From 5b87d6b9a9e29b73a6a4c970db75ebdd585b3839 Mon Sep 17 00:00:00 2001 From: Sean McCarty Date: Thu, 2 Jul 2026 09:03:51 -0400 Subject: [PATCH 1/2] feat(RELDEV-74): Add quay-podman-desktop-oci to production internal services. This secret is used in the sign-and-push-to-internal-oci pipeline, holding a quay robot's username & password to push to a test repo for now. Signed-off-by: Sean McCarty --- .../internal-production/es/es.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/components/internal-services/internal-production/es/es.yaml b/components/internal-services/internal-production/es/es.yaml index 1b919e76..22ac64f8 100644 --- a/components/internal-services/internal-production/es/es.yaml +++ b/components/internal-services/internal-production/es/es.yaml @@ -1214,3 +1214,25 @@ spec: creationPolicy: Owner deletionPolicy: Delete name: signing-artifact-storage-prod +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: quay-podman-desktop-oci + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "-1" +spec: + dataFrom: + - extract: + conversionStrategy: Default + decodingStrategy: None + key: releng/konflux/rhtap-releng-tenant/private-network/quay-podman-desktop-oci + refreshInterval: 1h + secretStoreRef: + kind: SecretStore + name: releng-vault + target: + creationPolicy: Owner + deletionPolicy: Delete + name: quay-podman-desktop-oci From 3cf4e302c6926a434dddfab46ce2887cfacc2d13 Mon Sep 17 00:00:00 2001 From: Sean McCarty Date: Thu, 2 Jul 2026 11:06:59 -0400 Subject: [PATCH 2/2] style(RELDEV-74): Change name of secret to be product agnostic. Signed-off-by: Sean McCarty --- components/internal-services/internal-production/es/es.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/components/internal-services/internal-production/es/es.yaml b/components/internal-services/internal-production/es/es.yaml index 22ac64f8..0d3f9c9c 100644 --- a/components/internal-services/internal-production/es/es.yaml +++ b/components/internal-services/internal-production/es/es.yaml @@ -1218,7 +1218,7 @@ spec: apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: quay-podman-desktop-oci + name: quay-internal-oci annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: "-1" @@ -1227,7 +1227,7 @@ spec: - extract: conversionStrategy: Default decodingStrategy: None - key: releng/konflux/rhtap-releng-tenant/private-network/quay-podman-desktop-oci + key: releng/konflux/rhtap-releng-tenant/private-network/quay-internal-oci refreshInterval: 1h secretStoreRef: kind: SecretStore @@ -1235,4 +1235,4 @@ spec: target: creationPolicy: Owner deletionPolicy: Delete - name: quay-podman-desktop-oci + name: quay-internal-oci