ci-tools icon indicating copy to clipboard operation
ci-tools copied to clipboard
verified publisher icon openshift

Add gsm-config ConfigMap to prowgen

Open psalajova opened this issue 1 month ago • 4 comments

These changes enable ci-operator to access the gsm-config.yaml mapping file when the Secrets Store CSI Driver is enabled (gsm-config.yaml defines how GSM secrets are bundled and consumed for the Vault to GSM migration).

Changes

  • Added GSMConfig() mutator in pkg/prowgen/podspec.go that mounts the gsm-config ConfigMap at /etc/gsm-config and adds the --gsm-config flag
  • Added tests and updated fixtures

Impact This will only affect jobs with enable_secrets_store_csi_driver: true in their .config.prowgen file. Generated pods will include:

  • Volume: gsm-config ConfigMap
  • VolumeMount: /etc/gsm-config
  • Arg: --gsm-config=/etc/gsm-config/gsm-config.yaml

Dependencies

  • Requires openshift/release#73557 (ConfigMap sync via config_updater) (already merged)
  • Related to https://github.com/openshift/ci-tools/pull/4900 and https://issues.redhat.com/browse/DPTP-4656

psalajova avatar Jan 16 '26 13:01 psalajova