Deployment of image-controller
Image Controller secrets
List of secrets:
| Name | Source | Description |
|---|---|---|
| quaytoken | appsre vault | Secret containing ‘organization’ and ‘quaytoken’ with permissions to create repositories |
Rotation rule: Secrets must be rotated within 7 days after someone with access leaves the organization. Secrets older than one year should be rotated.
Instructions for rotation of quaytoken
Prerequisite:
- User must be owner of quay.io organization redhat-user-workloads for production or redhat-user-workloads-stage for stage instance.
Process for production instance:
- Reset Client Secret on Application Oauth page
- Generate new Token on Application generate token page, with permissions:
- Administer Organization
- Administer Repositories
- Create Repositories
- Put token from step 2. to app-sre vault to
stonesoup/production/build/image-controller
Process for stage instance:
- Reset Client Secret on Application Oauth page
- Generate new Token on Application generate token page, with permissions:
- Administer Organization
- Administer Repositories
- Create Repositories
- Put token from step 2. to app-sre vault to
stonesoup/staging/build/image-controller