CAPZ v0.5.2 Uplift - Reference Public Site

This patchset provides the manifests for deploying a Target cluster on
Azure cloud platform, exposing the API server to the public Internet.

Relates-to: #600
Change-Id: I34789918b4be721fc518c033a82a4f8bce117494
This commit is contained in:
Shiba, Sidney 2021-10-01 16:34:51 -06:00
parent 6add400666
commit 4e12ce315f
38 changed files with 457 additions and 161 deletions

View File

@ -13,3 +13,4 @@ resources:
- wait_label_node
- check_ingress_ctrl
- merge_kubeconfig
- wait_machines_ready

View File

@ -0,0 +1,18 @@
#!/bin/sh
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -xe
# Wait until all Machines reach the Ready condition or timeout
kubectl --context $KCTL_CONTEXT wait --for=condition=ready --timeout=300s --all machines -A

View File

@ -0,0 +1,6 @@
configMapGenerator:
- name: wait_machines_ready
options:
disableNameSuffixHash: true
files:
- script=kubectl_wait_machines.sh

View File

@ -598,3 +598,18 @@ configRef:
kind: ConfigMap
name: merge-kubeconfig
apiVersion: v1
---
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
metadata:
name: wait_machines_ready
labels:
airshipit.org/deploy-k8s: "false"
spec:
type: krm
image: localhost/toolbox
hostNetwork: true
configRef:
kind: ConfigMap
name: wait_machines_ready
apiVersion: v1

View File

@ -36,6 +36,18 @@ config:
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workers-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply-controlplane
documentEntryPoint: ephemeral/workers
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-target
clusterName: target-cluster
@ -477,3 +489,25 @@ config:
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
name: merge-kubeconfig
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: kubectl-wait-machines-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
name: wait_machines_ready
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: kubectl-wait-machines-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
name: wait_machines_ready

View File

@ -1,6 +0,0 @@
[
{ "op": "replace","path": "/spec/subscriptionID","value": "cb3e23d3-b697-4c4f-a1a7-529e308691e4" },
{ "op": "replace","path": "/spec/resourceGroup","value": "azure-target" },
{ "op": "replace","path": "/spec/networkSpec/vnet/name","value": "azure-target-vnet" },
{ "op": "replace","path": "/spec/location","value": "centralus" }
]

View File

@ -1,24 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../function/k8scontrol-capz/v0.4.9
patchesJson6902:
- target:
group: controlplane.cluster.x-k8s.io
version: v1alpha3
kind: KubeadmControlPlane
name: "target-cluster-control-plane"
path: machine_count.json
- target:
group: infrastructure.cluster.x-k8s.io
version: v1alpha3
kind: AzureCluster
name: "target-cluster"
path: cluster.json
- target:
group: infrastructure.cluster.x-k8s.io
version: v1alpha3
kind: AzureMachineTemplate
name: "target-cluster-control-plane"
path: machine_template.json

View File

@ -1,3 +0,0 @@
[
{ "op": "replace","path": "/spec/replicas","value": 1 }
]

View File

@ -1,4 +0,0 @@
[
{ "op": "replace","path": "/spec/template/spec/location","value": "centralus" },
{ "op": "replace","path": "/spec/template/spec/vmSize","value": "Standard_D2s_v3" }
]

View File

@ -1,18 +0,0 @@
[{
"op": "replace",
"path": "/init-options/infrastructure-providers",
"value": ["azure:v0.4.9"]
},
{
"op": "replace",
"path": "/providers/0",
"value": {
"name": "azure",
"type": "InfrastructureProvider",
"variable-substitution": true,
"versions": {
"v0.4.9": "airshipctl/manifests/function/capz/v0.4.9"
}
}
}
]

View File

@ -1,17 +0,0 @@
apiVersion: airshipit.org/v1alpha1
kind: PhasePlan
metadata:
name: phasePlan
phases:
- name: clusterctl-init-ephemeral
- name: controlplane-ephemeral
- name: initinfra-target
- name: clusterctl-init-target
- name: clusterctl-move
- name: workers-target
---
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
metadata:
name: clusterctl_init
env-vars: true

View File

@ -1,49 +0,0 @@
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: clusterctl-v1
init-options:
core-provider: "cluster-api:v0.3.7"
bootstrap-providers:
- "kubeadm:v0.3.7"
infrastructure-providers:
- "azure:v0.4.8"
control-plane-providers:
- "kubeadm:v0.3.7"
providers:
- name: "azure"
type: "InfrastructureProvider"
variable-substitution: true
versions:
v0.4.8: manifests/function/capz/v0.4.8
- name: "kubeadm"
type: "BootstrapProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/cabpk/v0.3.7
- name: "cluster-api"
type: "CoreProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/capi/v0.3.7
- name: "kubeadm"
type: "ControlPlaneProvider"
variable-substitution: true
versions:
v0.3.7: manifests/function/cacpk/v0.3.7
# env-vars: true
additional-vars:
CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7
CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7
CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7
CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
# Fake environment variables values so it can pass the validate-site-docs
AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK"
AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK"
AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo="
AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK"
AZURE_ENVIRONMENT: "AzurePublicCloud"

View File

@ -1,2 +0,0 @@
resources:
- clusterctl.yaml

View File

@ -1,2 +0,0 @@
resources:
- ../../../../function/k8scontrol-capz/v0.4.8

View File

@ -1,18 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../function/workers-capz/v0.4.9
patchesJson6902:
- target:
group: cluster.x-k8s.io
version: v1alpha3
kind: MachineDeployment
name: target-cluster-md-0
path: machine_count.json
- target:
group: infrastructure.cluster.x-k8s.io
version: v1alpha3
kind: AzureMachineTemplate
name: target-cluster-md-0
path: machine_template.json

View File

@ -1,3 +0,0 @@
[
{ "op": "replace","path": "/spec/replicas","value": 3 }
]

View File

@ -1,5 +0,0 @@
[
{ "op": "replace","path": "/spec/template/spec/location","value": "centralus" },
{ "op": "replace","path": "/spec/template/spec/vmSize","value": "Standard_B2s" },
{ "op": "add", "path": "/spec/template/spec/dataDisks", "value": [{"diskSizeGB": 256, "lun": 0, "nameSuffix": "datadisk"}]}
]

View File

@ -0,0 +1,69 @@
# Reference Site for Deploying Public facing Target Cluster on Azure Cloud
This site provides the manifests to deploy a Target cluster on Azure cloud,
that is accessible from the public Internet.
## Pre-Conditions
You will need to provide the Azure cloud (Service Pricipal role Contributor) credentials in the imported secrets.
See *manifests/site/reference-az-public-cluster/target/encrypted/results/imported/secrets.yaml*
You have to edit this file with the *sops* CLI and provide the following credential data:
* subscriptionID - enter value as is
* tenantID - enter value as is
* clientID - enter value as is
* clientSecret - base64 encoded Client Secret
```yaml
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: imported-secrets
azure:
identity:
subscriptionID: <your Azure Subscription ID>
tenantID: <your Azure Subscription's Tenant ID>
clientID: <your Azure Subscription's Client ID>
clientSecret: <your Azure Subscription's Client Secret - base64>
```
## Deploying Your Target Cluster on Azure Cloud
First you need to deploy an ephemeral cluster with Kind.
>IMPORTANT: You need to delete all references to the **target-cluster** in $HOME/.airship/kubeconfig otherwise it will not work.
>
>Easy to delete $HOME/.airship/kubeconfig file before creating the ephemeral cluster.
```sh
CLUSTER=ephemeral-cluster <path to your airshipctl repo>/tools/deployment/kind/start_kind.sh
```
Once your ephemeral cluster has been created you can start the deployment as follow:
```sh
airshipctl plan run deploy-gating --debug
```
After a few minutes your cluster should be up and operational.
To check you can go to https://portal.azure.com/ and verify that control plane and worker VMs
have been created.
## Multi-tenancy
The CAPZ V0.5.0 supports proprietary Multitenancy, meaning that you can create multiple Target clusters
using different Azure subscriptions. This is achieved through the resources AzureCluster (subscriptionID),
AzureClusterIdentity (tenant ID, client ID) and Secret (client secret).
In this reference site, these credentials data is provided in an (sops) encrypted file (see Pre Conditions section above),
which is used to patch the Azure account credentials to the resource mentioned in this section.
## Validating the Clusterctl Move
In order to verify that CAPI/CAPZ Management components moved correctly to the Target cluster you can try to scale the
number of nodes up and down and see if the number of nodes increase and decrease as specified.
A more elaborated test would be to deploy multiple Pods, ideally the replica count for a Deployment to be higher than the
number of worker nodes. Scale down the number of worker nodes and verify that the Pods are redistributed among remaining nodes.
## Troubleshooting
You will find some tips for troubleshooting [here](https://capz.sigs.k8s.io/topics/troubleshooting.html)

