster-init.build01.token.txt: - field: sa.cluster-init.build01.token.txt - item: build_farm - sa.cluster-init.build02.config: - field: sa.cluster-init.build02.config - item: build_farm - sa.cluster-init.build02.token.txt: - field: sa.cluster-init.build02.token.txt - item: build_farm - sa.cluster-init.build03.config: - field: sa.cluster-init.build03.config - item: build_farm - sa.cluster-init.build03.token.txt: - field: sa.cluster-init.build03.token.txt - item: build_farm - sa.cluster-init.build04.config: - field: sa.cluster-init.build04.config - item: build_farm - sa.cluster-init.build04.token.txt: - field: sa.cluster-init.build04.token.txt - item: build_farm - sa.cluster-init.build05.config: - field: sa.cluster-init.build05.config - item: build_farm - sa.cluster-init.build05.token.txt: - field: sa.cluster-init.build05.token.txt - item: build_farm - sa.cluster-init.build06.config: - field: sa.cluster-init.build06.config - item: build_farm - sa.cluster-init.build06.token.txt: - field: sa.cluster-init.build06.token.txt - item: build_farm - sa.cluster-init.build07.config: - field: sa.cluster-init.build07.config - item: build_farm - sa.cluster-init.build07.token.txt: - field: sa.cluster-init.build07.token.txt - item: build_farm - sa.cluster-init.build08.config: - field: sa.cluster-init.build08.config - item: build_farm - sa.cluster-init.build08.token.txt: - field: sa.cluster-init.build08.token.txt - item: build_farm - sa.cluster-init.build09.config: - field: sa.cluster-init.build09.config - item: build_farm - sa.cluster-init.build09.token.txt: - field: sa.cluster-init.build09.token.txt - item: build_farm - sa.cluster-init.build10.config: - field: sa.cluster-init.build10.config - item: build_farm - sa.cluster-init.build10.token.txt: - field: sa.cluster-init.build10.token.txt - item: build_farm - sa.cluster-init.build11.config: - field: sa.cluster-init.build11.config - item: build_farm - sa.cluster-init.build11.token.txt: - field: sa.cluster-init.build11.token.txt - item: build_farm - sa.cluster-init.core-ci.config: - field: sa.cluster-init.core-ci.config - item: build_farm - sa.cluster-init.core-ci.token.txt: - field: sa.cluster-init.core-ci.token.txt - item: build_farm - sa.cluster-init.vsphere02.config: - field: sa.cluster-init.vsphere02.config - item: build_farm - sa.cluster-init.vsphere02.token.txt: - field: sa.cluster-init.vsphere02.token.txt - item: build_farm + dockerconfigJSON: + - auth_field: token_image-pusher_build04_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org to: - - cluster_groups: - - build_farm - name: cluster-init + - cluster: build04 + name: manifest-tool-local-pusher namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build04 + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: - pull-secret: + .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + - auth_field: token_image-puller_build04_reg_auth_value.txt item: build_farm - registry_url: registry.ci.openshift.org + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - auth_field: auth - item: quay.io/multi-arch - registry_url: quay.io/multi-arch + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: build04 + name: registry-pull-credentials + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build04 + name: registry-pull-credentials + namespace: test-credentials + type: kubernetes.io/dockerconfigjson + - cluster: build04 + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson + - cluster: build04 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 - auth_field: auth item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build04_reg_auth_value.txt + item: build_farm + registry_url: registry.build04.ci.openshift.org + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster: build04 + name: registry-push-credentials-ci-central + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build04 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + clientSecret: + field: build04-secret + item: dex + to: + - cluster: build04 + name: dex-rh-sso + namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build04.config + item: build_farm + sa.ci-operator.build04.token.txt: + field: sa.ci-operator.build04.token.txt + item: build_farm + to: + - cluster: build04 + name: ci-operator + namespace: test-credentials +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-pusher_build05_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + to: + - cluster: build05 + name: manifest-tool-local-pusher + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build05 + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org - auth_field: auth email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_build05_reg_auth_value.txt + item: build_farm + registry_url: registry.build05.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-vsphere-qe + - cluster: build05 + name: registry-pull-credentials namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build05 + name: registry-pull-credentials + namespace: test-credentials + type: kubernetes.io/dockerconfigjson + - cluster: build05 + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson + - cluster: build05 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build06_reg_auth_value.txt + - auth_field: token_image-puller_build05_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build06_reg_auth_value.txt + - auth_field: token_image-puller_build05_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build06_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build05_reg_auth_value.txt item: build_farm - registry_url: registry.build06.ci.openshift.org + registry_url: registry.build05.