From eb3e0768aaf489a274b205cc3041acd171fe5833 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@google.com>
Date: Fri, 10 Sep 2021 11:00:40 -0700
Subject: [PATCH] config/prow: add cherrypicker github token

---
 config/prow/cluster/cherrypicker_deployment.yaml    |  8 ++++----
 .../prow/cluster/kubernetes_external_secrets.yaml   | 13 +++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/config/prow/cluster/cherrypicker_deployment.yaml b/config/prow/cluster/cherrypicker_deployment.yaml
index 57aa8633a070..bd0d896f1365 100644
--- a/config/prow/cluster/cherrypicker_deployment.yaml
+++ b/config/prow/cluster/cherrypicker_deployment.yaml
@@ -42,7 +42,7 @@ spec:
         image: gcr.io/k8s-prow/cherrypicker:v20210909-6c59eee681
         imagePullPolicy: Always
         args:
-        - --github-token-path=/etc/github/oauth
+        - --github-token-path=/etc/github/token
         - --github-endpoint=http://ghproxy
         - --github-endpoint=https://api.github.com
         - --dry-run=false
@@ -53,7 +53,7 @@ spec:
         - name: hmac
           mountPath: /etc/webhook
           readOnly: true
-        - name: oauth
+        - name: github-token
           mountPath: /etc/github
           readOnly: true
         - name: tmp
@@ -64,6 +64,6 @@ spec:
       - name: hmac
         secret:
           secretName: hmac-token
-      - name: oauth
+      - name: github-token
         secret:
-          secretName: oauth-token
+          secretName: k8s-infra-cherrypicker-robot-github-token
diff --git a/config/prow/cluster/kubernetes_external_secrets.yaml b/config/prow/cluster/kubernetes_external_secrets.yaml
index d8041d6c2849..6108dd86f3e3 100644
--- a/config/prow/cluster/kubernetes_external_secrets.yaml
+++ b/config/prow/cluster/kubernetes_external_secrets.yaml
@@ -39,3 +39,16 @@ spec:
   - key: gke_k8s-prow_us-central1-f_prow__prow-monitoring__grafana
     name: password
     version: latest
+---
+apiVersion: kubernetes-client.io/v1
+kind: ExternalSecret
+metadata:
+  name: k8s-infra-cherrypick-robot-github-token  # The name of the K8s Secret
+  namespace: default
+spec:
+  backendType: gcpSecretsManager
+  projectId: kubernetes-public
+  data:
+  - key: k8s-infra-cherrypick-robot-github-token # The name of the GSM Secret
+    name: token                                  # The key to write in the K8s Secret
+    version: latest