View File

@ -0,0 +1,8 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureClusterIdentity
metadata:
name: target-cluster-identity
namespace: default
spec:
clientSecret:
namespace: target-infra

View File

@ -0,0 +1,12 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: AzureCluster
metadata:
name: target-cluster
namespace: default
spec:
networkSpec:
subnets:
- name: internal-controlplane-subnet
role: control-plane
- name: internal-node-subnet
role: node

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../function/k8scontrol-capz/v0.5.2
- ../../target/catalogues
namespace: target-infra
patchesStrategicMerge:
- azure-cluster-identity.yaml
- azure-subnet-settings.yaml
transformers:
- ../../../../function/k8scontrol-capz/v0.5.2/replacements

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../function/workers-capz/v0.5.2
- ../../target/catalogues
namespace: target-infra
transformers:
- ../../../../function/workers-capz/v0.5.2/replacements

View File

@ -4,7 +4,7 @@ metadata:
name: manifest-metadata
spec:
phase:
path: manifests/site/az-test-site/phases
docEntryPointPrefix: manifests/site/az-test-site
path: manifests/site/reference-az-public-cluster/phases
docEntryPointPrefix: manifests/site/reference-az-public-cluster
inventory:
path: ""

View File

@ -0,0 +1,12 @@
- op: replace
path: /spec/capi_images/capi/manager/tag
value: "v0.4.2"
- op: replace
path: /spec/capi_images/cabpk/manager/tag
value: 'v0.4.2'
- op: replace
path: /spec/capi_images/cacpk/manager/tag
value: 'v0.4.2'
- op: replace
path: /spec/capi_images/capz/manager/tag
value: 'v0.5.2'

View File

@ -0,0 +1,37 @@
- op: replace
path: /init-options/core-provider
value: 'cluster-api:v0.4.2'
- op: replace
path: /init-options/bootstrap-providers
value: 'kubeadm:v0.4.2'
- op: replace
path: /init-options/control-plane-providers
value: 'kubeadm:v0.4.2'
- op: replace
path: /init-options/infrastructure-providers
value: 'azure:v0.5.2'
- op: replace
path: /providers/0
value:
name: azure
type: InfrastructureProvider
url: airshipctl/manifests/function/capz/v0.5.2
- op: replace
path: /providers/1
value:
name: kubeadm
type: BootstrapProvider
url: airshipctl/manifests/function/cabpk/v0.4.2
- op: replace
path: /providers/2
value:
name: cluster-api
type: CoreProvider
url: airshipctl/manifests/function/capi/v0.4.2
- op: replace
path: /providers/3
value:
name: kubeadm
type: ControlPlaneProvider
url: airshipctl/manifests/function/cacpk/v0.4.2

View File

@ -1,14 +1,24 @@
resources:
- ../../../phases
- ../../../type/gating/phases
- ../../../function/airshipctl-base-catalogues
- plan.yaml
patchesJson6902:
- target:
group: airshipit.org
version: v1alpha1
kind: Clusterctl
name: "clusterctl_init"
path: infrastructure-providers.json
path: clusterctl-patch.yaml
- target:
group: airshipit.org
version: v1alpha1
kind: VersionsCatalogue
name: "versions-airshipctl"
path: clusterctl-image-patch.yaml
patchesStrategicMerge:
- plan_patch.yaml
transformers:
- ../../../function/clusterctl/replacements
- ../../../phases/replacements

View File

@ -0,0 +1,21 @@
apiVersion: airshipit.org/v1alpha1
kind: PhasePlan
metadata:
name: deploy-gating
description: "Phase plan for docker-test-site deployment"
phases:
- name: clusterctl-init-ephemeral
- name: kubectl-wait-deploy-ephemeral
- name: controlplane-ephemeral
- name: kubectl-merge-kubeconfig
- name: kubectl-get-node-target
- name: kubectl-get-pods-target
- name: initinfra-target
- name: workers-ephemeral
- name: kubectl-wait-pods-any-ephemeral
- name: kubectl-get-pods-target
- name: kubectl-wait-machines-ephemeral
- name: clusterctl-init-target
- name: kubectl-wait-pods-any-ephemeral
- name: clusterctl-move
- name: kubectl-wait-machines-target

View File

@ -0,0 +1,7 @@
resources:
- ../../../../../.private-keys/
- secrets.yaml
transformers:
- ../../../../../type/gating/shared/decrypt-secrets/
- ../../../../../type/gating/shared/decrypt-secrets/cleanup/