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org + to: + - cluster: build05 + name: registry-push-credentials-ci-central + namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build05 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: registry.redhat.io-auth + email_field: registry.redhat.io-email + item: build-farm-global-pull-secret + registry_url: brew.registry.redhat.io - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + to: + - cluster_groups: + - osd_global_pull_secret + name: pull-secret + namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build05.config + item: build_farm + sa.ci-operator.build05.token.txt: + field: sa.ci-operator.build05.token.txt + item: build_farm + to: + - cluster: build05 + name: ci-operator + namespace: test-credentials +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-pusher_build06_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org to: - cluster: build06 - name: registry-push-credentials-ci-central + name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - cluster: build06 - name: registry-push-credentials-ci-central + name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-pusher_build06_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt + item: build_farm + registry_url: quay.io + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + to: + - cluster: build06 + name: multi-arch-builder-controller-build06-registry-credentials + namespace: ci + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: @@ -7041,28 +7255,28 @@ secret_configs: - auth_field: token_image-puller_build06_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build06_reg_auth_value.txt - item: build_farm - registry_url: registry.build06.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: registry.build06.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - cluster: build06 name: registry-pull-credentials @@ -7080,51 +7294,36 @@ secret_configs: name: registry-pull-credentials namespace: ocp type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build06.config - item: build_farm - sa.ci-operator.build06.token.txt: - field: sa.ci-operator.build06.token.txt - item: build_farm - to: - - cluster: build06 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build06_reg_auth_value.txt + - auth_field: token_image-puller_build06_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build06_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build06_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build06_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.build06.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io to: - cluster: build06 - name: multi-arch-builder-controller-build06-registry-credentials + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson -- from: - build06-id: - field: build06-id - item: dex - build06-secret: - field: build06-secret - item: dex - to: - - cluster: app.ci - name: build06-secret - namespace: dex - - cluster: app.ci - name: build06-dex-oidc - namespace: ci + - cluster: build06 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: field: build06-secret @@ -7134,566 +7333,418 @@ secret_configs: name: dex-rh-sso namespace: openshift-config - from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-rhoai-qe - namespace: ci -- from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + kubeconfig: + field: sa.ci-operator.build06.config + item: build_farm + sa.ci-operator.build06.token.txt: + field: sa.ci-operator.build06.token.txt + item: build_farm to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-managed-rosa-rhoai-qe - namespace: ci + - cluster: build06 + name: ci-operator + namespace: test-credentials - from: - pull-secret: + .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + - auth_field: token_image-pusher_build07_reg_auth_value.txt item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io - to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-aws-managed-osd-rhoai-qe - namespace: ci -- from: - pull-secret: - dockerconfigJSON: - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: token_image-pusher_build07_reg_auth_value.txt item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: cloud.openshift.com-pull-secret - registry_url: cloud.openshift.com - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/ci - - auth_field: auth - email_field: email - item: registry.connect.redhat.com-pull-secret - registry_url: registry.connect.redhat.com - - auth_field: auth - email_field: email - item: registry.redhat.io-pull-secret - registry_url: registry.redhat.io + registry_url: registry.build07.ci.openshift.org to: - - cluster_groups: - - non_app_ci - name: cluster-secrets-ibmcloud-rhoai-qe + - cluster: build07 + name: manifest-tool-local-pusher namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build07 + name: manifest-tool-local-pusher + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build11_reg_auth_value.txt + - auth_field: token_image-pusher_build07_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build11_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.build11.ci.openshift.org + registry_url: quay.io - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: build11 - name: registry-push-credentials-ci-central + - cluster: build07 + name: multi-arch-builder-controller-build07-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build11 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build11_reg_auth_value.txt + - auth_field: token_image-puller_build07_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build11_reg_auth_value.txt - item: build_farm - registry_url: registry.build11.