Fix SSH key mounts - use /var/lib/zuul-ssh instead of /etc/zuul

LukasCuperDT · LukasCuperDT · commit 318423b17153 · 2025-12-03T11:33:48.000+01:00
diff --git a/kubernetes/kustomize/zuul/overlays/preprod/configs/zuul.conf b/kubernetes/kustomize/zuul/overlays/preprod/configs/zuul.conf
@@ -35,7 +35,7 @@ prometheus_port=9091
 [executor]
 manage_ansible=true
 ansible_root=/var/lib/zuul/managed_ansible
-private_key_file=<path:secret/data/zuul/sshkey#private_key>
+private_key_file=/var/lib/zuul-ssh/executor-ssh.key
 disk_limit_per_job=5000
 max_starting_builds=5
 trusted_ro_paths=/var/run/zuul/trusted-ro
@@ -50,7 +50,7 @@ name=github
 driver=github
 webhook_token=<path:secret/data/zuul/connections/github#webhook_token>
 app_id=<path:secret/data/zuul/connections/github#app_id>
-app_key=<path:secret/data/zuul/connections/github#app_key>
+app_key=/var/lib/zuul-ssh/github-app.key
 
 [connection "gitlab"]
 name=gitlab
@@ -60,7 +60,7 @@ cloneurl=ssh://git@git-ssh.tsi-dev.otc-service.com
 server=git.tsi-dev.otc-service.com
 api_token=<path:secret/data/zuul/connections/gitlab#api_token>
 webhook_token=<path:secret/data/zuul/connections/gitlab#webhook_token>
-sshkey=<path:secret/data/zuul/connections/gitlab#ssh_key>
+sshkey=/var/lib/zuul-ssh/gitlab-ssh.key
 
 [connection "opendev"]
 name=opendev
diff --git a/kubernetes/kustomize/zuul/overlays/preprod/zuul-executor-volumes-patch.yaml b/kubernetes/kustomize/zuul/overlays/preprod/zuul-executor-volumes-patch.yaml
@@ -16,9 +16,5 @@ spec:
         - name: zuul
           volumeMounts:
             - name: zuul-ssh-keys
-              mountPath: /etc/zuul/connections
-              readOnly: true
-            - name: zuul-ssh-keys
-              mountPath: /etc/zuul/sshkey
-              subPath: executor-ssh.key
+              mountPath: /var/lib/zuul-ssh
               readOnly: true
diff --git a/kubernetes/kustomize/zuul/overlays/preprod/zuul-merger-volumes-patch.yaml b/kubernetes/kustomize/zuul/overlays/preprod/zuul-merger-volumes-patch.yaml
@@ -17,5 +17,5 @@ spec:
           image: quay.io/opentelekomcloud/zuul-merger:change_774_change_859940
           volumeMounts:
             - name: zuul-ssh-keys
-              mountPath: /etc/zuul/connections
+              mountPath: /var/lib/zuul-ssh
               readOnly: true
diff --git a/kubernetes/kustomize/zuul/overlays/preprod/zuul-web-volumes-patch.yaml b/kubernetes/kustomize/zuul/overlays/preprod/zuul-web-volumes-patch.yaml
@@ -17,5 +17,5 @@ spec:
           image: quay.io/opentelekomcloud/zuul-web:change_774_change_859940
           volumeMounts:
             - name: zuul-ssh-keys
-              mountPath: /etc/zuul/connections
+              mountPath: /var/lib/zuul-ssh
               readOnly: true