View File

@ -0,0 +1,77 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: combined-target-secrets
secretGroups:
- name: azureIdentity
values:
- name: subscriptionID
data: ENC[AES256_GCM,data:Dv3YC68mrrxXi4ifCCshxvkdS0b2CRLukKAlfRQMpHUwc8wueA==,iv:jDtyqbjyI0OLr/fvkJ9Od/E+T/OvQnhqqAK2CNWaO4M=,tag:X/l5wIVeg+PX46sz6z4cJw==,type:str]
pinned: true
- name: tenantID
data: ENC[AES256_GCM,data:MEnegDMZrRZOIJhZkSNCXMHuiKqrHwqiYolZItJhPg==,iv:JvcPH2fPkj67Xg3CyIM9/xjdujpSdh4d90ENRBF8D+A=,tag:HZAiwX4I9DM0MeBz/B4tNw==,type:str]
pinned: true
- name: clientID
data: ENC[AES256_GCM,data:bh8hwdok64vKYa410mAWjRlN1x3kpT7jcgoKrLSzqg==,iv:JpMC2qmLhpkYOtdsD3eojB9pn5ZJwdbKX8eQvrWctt0=,tag:Q2upiE/cIpjiCwgtuR6VWw==,type:str]
pinned: true
- name: clientSecret
data: ENC[AES256_GCM,data:2dmtNnvkfm7w+/iK/fSXbhJBb+N48u3FGONGzWHH9rinb/nz7IZjWl/OPJ8mAnpKhW0C7Q==,iv:SaZKaVEUup7wxuODA8UfA88a9ovymFFjOOyt43bMUqg=,tag:vJTyUfPnU/+P+VJ/c1vatw==,type:str]
pinned: true
- name: targetK8sSecrets
updated: "2021-09-23T19:13:19Z"
values:
- data: ENC[AES256_GCM,data:xMWXeoNm2e58QrqTXuphU9gxAcQwibJpmeQQPUHClHTpXK0GOiasTsNdb4Jh1EyGiBaLicHG5dKd3W2p9WFiiR3KL0OdGvvp3vMrrsjB1btoE6DdfiP/lLteoxAlfKGlXG68YXEy1NTpYIKEhY2eZ7mULff5tEjAclO5SPBnJvEX96HgKSriSAXgXanVXDVT0D10hIV/Kj9DKl6k4XbYdCdUpU6yjxMhUL2sfvIWap+CJmf3TgAJNYxdfoKBxk5txEUsyTvZlHNL0brnwbeJosmsqIEuyJsX94fNO3Jl5LkAmSBiA9EObdqlPq9WXV7M94axebLsobgyJXFszsVh8czp4rSxnYZ+t7x3QKM1vuW+FSuAfYMa8UuRxwdHHMWqykOR3apAtsS5kdFAjZmqyhJ6uiPFrdO+q37JYK5/ccrSD6pFEl2YXu2XXiyqw+cUvQ/kwhPRSuX5euzYO3Ne0+4SLFgdMfdWb0vdCDqhE0nw+usHAz5qTrsa2cRV15R3t9TuL1TOrr8tGhvsXjnVLQks4A4qz2Lst1dayFafPtYHm+4Az/R8IePfAjLc1nt/uUvQ/Hd06LpgoLNxWgkhOPrEdEhnYIagkItO1eXAF09GX6fJjY3i0WdS8zc9f07PmuBnS2F81maoo0ESDCjsiKtRYJNqTLw8JvQ83XKbXdW2DZDdy2EqnMq+g6YA9CQ7gDpnOp8OfWaZxJ+f21DARxfukneipnP55u4/IlF3YWO4EkG2oZC6zJ+cjjiOJMCyCbZk/2Dy58athj+tf+CPfv0UURLrfvUsdHqnJbHlvEfhrkSM+C2ivpab2ScaPKXEuAKcgIYaoeEwrzDsg39y10ZFbnRETGMm39IM3CPlMaQDhcIXnGgD1daFcQ35tU05mXI3elUA1aYc7Mimn8tKEIr0qfDWwABzkzZdLJCr60bDOsrltrRNtMmDbwZicrweeGjBTf3tz8+uXWGVsjfd7P+zDM/W85NHIvya4i+hLrpeDdwNaPEADW3en8xUlHtETtN1w4lSwHOPvSM3YRhOyv2gYhs7gKk5WyvBZFVSKzAAG6PMjlzM0LxzChWAeWKXHtdondcA40PJLry6AR3E8IF+z1vfJgBJcYW4dWsvV0Xp3vVW3IucoZ7Z0bA0oXDhQr0ZnOsphmTJchcItLr7XEmDXnd9a4pRsnwtCj/CDLw55SbX5xRqyt7MIBMETnQarn+4NIHSRHkr0U2YaYwvuoUDP6F4bbF+crJk1ExAJVS7Bvkiheq7/XdpPAl03ZsPML8+uPqrRlmBAUAbTvkvzDD326Ni5J9uPUNBFNStP1gz0WMgLAhRHPztB6E/YMB5q5vWqO6OKIxFTsHQC5rKsZAdkRhQeMk4LgthZiVMrXUSB4Uc58NUaRSiAk4xlnuYaTkqETr4nfXGqVj7wkuMmh2VxlokATCpq9OUHp6vlJS8u7L6lf1hzOtBeX3bCzm8x3zUQNCFyVjNCkqD5T8XnHcuuBsDiEb5mA3zFn1H/QcQ9ADnAc367gIFcq3IcVVk45NRSyP7tSUT9VNejegWiC09uuEyTC0oIeo9s7JJU75fQzmSojPD1xcadx7NblgCPH/LLU8rgjzbXpNfyepfAuEIiRMjkZ8ThyxJTqYzEhwheL4wabquqPBrPLoob3R5SiSWetl3AI9OsqEudzodbrrsa29vPAWUO6y98AG0NgyCn1ldQXV7ANvaJFhAJnX8QaCiAkgsrejTieYPs6YcGIT1gplU0nVWyB7kya013hHuMfPf05zKLZ8MWqhIP9FWva9Hc6TSauaqYzZVUUbnjhGb9zL7XUCHXDdQ5nukkMIHst7oUlp5YdSsBpyKYnoKUtjvdsILhyBPecP3EwQYqnPpmzu5DwFrtMJfF6vwwqRM96HPW4zhYMHMXBF+AQV8DOsZGeyDagWJ29xZH1rE/o0WVO9Xt3jCZ3LIp7CUAoj1Y+vpOlzPqToedcMC72Nbf3mB3r+0QedIeXF7qBjAKxXGfRF0aS1umHUp5K7mL/k=,iv:bkKvZD52af8kPpJjCr+Sc+xw4fR3g/Cduwbf8glsd+I=,tag:7M/w6lYTQP2tznjbgAaVag==,type:str]
name: caCrt
- data: ENC[AES256_GCM,data:gMJ02tJBtk9I1GOe8gCGtskhCSvwh3gWJ6o6YuJR8iTXEZ1MQF9Ls6x9+NFNCbfYSDWk6RthyYl0pwDEn8uWVWDfLSRbCk4zBfAiDzvUCgEflouE/0cmb/u58SUeEq81LUxxg9rf6T6FFbLy8EVYpb9kpxrk506aJ0ReQUdINnSlnRAH+z5MitBs3FR5/uQIHDqEapnxuB0Pa7uKqVWuwsp1mDBzp0BGY2tQL9hU/F1XBOU65KkNOgV/RVz5zQv6MS28gYKUNkfCKLMjG3RbZe2OupIPrngp50Af2oWnRZQezy30jxW30bfeErhbmU04T8QoXe6cKMiW5LnuI9Xl0Qq7pCBL+JAfFdHkQdsmr5UzagOWlfKauUtgIigwhIFe/qtUWtinZK8qlrcnqwkOKnKDUY//0KdiFZbLBwttZH5it1bR9qGquK/prTlrTYrJasn8Yp+sVeOjVA9VTwqAeOX4dkyGQM8psgyIqxcOp1NXEzr/1vNhPRsn9ZSvUdGewrevSPsShF5SlaAztrb6+9dZIo15EIewEQ23zG4UNCO3hpGKDQxcQ3bIvvkw84hVhHSDRU2TQPUUylSXPuw4Qj9/xnpzLqHEOXtkxGk2r5M2/kAwgHsYNgQEBdT/cSxP9kMiZR16c2dbU9eC1UugczR7J7qj1LbduxWderWYiOQEcfv1FdXOkHEbi9tUzlUaHHZ/ow+/W8JZt6zFBLToc0WLUMH+mn23MgFzoFo8JnySzRrs1l+frtAHrRpyOsBn33NWGJfaU4V09XTl3umYeX2V7LHtY+Vm2yxIaKrk04FtBZpWfbywiAvnUTt4VszXttsm+hWPDR/qOqD9cLyA7qFvy2XtizQMEEd/I8e3ia41cIhhNIJ7m2zjq1EU2q8ZOYKb2ffbumNuESm1+p/AZTHCdEFyp54A9A59u1dH5goPQ4lCMF4lAuzbogcag9CPLqSDw9YVab0T6o2T7Uz7bTw5MISNLnksXYB/UGj674kjxMsVTbVJGi9H3wetGXT6nR7cYai2NmJd/OOKEldOik9I1jxkHYImMlVLXHxyrBOY7s95HRyVBVozMmLHE1tLaWCukN6CwaF+NdCSKp/9jKQaxF6eAe3TnjTDcezGOIZudSnooce2J5NIsL1xyeVCrtzmmiBibTk9dREG3OKr9/YYSmSePNBD34Sg09MfHlz350qB3oRaGxPpW1HpxNB9rpivq2JtE/KbXLnnXGbK7841i51KvRFP0I/6TuILGWQQl+E0yqjJx7ySJ7WUxg1B0poefLiDnkqdMH+VZbKHEzVyjLUavkWsY9wTBG6N4HrELcyplMPRxdRw06vBZiDPT7FOGYWADkhpQbz6Xtqdavy7VUMNOCL802J1gdvX0HYv/vHPtKkTIf2Ic/S3O17vLj1wMOwko1OgPaBuFWFeHiVk5kw9mTpGK7ZZ7FgkjzcKh5mzj1seSD+iqfxBIzEvNGatrjzeqfYvqpMOlHeF8x0CGs9NSBd2S6zHqC6umDFDgy/R409N+fkW9LpcOGSbGjTe4K95YnMeaVKJAQ11tnXVsJ/ndE2OrJeiHQ4/C5zy3rSb0u+QG5UznihieckP/2jsyBJllk8tYonys6XouN1eqWeBVfXL5YbYPbu8EjuOjXeC1US2iodCnbDj7RwhQHJnR7bzR4kgdNZWjhzqwyHEQYus3quZY/hnP/QCoa5u4eYV0KiugeNVM1uVWQXs27oCHOF9E44LZbpyC+LsAjKSIZwPbF6mQO2tOwPD5tk+EjC7HVJBN56FaCEwqo+ELO4ycVfSDs4v6aenZ2GJx0asQuHMflYnWKgdUMNpl1lS3QmrpcKJP/3Gfn+sIJ/jsd2ol6x1PpXn17P87HhoA5M57xWM48W9LbNH/bd7pYBE3CZchxVxwmFXbYvcv059vucZaqUhNuCEyk7EeKpKyMz09yaZHAHc0wnO1SE9QgjxsQYZDCoHj8veACVqB5HBz/ceJ04PlPOyfcTB0CAEBPzqUqyv8D05FlIiBOOpi/AAaBgQ2NeUqV3zD3sEEagGUM8kUNrf7ucU2/1DC/lKCj2+yopQabit1WyLAJbOzQRIJsMzBe5I7iiwUGD7t3m++z7KePCnucA9uNFUUm8xQuf4ksvugK5J5qWO2wojeDjT+pdzNR2/c1dsoaxqMhUZDZrfFwZmjcYrvDzIayQQ3RudGRoIf5sDsJjk/iDPH21oQNT6PIQhYmZ9tfVNmWUaWK4Q1+hzia3X9+ILCZZg3+03uvWibj62yUbAGzdLNDts5jjxgKhyYnAJ33I/NbctUPxv1jA32Sp16L1Ji03Y/d0oYW61cSrauQ/7x2LluCeJdj610pd6zKjlnxv5ezACzznOT9Fup+rGF7F+2z2G9bm8MxDwXBupHOIYIzriAl94NUUzDLWzZjO7b3bcaKHGAdnLjYdWD54al2ty2pEta4kYtfM9z+rBpK8tmSQnBoRb9sqCk+JNHJcI729vuOgzy//8dRLWX2VNf97m1bFswsG9WlqUNtQkivcls2nXS6UMzNUPvXsMvJip2Q5d2YGPAtqo+beBkiS71jX1or7M0+/iHmWIGSQc70FWZ1mOMo7PkZQ5jKEd0SuJpOlkB2+XCIz5zEANX8QTtSYHUjpOm0gTAxW+6U9MwE4IV9XKPWJgci62EhWqkcqf85ydZFszBuq7+JeVXOV3Vjqlz7qzlxxVbvbBIJ+wlKyI+RDQnor19JuVmCwOG+JiUwUnBxLRtHJWEV++0m8wdAU4NGB4vajWzMNleMSyiP5E2Jl9KjBn8hGJYY0tAOx8iXvHeMeGN+Qey8pChCWk+pxkGNl1T5CjBRyWjwxU6A4N9X7PVB3YNrBi0/QIwEoPS5B+N+c+WVzRW0v65fmpCf1Xg7+v9vRN3W4/fo6HYqxy8sqjgdR5rNb6j7x+b7Q6imsz4AlQ8qbD72LvCBxHziQzoSp+lHfvHxo7OyZ9/66QhA==,iv:Xe3QBl5rJnzRM7Vvvl72OHbu8411WrL3mRQxo3xyG3o=,tag:kAl5nx+lrlcrW1FpTz6rXg==,type:str]
name: caKey
- data: ENC[AES256_GCM,data:fy/Jhrx9c0TlsHvrRXvvYbdvDYVLLADGO0ost+VZoN0t8a8AYAXERhgtXjtTSTeQLxvmRybNCNxccfAQawnWCls4U2j0ioxYOHKAGuVwb3cUMT/4LUxDfhpeR4V1C5UIjV6xintreXFwhHEapR+52H/CAeeBEBEkDIN6NrK0QdwXap3H9QUGWRlzdMXo1oGb8Vltij9lcB9AvcbkDLOkOQ1YF06evSJyy6CWoYua5aqJTK8QU1hoNjYNPmEDPRnAaNIbG7vGihfzkZBt+HAI/MUvJl8Pg6d3d0xHMQqEOb0Oxy1u4eKDV5AgmuKHz/Z0trlj1X5Q13LSQHulAEDDFMuRlyzKZ1AP2V/oOoQ4IaQXdZ4n2V4cJjP3cGQ9+CUv1b1GcUDBTRh8gaT1NMBt1mE1tzAVvw5rXtXpmX5Q9+XnC9nf/rE7VSWxPgueF2m+TtkU5I07wMlw7TGHTJJ99Wv2x0ppuHWfesL7Gbu7XepuUzD3SXvL7Fcunl78jLlp9fFlbkc/BnJwTkG8C80a4JtWOLx6pHCzLv/Tl7nr1DTwKqdbKe651sRzUYXPzpT6Mu7OzNWrJyqbqwkVp+jBSq/3BUNJZNwxmGrkyOSzdCbKdMorojWJ0oYg+8EL+vtJ6O+E/mRIq8yUrWugbh4Ox2kO5pkkcA4r2Dzki73awU5wr9vHJ9isARtPPsMpUNxbrvxqQzWl3WFf3QPxs/iVS0ahyNt0W5Igb+N7K4Dbxcu0USSKtEgqecCNX2RNBpzNJ2PkK9R6RNnmQ+HWPPP/gVYhby14RhFvBekwcFwYo5d2PhfvmFh3GMpzwt6F1MBq1kMQuvn8VHwLf80E0zR6P3DU8VGEwLX767BN86vlaVbMiPRr3sTxziJpoA6YUpA/rEHf+SNpXaWIFD+brYR1d/SMfs0N9b0jePPZskI8QFysqLxXbxMnDKbbkIAWdGnuwlt0EEd0lXaMz3Zm7fvB/9QQ6Nxx/zn3+HDbxojrex+m5t3QK1rPLMrFKNVaIIRcju3lKZNfJ9a5NJkzrT16Fs0X+MOe9k30BkPAiKirB/mmSoJ8ysn8wCXDfiG12ogagYDgbeFfIB1EgxJNz90sASDWifJ8FkulGkNhbCrax2kcU03eq6t+iViug3IX3F5p38kJyL1EU+1EoUaElgdeaBH5lzDm