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt + - auth_field: token_image-puller_build07_reg_auth_value.txt item: build_farm - registry_url: registry.ci.openshift.org + registry_url: image-registry.openshift-image-registry.svc:5000 - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: registry.build07.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: build11 + - cluster: build07 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build11 + - cluster: build07 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build11 + - cluster: build07 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson - - cluster: build11 + - cluster: build07 name: registry-pull-credentials namespace: ocp type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build11.config - item: build_farm - sa.ci-operator.build11.token.txt: - field: sa.ci-operator.build11.token.txt - item: build_farm - to: - - cluster: build11 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build11_reg_auth_value.txt + - auth_field: token_image-puller_build07_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build07_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build11_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build07_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.build07.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io to: - - cluster: build11 - name: multi-arch-builder-controller-build11-registry-credentials + - cluster: build07 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson -- from: - build11-id: - field: build11-id - item: dex - build11-secret: - field: build11-secret - item: dex - to: - - cluster: app.ci - name: build11-secret - namespace: dex - - cluster: app.ci - name: build11-dex-oidc - namespace: ci + - cluster: build07 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: - field: build11-secret + field: build07-secret item: dex to: - - cluster: build11 + - cluster: build07 name: dex-rh-sso namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build07.config + item: build_farm + sa.ci-operator.build07.token.txt: + field: sa.ci-operator.build07.token.txt + item: build_farm + to: + - cluster: build07 + name: ci-operator + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build11_reg_auth_value.txt + - auth_field: token_image-pusher_build08_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build11_reg_auth_value.txt + - auth_field: token_image-pusher_build08_reg_auth_value.txt item: build_farm - registry_url: registry.build11.ci.openshift.org + registry_url: registry.build08.ci.openshift.org to: - - cluster: build11 + - cluster: build08 name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build11 + - cluster: build08 name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build07_reg_auth_value.txt + - auth_field: token_image-pusher_build08_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build08_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: build07 - name: registry-push-credentials-ci-central + - cluster: build08 + name: multi-arch-builder-controller-build08-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build07 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build07_reg_auth_value.txt + - auth_field: token_image-puller_build08_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build07_reg_auth_value.txt + - auth_field: token_image-puller_build08_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build07_reg_auth_value.txt - item: build_farm - registry_url: registry.build07.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build08_reg_auth_value.txt + item: build_farm + registry_url: registry.build08.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: build07 + - cluster: build08 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build07 + - cluster: build08 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build07 + - cluster: build08 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson - - cluster: build07 + - cluster: build08 name: registry-pull-credentials namespace: ocp type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build07.config - item: build_farm - sa.ci-operator.build07.token.txt: - field: sa.ci-operator.build07.token.txt - item: build_farm - to: - - cluster: build07 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build07_reg_auth_value.txt + - auth_field: token_image-puller_build08_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build08_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build07_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build08_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.build08.