2lRVwCfqGTKTi2MkDVbdqA5GOWDtqlRFMrKE+i+FwyJPBCh5nhrMbWQ3CirpgynLaxQk99Y46HVd+c+2Z8Rb5Gg8CJGbs9MhGO+Y6Fz/LUB/0PHq0laLxBpeM+AxNnYxn+dv5QkOxidcMU0mKIUuHr1hBk877hbq//n6CGdZOKRRbP1efBWUw38TbHlZgXgqSbK/zRIq9RaxUJIQLEJhe+cdLANYxWxWrNCejJCOSJQnH2nKevozcX2AlgpVi5jCQYhkLuWNVFFjRQZKascSbVas5SQDUN+2BD2oAPw4OYcuTddD8Jk7jc8u15xTnbs+b6iy1PiyvAksNlzWBJDSAtLCJSjbS4JFlqcxRI4Sdqf8cBCLPLXqmZxvtDToEelh6XF4tVQqa/J10Q1p6G1JDHezTZ6IYpHER9W4ZvmvoLai7OP4GhXnQiXntViIlJf1fNg6ekiQ3EzZVwwVwLQ4R2GvZ/FlpkhsVrP4PTInw9tBT4zuljAHG+KADwNa8daTWaL6a5G4q0GQqBC4UB96w2XsQrmz0xtdsWr4kOVNK64zDDewpC6sYyIBMqOkQRpqDWDmXxtLzoUKT3+BNWwxxIrOimhKjcLa7IWA39It35NXI0GHnOkgG4XxTZZ116UErO+LjkN3c0w+m8KlQnW6PLzRfk8uTpNfTnFchZnt7o7SXpl0nbmOptNJxSmHxLwPyU4I0r1l91zBCIfmWxY3d7HWW7If06pBLZDY4v+tlPQcOJeDlTLpQA3UK8JkK9R2ZMu2yHLMYX52u3qqYE5ClR2B/Gs5mg8s0JR4hthewPwi/NHnLb2OMACWRYPvkAwlqs4+0KUVSs736JqfTsWRnhQuVUUTo0Noc2HFrEw/hOqlk2WK4oRG,iv:Aw26uOLDC7cShsT6e9YLxq3HM2p2hAdMuVPus1Mg+Do=,tag:mE48NYspBBKopGearQX5UQ==,type:str]
name: crt
- data: ENC[AES256_GCM,data:Qn6UWWW+JZ+57kfhH9IRKqlUHPyrmpmXWTKC6YweVWvQ1l2mp/eF9/4MPN2E3D7z85tppZtCVpxnH9ao8+YjZcNV8WBpJ5AJSG4oAEGW2B2vbBUx/B4eYFAzP5bAg2yZqQjmzg2MVZ/0if60Jd562jTUO1XZk3hh9Js5qbJb6y36eTPOF4uoc7QPQrRh0Gwjk4qxzTYMCoJRbHZmQ1LYM75x9BqVb21+W82FEJlmpk6yp228rmaWD7Z1Bm8GWoiu3zs/tYPMVeN8ryrhuN4z8N9R69SiexUVJxOQkN1oAJyzAtM8495NZoPSeFoDDbOc05yssXATp3cIL9gtzZJ7/0Nf/t3egPogvPNFU/bSgvPg8xpMQ1307Pi1GVP0rmSyyrk84BD17pRK7O+2CKpwkLPXe0mtNnepLPNdrpwyS8wOmC7LUQ6fZXK2q4TEhZjWnzqp+gTZVTcV6VXt9T4LgC4EyuKuAmaKtJBXeOmDBIyUMcne10THmM4dZBk73hHd29t6YWKABTFUKFjOXsKsDp7U8JLXBBIWzYl8OhwncYzSeFqfn5lj2Kiw8Xac49QhcBdWqJqS9OZZ9OeelbSKt3NMMfW3BqEEq/bWz7evW85GrDjuIMFwYudt0nqTAI28jQIYw5FxkS3o7+NKT+jM5jAWSi4MBTrOJe8jbrekA7lJ8sxmM/6u8wRVP8GLmw59vbGpfBLy8Y2gfXy+B2Wymp/Vw+jiGNZo2OsmcJtCMXAp7eZAO8pH8upVTv5KCNW9Icoi2Iw5nxwYkzwEQVnd1+RwHK5c5qA5s7EGfUAakIuLsXWppATJmKf3Ilgx3naT8P0D3yXsDHm2gkRZx9HvAWGbcdt1/CxBMEJOdrxlop3v3CXXR2MoUekQJ9HUU9LGhLwn4Pep9uhPUmjnLKP4nb6FwREx9WbebrdulBX2CQBqT2LP/BE6wdr4UHpKOOHJdFfvVWpAjptCEKNGkiN7Wf7aLlf7aQlrkwQ6MtX68y9FRkyg4bWH6iqVdKbk39njXbneFtzCvbAEVmGI5eCwUKEtsxzu6GCfG1Qnt3B2dV/sSY/lYLnWJmKkcRSIgHmtfTXGhrBPWPNwJzduAG+jFakD2oJbfg9je0okPQFKfQmOu5lIRriJfrnL0lourVMEk97HCpOZU74JrA/RUM1f9N07aIliMgx0xH0rWPshc+YBBYTncrDz6j+L1UxjqoWDveVI7kFzO5niPibka5qolFVwFcOmMdSHIuZ5BdcOr8wFtyMi+7/utjyL4EmvHNIMqemdMztZNE6vP2MD6y7mhUaP0zaMVWw0WwTUSWBdtKcIeUdgVa55geoDt4K+6KT48T4/+TneGmYwm5i5c04i7o11k0wmFH47m3B9AtiOqbMU9XmfbMGjvyV0YovK9BYvPJ0rH32zWAtjNtd/+QlrVER+Kc0EKGL+cgD202FQslNT+uD5mV+QiJ41Lx/VFxeJU7K6BMniZJQkt7+gxg/WG5D2bt/YtWwoOCJffi3XudLnbFe80hr+u5jvLG9RATjs92YBqM2ek7yrtKSiwAoFe0bwk/yyLKS5at47q/dlZbPHCGjO3sqi67aDBNK12/50Xjs8SKu6JQXapF4lJj0DanrOn6ZD+z1H/HAJggPIAZ4nK6F0QF51b3UUZnq2Fk6ndg4J/OtK+yqpayxFAdew2B2SAlbzz/yaJks8mIMqRtbKJKr7S3DUDBe5eNPTNlr9vErqP25ZIc+yTF+Eg52IhcQ32Nftwy/FmQdjCqwTzm50MzooIHChxYViDKd+lEiIcg48faavjv6S78OgaiEYisi4B0ptN4cQalgTQA/Vy20KLBdGm3AHtH9cShM6MPiffUVBMWT2Zy5WIPiL3ntYJVAU5S/MDFEWJC2WQMzDm5VBMEBhiH3GdIPecoFy/98VzPDXF9USQH6k29XbYKShpypb5mevIyZzWT2vDKEqZivSmRiBoYqZit4bqASsYuBrRKSi/KyhfKax06pwh+aSxG1anMheyXSgYdbriM8t5cTLFEqNtr7Q0i3T0IfxmLwwIbbomz8M4wifzoD3rwI8v2N3Z/iKbwuxWuhBk6ZLab/goosiTOSD/37bkWSQE/ewVLZTiQKmAGYP16n9w/ICfvyAZrIvXM3ChzuQgTp82cl9wQPLb3du2DJS6TUts7rHlvSotL9kTNoG9pPriI/t3/XP0e4Iiue6mWprqFjr0CQJumJmU92ugMxTZMagUpF9vTyZMHkY1TIplY3wy+zKZztUGAHeNK4qnP+ojKeynZds5WRlM1V2j1PkErwmg4RhAu/rzPPihdft8eTwFRRYF8JaoUb64HeNt7ysCaucN4NBQL0LFsIdMwyliPxsQ4ALtyFQ4eUsRbtw0Q/cHJM+oiKb1UyLAhmepPP+ZvSLIdBGN15qKZOH4H/2kLmPVQgW8qY2jEObtrnJeM8hNfq18bKz0fvphy5z+6nfSM4zw/AOdIeSPc+aBgvkH1Ukviznup+ograVZz5JLT4C6c7cFXOu0j2hjXzRI+Vki1ODw7azZv56R+17vzS1wEIoc2nP8pRQQQ9qV9Kp1SJKRY2JDqxqVWuSyi5JGNr54fCRcDyKpk/9COgisstrvU5gR58lQoBgDbzLG/Xf6m3PbJG0kuBowbwUjNI8lNvB+1Lo83QQw9XWIDq7Q/NosdafgIDPnLv3jLldSHmK/76tHy22Nq54tuzFkt0jRjM0cAq9U9w23Xe4UZGUwGaIdLXrGveFPV1d5DbOHzXOx1uROpV47J/6oyGggA9B2Ww+eNuVvYO12R3lT9EP6gQftbchWnHOZhPc0FOJO4htG4OEZs7EHcN4Ki7IgTx66vmWTJURG4rRtZoSKz1jFQczcSYCR8dpDGqRiAropzDpGYVP6JdyVakzwAh8Kl0L+3GNZNKpAlnvXVyWuDqejKBUCWkmZ0nFiuVJ5eYVo0t5jDvv8FB2bL9LTzPjL16Puc1BICoTJrY=,iv:Ab4tJf3LTW45SbDy6qs9owM6AmcZFi9K4LQeXmll7jE=,tag:vNZ9vbr3Ttfv5eYj/2y4yA==,type:str]
name: key
- name: targetSshSecrets
updated: "2021-09-23T19:13:20Z"
values:
- data: ENC[AES256_GCM,data:41OK7T0IzjKmPVQR3nonA2sqzCXNcLTVDYGRHCewZUCTXF6u5G8EF6aEQZ9ZH5rC48c953CXVUu4B/49Cs2QRhjPrcjllxYJ6DR27AYA1BdeB3R9cVuxwktwGrEyY0EKC5bsnpuhANj8Cumn6jaGDa6XGzKElNUfTOB9cr78LNeAUfXM8rzvNg8kLRXW1YNLJppeMwdPGgKYgDzc5s4voPjUu5V8acL1jXCdNBjEqrGRCJ5SiS9XBtQJbtsCKzTQPdjHKpKY/6BLyapDvFNKBHhPtsOYK4v2WujE2NvdzkzLiqYSaA7HLlxx+F6HZbNLNruh/qCxRCPo993bBagFGegEWSB6OfFtSh021CqBqB/9QgUIZh0Ug7hDwtKisZjqIW6qJj+CjWyGBKxbINCjwQXKtsxpBfB2pL4XlxSj9QWvVMQEQRYiRK5H3bssiFydoEwlCHIFudgVNZpJPp6bV6gy67APrbjeDa3CtBvzXOWJazYjrRLbco3LnKt2QoOPOAcsAkgiCvpXi9zrjPiMwtNQlrDSxOVBsNqeBSMlV01vg4wwinXD7ckiAKQ90SFBks7LmH8G0ldspKPQuSxuImJZdouyJbsMdf81vYVljUN9RnLwBEzVo6N25Hq/NTs+crkVCNdb0WNTawTGa35A4NI0W1mK5vxP+Anev/W41AGY20Ui9zl6Ne99xSmmvaPapNwnNn1y+2rkww3VY6/m3syHF1J2XoDwcrtNxShVV6O0kFXiZz3zZSw6nhD+HkTWFUX2vHHhvYh0K9rNet5GOcV7255rFUwVNqQf+coy5WETEX5O+x3qkohtAEhKLOIBg1q3yU8ZbuGsq3TETOtTpzq+2YTo1pEI+whc+cEAF14VMgp6xpF4QC7d8YNdEcom40IWEVtKwKDeeGp6t3OoRds8ijsw/9ktUe6P0V4svIrRWvgXJZKs0eeAdJoeg5ObZsKlsKmCyWZ0i8t/PyrPHF6ejccYmNZ+n8TyQOU4HdN/VSfTvJXrjv5mUf4f9/skYIyMwLyFzLcAa3Vmd5FXvPS0r9hIDRRVTB7fInHzo30WFCS6bov7Uwk/L5FKvajKJnc+FtwmsElSy0CqAcm+flamldzgExwGag+BehsPAPtyNAfS2KDPcRFmiuWfokAQBvyS3m/ypJ7fwMQGok/p0B5nxXjD4ViIYSna0ckwZPtUrbQED2dP9fkscWjV5fZF9R64TTaNA/68KH71Lu4Z5GPf1BcBlUY6e5j+nnSWSk/xPoG+5kkwgpAgEhPtr+2wWia/y86YgcToXqy7SF4whvbbhNiTJhSMFh99w/LTZ0+ZfiOHzW+Ky5isU8DAo/SGU7GfABwJ7Jvs6sBF54pjP6NIjVpwJc9EmymFKMQnKwYqFFl8eyirs1OnHwrTb2pmtr8LGNz5nllyMPci4cML70Op2DzmtVvPBWFK23c0/SAXMCnYhgQTQonFMSBOBzknEgBftlbE8uyXhrxnLWTQ6fke7ZKcllpgaQLPlrJSzuhmIG3vGKOFVtIE5THt9/b9A+0mWG0eGel1/Qu6Ogd+/oEizJ8qHI5w/PtFtiNwDU5YnaMIB0uWO6Q+sb6u12OEvDx4ibAu4o6LI/VHTGRB2H5ekiU0nUQiWLFqW6PaTjh41a+WJwGZ1JYNwMnEGPxRUXnQAMXO5kHGAPzLbKTJ7evTGxB3Nh8wYpasu6bIzZ2Eg32NKkRWr2nrdDG8m3z+RfsPRw01NJDVdqdlan493Gl2Wv3OeVa+XDQcrOyOXjlOMTsgkTR/ZekL0/a73BQZIDyz4ICX4KMUG8Y4VCHsXtZFw/yHQzmbUYtN9h4BlYBYwh0JC5RJPdr66JSZDKYanjp3iexD1CFQK1U+PBL9vPqERAAYsE4uZjN1mec0Ps6SRxjCm27DKau72JWOl7jNYM+4thm4xPJ2HLgmx1L2KScYP/ZOHzMaaGNO28DHtTkUyU9mMCZFnCA2TrGOgvJRfo+G9IKAbZl4CYWXJqVRYA0BXXpRi1VAUZyueRCdoenFTtPZnrXzadPHAntJvWU0fwRegd+J7+xGvlGX2TXipQKTr8wkfKwoJqZ/5aIEiFFjLIn7oUdd29xuL8cDd+6ilWqs8azs6128WH+hqTugonExzFdXv11sXhaObzuv0Q4fk8sMqh2Mh6YuY35QOj/9qZc4mPNDN4B54da53PXHODGg5Exe/Zed+2RCxI4RSIypvJMQof51dHxZ13Bhs+0liX7xCjprKfjawr/PQ29UDeILu5zqYXdHJS1GjzGlcdcAy/hz1yLhIPcStrR/eXdoKHbE6srEWmaISaZY90Ax1yHWQG3oayWnLyhxkOkH7rGSmDIzyCQ+DNxhN2VlzvAg/dt8m0RW4Pz6Gh4c7T9v+MlMlO+Ay4sb183Li7acYdwO7lqo/7lZAeytAbUSo6KlPhFZvbYEbYHy7f+Z6mNEfvewX5ZW0ujzV9uQ5gBljkEnJCFl5zK7pGKhZb/5r66q85lHeaptvM7JjW8RpW3mO9wSKNMAmDw53sVzJdlou5MGc7hAaQkdiFRLB7PsYakqvEtcIMw4c0kwdvA76pWf4DPlvkk13FzYRDI+h0UUmesc+ESa211D96MYnVJXDz/z9C0NwPBqqbT8wmtWVYROGzWePkZETn//Pn4Ogb9tmJWrLKd8rt+ar4kCJDzzLiFUX6lctMlHYe5B9vSE88rwca1nJjz64I81A0DxahF5H5l00QhAAyjODLZO7hIPAl+A8qR4j8068SJ8gxcviMGzvvlIoXnPUKknIWHMAcb4U8FiYUudN3GmYM1mOm36ZT6eVbabFoCD4r2IS+xxxwbqEXH9Q34fog9dGr1BYWgz3u7Xaem4Mu+lR+syH5mO05Qp17bMbQDQ3Kq4PE7CST+D7H4roLF1Pe2zdGv1iia0qI7bUXAqYStrU33Ty4118WLseJzDyDX5PLJcLCsxL10xdylCYohNYkX3mvAzOSSGe8f5RJMpGDbP6G1iclogBCLdhrRk6eOHARhm3GuVIh/HqdtcNF9lpzMoQmR5ZD589PLFXzMvNRbKHRLPueyC+5PJKJ2QqBf2vJF23Fb9mL15Hf9Rm/oPEGOdYpjBQx819CfVuE566oWnSu8KX/GtHACvMDKyM23yeHpRL/SvNWW3/ujRwy6eeetEjEEhmvhTZzKGQMNDduhszoWmg0LQZQtbNwktB+grut1n3NZzVG7/jmsZ84nVXzz7rmSqtYG5Fcj12B0CdcxIIm+JTH0sJ0/khjp3WkLssKqK6ODS7EFMpODZG6i3ZdrncdSINbvTJdxkTkPzvvKYusqJAJ0vE/9aNAlYDx7PfCVlABHqNIEDXaAMO0OYCBjT9/BQwF+uHJD9PfdEn2azBnS/zic0YNnJToL4q+KmnNtbt5S0maH9Qd1rrgiYeX0JWaPHYY+fLwv9ajU1qYkyg0votZjYLRbpIZJIp0RvQWeZdCOIFj1mADDewSsBgV9ya8DbCXwWloyKotacuzfG+wCM03V5s6hc93xZC32qYiv/MmyAYXrzWS4Np3EebAOLMSbga5G6ov0920ZelR9YxSAjg9havqGLWK5yI37UWYuSxGRc4xifCvOcSD9s1IAztLaJA0Q5W9Lb00ZrQeJ8jnhIlyFziMHGd7f1SqfW1vj97NL0uUAkSSKp8zvkx+k4i5ir+zcjNg8/nkZHhRe+F9eAD48XSZCE9ZCuSEbHwq3KuMc36ZBrM/pKeEhoCv8CL8nS2pr4LsHOANj9x/FlX24ohwI3C3S1GGN8iQ3wlj8E1VmEAG289TQPAHej0n8kW0T54p0jlf5kzJQvmAdjmVvWCm3WSrm3+hZMKZyiWy5aKg4nl7oMonoeGCOXpNsA/J/GHwHUQRybAAz6JdvOLSME6I3KneqbKJRKZEMrRO0ju/SQYwJaLTVgf5lmOW6lG/raUA1OM+sbApBJN4Q8ONXvL8ePECMl17E3+gF3w5dKBsskrHgVcI7oa3u+FVqOZViJXrTgf4A/IfrgS8eU6SH2kVoBoGHTqPf4fjYZXkZq1BPNgUR35Q0qm/hxwI4hAMr8AQ2bBnzvu20lFr9qcxpFVHGngziFLlxiHS8AizwtuT5R1zBKsIjQd7tQ4KxEUMNZMUojLVr1IkxenmCBumnZh9SHwiFi0Cndo8ss+kU/QotquVJPsBjwHLBhrDlO04C9jiS7uZQtFGl6Txe5DD++whdY4kfTZ52FmwfNk2MitbdRdWuIxROPmDDdIIHUXd/aR/0Cef8s2IrywPocN8UExmvnDFRzzbNxVSCir82V1GI2BWwrW2UyXr/xc06+Lt1S,iv:ePVAAcOvaNMsPBycPEA4wjje9XkHs5ZdtdQdrUS4MuM=,tag:7OtRWLxVx2bZVcVAfTfKUA==,type:str]
name: privateKey
- data: ENC[AES256_GCM,data:wNZe1i9guiJXlPXB3WROfhrNqQVPvxLiZ8hQTJEe6ShamXOrkkaK+0GprQZNY9x8mHViiWjfgDUPoR3EcIRW1XcPxeEcxeWdSKhL4TbnETKhvGes//NWpW0gM7C0sKLRjL6WW3G42M1pcgCRgvFSbcJOA3weSylkY9GBkGLzxDmN0G0PKpIYvkfk7yp+KTk2aPqWRRQT6wuluCwI+5vtqASpwPJkxsn3IN0IQhWzCvNGhA1Tw0rI//eaU1vFYpMc2TVn3hVvMrVFTUMR/sqFAGCSXDVruZKMUrLTIBLdyWKqR227RpSMOzOBVe2AFy1l2iKvGs3ApVMJXR1Pd+4A4KZH5d7Il6mBsCCZ+OByCXrgo1U10sV0+mGnO4Ct/0Atz0UqbsiCRORwt709AGBb9Z/mFeQkhWfJrJPxHPWCIr7eKLSHiV6HsyHPJkoAAkevypO6dKxdd9L0vt3ygUhym7DLTKB3zdZBhERZsJ+jf1xxm2PzjWE47hz/+Hi12CgWnSl07hjPtZ/goQRF3e08myKVOXxKvzpCF22d+yG6AzGf7Sj+SXXsJza4VH/pVMiu59PqOKYjnaK8vL9vr5Cj1I0h5huTiFBBNtAlZvMltT/iRIJn3/bni3lollAuHBoKbZ0B3l15zRdgt1iI9i5g20+YYa3fdKo+3RyXCoseX8nGQ4Cqo3Z+G/msi/GryNZciWBOtvohRb/5mEJ98eR9sJuPLJ5Wkbb69x3vnOjHXNr3YxAYyDAw98tVTRItXBvS+ss2qDz2oPRgaoTCWYJEF6InxkvCtz2IwORRfN7Gs/0k5JRC8vMmRR2XZE4kL7tdTZLhAOKIhgBkxVFL6k6fen/fv3AzTld/u4p91MPzEa8YBPSxt+XXqqH3Tf5BqAwvbuBVQNS3QRjIvusJfERssJBa4v7ucP1s2SRO4EYW16AKvk4VGbx2yPPPE4iHRq9jeGM+bos=,iv:IhyWdsI9sagRPa7nl6ILycevQBxGmOvRUxyiVz2yEdc=,tag:vP8tD/AQAirsQLl16s0Alg==,type:str]
name: publicKey
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-10-01T20:16:44Z"
mac: ENC[AES256_GCM,data:WdROP4bxBmFF8o8F3Ai5uK8OrBP26o+jyfC+Wox6LMi/erYIyf+0PnwsTCIkbVccCrlocH5Ta6J2EM0oKcx1nix1Jy3z9zgD2YOpwAKnr9OHsXeR3IbBwJKLjbgf/U4yQLLkEdgaX0LfBdobFVa7W8NjbTO/oMMvxz20Q2djbtg=,iv:uj9lh14yKOn7lPNgQ7RA6ZABKu5GvdKCWBE/NJKq4+w=,tag:B1JAytDiMQVQaz02z10Ltg==,type:str]
pgp:
- created_at: "2021-09-23T19:13:23Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQf8CxX6hQa+3E8rotc4sutTTsZ9ObfkzvOS0N5ZmqEWO57D
v/+kUiaqlkFPZLFhDh8dxHPSoerhBZMX5SuZQeFVMe+5hsXzzQIUaopBeuBjd4YD
NxqvLxkXQHQQw2e0rSfek3mQLbUTHvvhhwsZLLJKCqcoetGH0dyhOhByLBL5SFBw
haF7+EIXM3INfxqNxEubO8HXIY1+kUkAstChDvawvIiGSGBN7LTQ6haIxDYh3So6
q2zThSvusNdsiK1XznOZ/PS0/U8Cf9sAxvl/IF1tjg/n0fsuyhumkhnORZX78Hos
wkAe534j4NGVapcI4UOj+WAl2ceNwTCuxIX1Mf17QdJeAc3SmJAgDIw8/FAxxO4z
B0zPFaYUU/MCGVBmnhrE3hrQC8eVUsJKxmxv8o+g9TtP4SIGEoEmXC9WaXrKPVai
uuEGKpB2L2CMLa9GWS1S6LaKByTm0EEiLnW6WrxC+A==
=K2dp
-----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
- created_at: "2021-09-23T19:13:23Z"
enc: |
-----BEGIN PGP MESSAGE-----
hIwDXFUltYFwV4MBA/92YWKPyQPmfYk0M+1GUkprkhcJwiLRdPrYE6n6K6LTCVUa
o0YYL94dzwHzBnzeLvKJwkY89u/CwVPdTOL35JV/eZrkxStm5jd5eS60sF5KuNxh
HqT6g42Mf6wu3kU7nnBlf5d3dWUqbaZzhyxNEZ3lcy9Mm+xQKSQL2C2PHByj8NJe
ARcGFFsHo0erhuHY33vYQbgb+EHP8lOWHhGQmmhW1H0xucHyBCrF9GzNEVB2Cpbn
jP10lMeWVtN7C+/R4hDDACi2hplmIyS0DZLuAxd8pH675KV/mQUWM/NbigIDPQ==
=eNEc
-----END PGP MESSAGE-----
fp: D7229043384BCC60326C6FB9D8720D957C3D3074
encrypted_regex: ^(data)$
version: 3.7.1