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io to: - - cluster: build07 - name: multi-arch-builder-controller-build07-registry-credentials + - cluster: build08 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson -- from: - build07-id: - field: build07-id - item: dex - build07-secret: - field: build07-secret - item: dex - to: - - cluster: app.ci - name: build07-secret - namespace: dex - - cluster: app.ci - name: build07-dex-oidc - namespace: ci + - cluster: build08 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: - field: build07-secret + field: build08-secret item: dex to: - - cluster: build07 + - cluster: build08 name: dex-rh-sso namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build08.config + item: build_farm + sa.ci-operator.build08.token.txt: + field: sa.ci-operator.build08.token.txt + item: build_farm + to: + - cluster: build08 + name: ci-operator + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build07_reg_auth_value.txt + - auth_field: token_image-pusher_build09_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build07_reg_auth_value.txt + - auth_field: token_image-pusher_build09_reg_auth_value.txt item: build_farm - registry_url: registry.build07.ci.openshift.org + registry_url: registry.build09.ci.openshift.org to: - - cluster: build07 + - cluster: build09 name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build07 + - cluster: build09 name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build10_reg_auth_value.txt + - auth_field: token_image-pusher_build09_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build10_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.build10.ci.openshift.org + registry_url: quay.io - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: build10 - name: registry-push-credentials-ci-central + - cluster: build09 + name: multi-arch-builder-controller-build09-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build10 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build10_reg_auth_value.txt + - auth_field: token_image-puller_build09_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build10_reg_auth_value.txt + - auth_field: token_image-puller_build09_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build10_reg_auth_value.txt - item: build_farm - registry_url: registry.build10.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: registry.build09.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: build10 + - cluster: build09 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build10 + - cluster: build09 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build10 + - cluster: build09 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson - - cluster: build10 + - cluster: build09 name: registry-pull-credentials namespace: ocp type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build10.config - item: build_farm - sa.ci-operator.build10.token.txt: - field: sa.ci-operator.build10.token.txt - item: build_farm - to: - - cluster: build10 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build10_reg_auth_value.txt + - auth_field: token_image-puller_build09_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build09_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build10_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build09_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.build09.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io to: - - cluster: build10 - name: multi-arch-builder-controller-build10-registry-credentials + - cluster: build09 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson -- from: - build10-id: - field: build10-id - item: dex - build10-secret: - field: build10-secret - item: dex - to: - - cluster: app.ci - name: build10-secret - namespace: dex - - cluster: app.ci - name: build10-dex-oidc - namespace: ci + - cluster: build09 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: - field: build10-secret + field: build09-secret item: dex to: - - cluster: build10 + - cluster: build09 name: dex-rh-sso namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build09.config + item: build_farm + sa.ci-operator.build09.token.txt: + field: sa.ci-operator.build09.token.txt + item: build_farm + to: + - cluster: build09 + name: ci-operator + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: @@ -7715,611 +7766,546 @@ secret_configs: - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_core-ci_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_core-ci_reg_auth_value.txt + - auth_field: token_image-pusher_build10_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_core-ci_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.master.ci.openshift.org + registry_url: quay.io - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: core-ci - name: registry-push-credentials-ci-central + - cluster: build10 + name: multi-arch-builder-controller-build10-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: core-ci - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_core-ci_reg_auth_value.txt + - auth_field: token_image-puller_build10_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_core-ci_reg_auth_value.txt + - auth_field: token_image-puller_build10_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_core-ci_reg_auth_value.txt - item: build_farm - registry_url: registry.master.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: core-ci + - cluster: build10 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: core-ci + - cluster: build10 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: core-ci + - cluster: build10 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson + - cluster: build10 + name: registry-pull-credentials + namespace: ocp + type: kubernetes.io/dockerconfigjson - from: - kubeconfig: - field: sa.ci-operator.core-ci.config - item: build_farm - sa.ci-operator.core-ci.token.txt: - field: sa.ci-operator.core-ci.token.txt - item: build_farm - to: - - cluster: core-ci - name: ci-operator - namespace: test-credentials -- from: - core-ci-id: - field: core-ci-id - item: dex - core-ci-secret: - field: core-ci-secret - item: dex + .dockerconfigjson: + dockerconfigJSON: + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc:5000 + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build10_reg_auth_value.txt + item: build_farm + registry_url: registry.build10.ci.openshift.org + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: app.ci - name: core-ci-secret - namespace: dex - - cluster: app.ci - name: core-ci-dex-oidc + - cluster: build10 + name: registry-push-credentials-ci-central namespace: ci + type: kubernetes.io/dockerconfigjson + - cluster: build10 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: - field: core-ci-secret + field: build10-secret item: dex to: - - cluster: core-ci + - cluster: build10 name: dex-rh-sso namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build10.config + item: build_farm + sa.ci-operator.build10.token.txt: + field: sa.ci-operator.build10.token.txt + item: build_farm + to: + - cluster: build10 + name: ci-operator + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_core-ci_reg_auth_value.txt + - auth_field: token_image-pusher_build11_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_core-ci_reg_auth_value.txt + - auth_field: token_image-pusher_build11_reg_auth_value.txt item: build_farm - registry_url: registry.master.ci.openshift.org + registry_url: registry.build11.ci.openshift.org to: - - cluster: core-ci + - cluster: build11 name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: core-ci + - cluster: build11 name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build03_reg_auth_value.txt + - auth_field: token_image-pusher_build11_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build03_reg_auth_value.txt + - auth_field: token_image-pusher_quay.io_reg_auth_value.txt item: build_farm - registry_url: registry.build03.ci.openshift.org + registry_url: quay.io - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org + - auth_field: token_multi-arch-builder-controller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.multi-build01.arm-build.devcluster.openshift.com to: - - cluster: build03 - name: registry-push-credentials-ci-central + - cluster: build11 + name: multi-arch-builder-controller-build11-registry-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build03 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build03_reg_auth_value.txt + - auth_field: token_image-puller_build11_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build03_reg_auth_value.txt + - auth_field: token_image-puller_build11_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build03_reg_auth_value.txt - item: build_farm - registry_url: registry.build03.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: registry.build11.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: build03 + - cluster: build11 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build03 + - cluster: build11 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build03 + - cluster: build11 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson - - cluster: build03 + - cluster: build11 name: registry-pull-credentials namespace: ocp type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build03.config - item: build_farm - sa.ci-operator.build03.token.txt: - field: sa.ci-operator.build03.token.txt - item: build_farm - to: - - cluster: build03 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build03_reg_auth_value.txt + - auth_field: token_image-puller_build11_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_build11_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build03_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_build11_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.build11.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io to: - - cluster: build03 - name: multi-arch-builder-controller-build03-registry-credentials + - cluster: build11 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson -- from: - build03-id: - field: build03-id - item: dex - build03-secret: - field: build03-secret - item: dex - to: - - cluster: app.ci - name: build03-secret - namespace: dex - - cluster: app.ci - name: build03-dex-oidc - namespace: ci + - cluster: build11 + name: registry-push-credentials-ci-central + namespace: test-credentials + type: kubernetes.io/dockerconfigjson - from: clientSecret: - field: build03-secret + field: build11-secret item: dex to: - - cluster: build03 + - cluster: build11 name: dex-rh-sso namespace: openshift-config +- from: + kubeconfig: + field: sa.ci-operator.build11.config + item: build_farm + sa.ci-operator.build11.token.txt: + field: sa.ci-operator.build11.token.txt + item: build_farm + to: + - cluster: build11 + name: ci-operator + namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build03_reg_auth_value.txt + - auth_field: token_image-pusher_core-ci_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build03_reg_auth_value.txt + - auth_field: token_image-pusher_core-ci_reg_auth_value.txt item: build_farm - registry_url: registry.build03.ci.openshift.org + registry_url: registry.master.ci.openshift.org to: - - cluster: build03 + - cluster: core-ci name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build03 + - cluster: core-ci name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build09_reg_auth_value.txt + - auth_field: token_image-puller_core-ci_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build09_reg_auth_value.txt + - auth_field: token_image-puller_core-ci_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/network-edge-testing + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: token_image-puller_core-ci_reg_auth_value.txt + item: build_farm + registry_url: registry.master.ci.openshift.org to: - - cluster: build09 - name: registry-push-credentials-ci-central + - cluster: core-ci + name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build09 - name: registry-push-credentials-ci-central + - cluster: core-ci + name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson + - cluster: core-ci + name: registry-pull-credentials + namespace: keel + type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-puller_build09_reg_auth_value.txt + - auth_field: token_image-puller_core-ci_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build09_reg_auth_value.txt + - auth_field: token_image-puller_core-ci_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: auth - email_field: email - item: quay.io-pull-secret - registry_url: quay.io - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org - auth_field: auth - item: quayio-ci-read-only-robot + item: quay-io-push-credentials registry_url: quay.io/openshift/ci - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org + - auth_field: token_image-puller_core-ci_reg_auth_value.txt + item: build_farm + registry_url: registry.master.ci.openshift.org to: - - cluster: build09 - name: registry-pull-credentials + - cluster: core-ci + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build09 - name: registry-pull-credentials + - cluster: core-ci + name: registry-push-credentials-ci-central namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build09 - name: registry-pull-credentials - namespace: keel - type: kubernetes.io/dockerconfigjson - - cluster: build09 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson +- from: + clientSecret: + field: core-ci-secret + item: dex + to: + - cluster: core-ci + name: dex-rh-sso + namespace: openshift-config - from: kubeconfig: - field: sa.ci-operator.build09.config + field: sa.ci-operator.core-ci.config item: build_farm - sa.ci-operator.build09.token.txt: - field: sa.ci-operator.build09.token.txt + sa.ci-operator.core-ci.token.txt: + field: sa.ci-operator.core-ci.token.txt item: build_farm to: - - cluster: build09 + - cluster: core-ci name: ci-operator namespace: test-credentials - from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-pusher_build09_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt + aws_access_key_id: + field: aws_access_key_id + item: openshift-ci-pools-hive + aws_secret_access_key: + field: aws_secret_access_key + item: openshift-ci-pools-hive + to: + - cluster: hosted-mgmt + name: hive-aws-credentials + namespace: ci-cluster-pool + - cluster: hosted-mgmt + name: hive-aws-credentials + namespace: fake-cluster-pool +- from: + .dockerconfigjson: + dockerconfigJSON: + - auth_field: auth + email_field: email + item: cloud.openshift.com-pull-secret + registry_url: cloud.openshift.com + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + email_field: email + item: quay.io-pull-secret + registry_url: quay.io + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io + - auth_field: auth + email_field: email + item: registry.connect.redhat.com-pull-secret + registry_url: registry.connect.redhat.com + - auth_field: auth + email_field: email + item: registry.redhat.io-pull-secret + registry_url: registry.redhat.io to: - - cluster: build09 - name: multi-arch-builder-controller-build09-registry-credentials - namespace: ci + - cluster: hosted-mgmt + name: pull-secret + namespace: ci-cluster-pool type: kubernetes.io/dockerconfigjson - from: - build09-id: - field: build09-id - item: dex - build09-secret: - field: build09-secret - item: dex + .dockerconfigjson: + field: .dockerconfigjson + item: hive-global-pull-secret to: + - cluster: hosted-mgmt + name: global-pull-secret + namespace: hive +- from: + bucket: + field: bucket + item: hypershift-oidc + credentials: + field: credentials + item: hypershift-oidc + region: + field: region + item: hypershift-oidc + to: + - cluster: hosted-mgmt + name: hypershift-operator-oidc-provider-s3-credentials + namespace: hypershift - cluster: app.ci - name: build09-secret - namespace: dex - - cluster: app.ci - name: build09-dex-oidc + name: hypershift-operator-oidc-provider-s3-credentials namespace: ci - from: clientSecret: - field: build09-secret + field: hosted-mgmt-secret item: dex to: - - cluster: build09 + - cluster: hosted-mgmt name: dex-rh-sso namespace: openshift-config - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build09_reg_auth_value.txt + - auth_field: token_image-pusher_vsphere02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build09_reg_auth_value.txt - item: build_farm - registry_url: registry.build09.ci.openshift.org to: - - cluster: build09 + - cluster: vsphere02 name: manifest-tool-local-pusher namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build09 + - cluster: vsphere02 name: manifest-tool-local-pusher namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build02_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build02_reg_auth_value.txt - item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - - auth_field: token_image-pusher_quay.io_reg_auth_value.txt - item: build_farm - registry_url: quay.io - to: - - cluster: build02 - name: multi-arch-builder-controller-build02-registry-credentials - namespace: ci - type: kubernetes.io/dockerconfigjson -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_build08_reg_auth_value.txt + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build08_reg_auth_value.txt + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build08_reg_auth_value.txt - item: build_farm - registry_url: registry.build08.ci.openshift.org - - auth_field: token_image-pusher_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth - item: quay-io-push-credentials - registry_url: quay.io/openshift/ci + item: quayio-ci-read-only-robot + registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay-proxy.ci.openshift.org - to: - - cluster: build08 - name: registry-push-credentials-ci-central - namespace: ci - type: kubernetes.io/dockerconfigjson - - cluster: build08 - name: registry-push-credentials-ci-central - namespace: test-credentials - type: kubernetes.io/dockerconfigjson -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-puller_build08_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 - - auth_field: token_image-puller_build08_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-puller_build08_reg_auth_value.txt - item: build_farm - registry_url: registry.build08.ci.openshift.org - - auth_field: token_image-puller_app.ci_reg_auth_value.txt - item: build_farm - registry_url: registry.ci.openshift.org - auth_field: auth email_field: email item: quay.io-pull-secret registry_url: quay.io - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: quay-proxy.ci.openshift.org - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/ci - auth_field: auth item: quayio-ci-read-only-robot registry_url: quay.io/openshift/network-edge-testing - - auth_field: auth - item: quayio-ci-read-only-robot - registry_url: qci-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + item: build_farm + registry_url: registry.apps.build02.vmc.ci.openshift.org + - auth_field: token_image-puller_app.ci_reg_auth_value.txt + item: build_farm + registry_url: registry.ci.openshift.org to: - - cluster: build08 + - cluster: vsphere02 name: registry-pull-credentials namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build08 + - cluster: vsphere02 name: registry-pull-credentials namespace: test-credentials type: kubernetes.io/dockerconfigjson - - cluster: build08 + - cluster: vsphere02 name: registry-pull-credentials namespace: keel type: kubernetes.io/dockerconfigjson - - cluster: build08 - name: registry-pull-credentials - namespace: ocp - type: kubernetes.io/dockerconfigjson -- from: - kubeconfig: - field: sa.ci-operator.build08.config - item: build_farm - sa.ci-operator.build08.token.txt: - field: sa.ci-operator.build08.token.txt - item: build_farm - to: - - cluster: build08 - name: ci-operator - namespace: test-credentials - from: .dockerconfigjson: dockerconfigJSON: - - auth_field: token_image-pusher_build08_reg_auth_value.txt + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt + item: build_farm + registry_url: image-registry.openshift-image-registry.svc.cluster.local:5000 + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt item: build_farm registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_multi-arch-builder-controller_build08_reg_auth_value.txt + - auth_field: auth + item: quayio-ci-read-only-robot + registry_url: quay-proxy.ci.openshift.org + - auth_field: auth + item: quay-io-push-credentials + registry_url: quay.io/openshift/ci + - auth_field: token_image-puller_vsphere02_reg_auth_value.txt item: build_farm - registry_url: registry.multi-build01.arm-build.devcluster.openshift.com + registry_url: registry.apps.build02.vmc.ci.openshift.org - auth_field: token_image-pusher_app.ci_reg_auth_value.txt item: build_farm registry_url: registry.ci.openshift.org to: - - cluster: build08 - name: multi-arch-builder-controller-build08-registry-credentials - namespace: ci - type: kubernetes.io/dockerconfigjson -- from: - build08-id: - field: build08-id - item: dex - build08-secret: - field: build08-secret - item: dex - to: - - cluster: app.ci - name: build08-secret - namespace: dex - - cluster: app.ci - name: build08-dex-oidc - namespace: ci -- from: - clientSecret: - field: build08-secret - item: dex - to: - - cluster: build08 - name: dex-rh-sso - namespace: openshift-config -- from: - .dockerconfigjson: - dockerconfigJSON: - - auth_field: token_image-pusher_build08_reg_auth_value.txt - item: build_farm - registry_url: image-registry.openshift-image-registry.svc:5000 - - auth_field: token_image-pusher_build08_reg_auth_value.txt - item: build_farm - registry_url: registry.build08.ci.openshift.org - to: - - cluster: build08 - name: manifest-tool-local-pusher + - cluster: vsphere02 + name: registry-push-credentials-ci-central namespace: ci type: kubernetes.io/dockerconfigjson - - cluster: build08 - name: manifest-tool-local-pusher + - cluster: vsphere02 + name: registry-push-credentials-ci-central namespace: test-credentials type: kubernetes.io/dockerconfigjson - from: - service-account.json: - field: gcp-service-account.json - item: ship-help - to: - - cluster: app.ci - name: ship-help-bot-gcp-service-account - namespace: ci -- from: - app_token: - field: slack-app-token - item: ship-help - bot_token: - field: slack-bot-token - item: ship-help + kubeconfig: + field: sa.ci-operator.vsphere02.config + item: build_farm + sa.ci-operator.vsphere02.token.txt: + field: sa.ci-operator.vsphere02.token.txt + item: build_farm to: - - cluster: app.ci - name: ship-help-slack - namespace: ci + - cluster: vsphere02 + name: ci-operator + namespace: test-credentials user_secrets_target_clusters: - app.ci - build01