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- shareable
- encrypted

View File

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF1oQV0BCAC1iFfE7H3uu0hbWbRYVMoz5zZ91ACHETCOMVxN8GOG4SV0l8aQ
wmK9QWkYxhi52LnicVD3D7Uy75+J3zkvEDQ15C0AZ8UHXp4JlSQuXpFhrOhfYUF/
6pr/QexT+hQjOacvY4qfnj4xKa/AGdv5vPIygtQumE6r3GhEVAxQ1GSwtCWSU3Zl
3Uqf7S8kDvJTemtR2UkVfpXcMd4AmMKgt7fVhPO8eFotqTLPvz/iClzER+q61fLA
d1rP9YlmY46MJp/PffPicWdJiKv2i6ynKcIwkrQyP6V2ZzYi/gAhNJst3ZlMfsiN
ekCtcow9Bn44uxW3U8W02FNQSNyn6V6QPDIXABEBAAG0U1NPUFMgRnVuY3Rpb25h
bCBUZXN0cyBLZXkgMSAoaHR0cHM6Ly9naXRodWIuY29tL21vemlsbGEvc29wcy8p
IDxzZWNvcHNAbW96aWxsYS5jb20+iQFOBBMBCAA4FiEE+8e54qT5KJrAwdSEPRbO
5KJzgbQFAl1oQV0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQPRbO5KJz
gbTDcQf7Bp7e2zY9pBBXTgDASQl31SSHp9WkRUV5iqPVC9iPCELggteBGMwIpbDl
obc6O8/06foxWctTUaaciPBo2+jeWFTO+DNvB7oXIArqr5673QHLh6jEABBjyt91
rvta2wYF1XJBgxpui9aLICsCptFNIRvHeKUrXBI4fG5z3CDs/EOoY8K/AAYJUF+E
RtmvmisiE/m20UpbYRmkBJy25c89Wcn12I1SUJA3H3hGwvZCYp8hY1HPxxQUtU+D
ZBIpryi0xQqExGAlYqck7G03F+AD7/csaT1LEdCtWRLNwE8UkvfUF6liF0SgzxFo
1pp3gBU4swds9yO9wNe12JY/M5A/BLkBDQRdaEFdAQgAtun8JhSpNAKvOXwWX2nF
hnMXTJp4viMhlAZEdmMXEi27B2DM/nRzldjxGZoNUBSVbJNj2kx5ZUDl0o6eOpCh
vRaGuCOpYqOuSQvD8FnX0NgQULwuTZ+MawsaezktJEjDSBM1R6uASeJwDZj4hcUn
PgyAIESajPdowEkEjdYt261fGOLLcVoVdtqzOMBkLVdrK/FD1kGR9jnSlKEYDV9D
veBUBQGdqkgWXjS5BKcae07viC6xMa9AJS4pizyDALB2k0HQOelZNihOGXYUuvkc
s2Fivl0Tk3OCfH9XDvFehbYRHmkRDoMuKUDSzdy6tFBAkL0CPlXAWI6kQklaBEp1
9QARAQABiQE2BBgBCAAgFiEE+8e54qT5KJrAwdSEPRbO5KJzgbQFAl1oQV0CGwwA
CgkQPRbO5KJzgbS7zwgAndbf532OXo9HwPH+yQQmzQCLDFL6P4V7LcFrrydYItTE
hxqI3tbb96MKXRAt+G5Mw6JjRkWhwzbU3jE7D7XBMHw7GriTTU9QltNHg7VUpSSa
iTfVcSNErzsaqbjbA7jMs7VWzOq4LZo6Efy8UDKg5qcqLFaTQrzQZYNHNfM+kLAi
UPU8m7vwmz6oJWsjHkQKUhKhHptlpwMwdHkoacqDO0x2H6H91l/PnDm4ZG6FybJt
cjr98i+p52/XOo81nLgX7tcFS3nrN9HNdgKg1ZW3yrzg8NOaFCVA8qLDgLk//M3q
DixOxiurECkFrMvt/bDxEGpN5GVy550MmyUZQrkuqg==
=Zs2s
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mI0EXWhBiAEEAM+5U/ol2T8n9Ns1r11eKun/PPArXxmo2502pAY3cf7ZpKDFfAvC
VF/PLusHcJToTCPOT0RVh5jO1MiQYcvQlnUIJOIEkCuUc7RsdBDsI94o+SEiGSN4
DzK711xTvuhgLbFvCB/jcpjN8wpIYTJuD6wE75sf5jqlokrnhXZy5LcbABEBAAG0
U1NPUFMgRnVuY3Rpb25hbCBUZXN0cyBLZXkgMiAoaHR0cHM6Ly9naXRodWIuY29t
L21vemlsbGEvc29wcy8pIDxzZWNvcHNAbW96aWxsYS5jb20+iM4EEwEIADgWIQTX
IpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRDYcg2VfD0wdEdnA/9mMGieN4hrnmgMwchZ5fplBAUCeB4R+KewSHce
gfQIxN8i3vCOHaqmF8cmc2ifXfioqsSQU9JdRl7dx+TN9sgyWas1wfT01j98sfPk
NQrgrOxC/24SQ9f7C3bplXO+25kLXCPTUomMj8zf9marVeUVNeC6IduFRRI7hxrz
tIyN/riNBF1oQYgBBAChXi00fmpEs0Jiq0zOyYm9i749VoOsNReoB/5ix1QCimwV
ZKe1D37IP5Qqysxy+LIQc4lJ+Q8foNOx1Aev5+TDyv+iU82D9xr9uPLLbA82k3AZ
04OrBjrZ/Yt1NZhuaHzciZCPpmqzF9kqVqAZc+vMiKZL1WZjS7O1FwaidY1vXwAR
AQABiLYEGAEIACAWIQTXIpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbDAAKCRDY
cg2VfD0wdMMfBAC/66LvXwBPaHDakr0lo25PGOWWsf4o8yWui/Q/yhcc8KiELlzE
zmwnq0JDSodfJ5agMTxXfVu2oVUBDKuvTDLSCe2XUv+2ufAweg/xr/FrREc2TkLu
GZy6FMdtB7Ik1uJElmkIhnU7KsXXv6rq71gE+PCqnwqsn/SvLLaTJvtlEw==
=PafV
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -0,0 +1,10 @@
configMapGenerator:
- name: target-encryption-keys
options:
disableNameSuffixHash: true
files:
- cmd-import-pgp=example.pub
literals:
# user U1 and U2
- pgp=FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4,D7229043384BCC60326C6FB9D8720D957C3D3074
# - hc-vault-transit=http://127.0.0.1:8200/v1/sops/keys/firstkey,http://127.0.0.1:8200/v1/sops/keys/secondkey

View File

@ -0,0 +1,23 @@
# Site-level host catalogue. This info feeds the Templater
# kustomize plugin config in the hostgenerator-m3 function.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: azure-catalogue
labels:
airshipit.org/deploy-k8s: "false"
cluster:
location: centralus
vnetName: target-cluster-vnet
resourceGroup: target-cluster-rg
controlplane:
replicas: 1
vmSize: Standard_D2s_v3
sshPublicKey: "QWRkIHlvdXIgYmFzZTY0IGVuY29kZWQgc3NoIHB1YmxpYyBrZXkgaGVyZQo="
worker:
replicas: 1
vmSize: Standard_D2s_v3
sshPublicKey: "QWRkIHlvdXIgYmFzZTY0IGVuY29kZWQgc3NoIHB1YmxpYyBrZXkgaGVyZQo="

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- azure-cluster.yaml

View File

@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../function/cni/calico-capz/v3
- ../../../../function/cni/calico-capz/v3.20.0
commonLabels:
airshipit.org/stage: initinfra

View File

@ -16,8 +16,7 @@
set -xe
# Deleting Target Cluster resources from Azure Cloud
echo "Deleting Target Cluster on Azure Cloud ..."
airshipctl phase render azure -k Cluster | kubectl delete --kubeconfig ~/.airship/kubeconfig -f -
az group delete -n target-cluster-rg --yes
# Deleting the Management cluster
kind delete cluster --name capi-azure

View File

@ -36,7 +36,7 @@ export SYSTEM_REBOOT_DELAY=30
export AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH=${BRANCH:-"master"}
# the git repo url or local file system path to a cloned repo, e.g., /home/stack/airshipctl
export AIRSHIP_CONFIG_PRIMARY_REPO_URL=${REPO:-"https://review.opendev.org/airship/airshipctl"}
export SITE="airshipctl/manifests/site/az-test-site"
export SITE="airshipctl/manifests/site/reference-az-public-cluster"
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${remote_work_dir}
export AIRSHIP_CONFIG_CA_DATA=$(cat tools/deployment/certificates/airship_config_ca_data| base64 -w0)
export AIRSHIP_CONFIG_EPHEMERAL_IP=${IP_Ephemeral:-"10.23.25.101"}

View File

@ -25,7 +25,8 @@ set -o pipefail
: ${MANIFEST_PATH:="manifests/site"}
: ${SITE_ROOTS:="$(basename "${PWD}")/${MANIFEST_PATH}"}
: ${MANIFEST_REPO_URL:="https://review.opendev.org/airship/airshipctl"}
: ${SITES_TO_SKIP:="az-test-site gcp-test-site openstack-test-site"}
: ${SITES_TO_SKIP:="reference-az-public-cluster gcp-test-site openstack-test-site"}
# Name of specific site to be validated
SITE=$1