diff --git a/manifests/function/ephemeral/replacements/generated-secrets.yaml b/manifests/function/ephemeral/replacements/generated-secrets.yaml new file mode 100644 index 000000000..6b4ee3515 --- /dev/null +++ b/manifests/function/ephemeral/replacements/generated-secrets.yaml @@ -0,0 +1,72 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: generated-secrets-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:latest +replacements: +- source: + objref: + name: generated-secrets + fieldref: "{.isoImage.passwords.root}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_ROOT%"] +- source: + objref: + name: generated-secrets + fieldref: "{.isoImage.passwords.deployer}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_DEPLOYER%"] +- source: + objref: + name: generated-secrets + fieldref: "{.ephemeralClusterCa.key}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_CA_KEY%"] +- source: + objref: + name: generated-secrets + fieldref: "{.ephemeralClusterCa.crt}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_CA_CERT%"] +- source: + objref: + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.certificate-authority-data}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_CA_CERT%"] +- source: + objref: + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-key-data}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_ADMIN_KEY%"] +- source: + objref: + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-certificate-data}" + target: + objref: + kind: Secret + name: ephemeral-bmc-secret + fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_ADMIN_CERT%"] diff --git a/manifests/function/ephemeral/replacements/kustomization.yaml b/manifests/function/ephemeral/replacements/kustomization.yaml index ced9d187c..200346b7f 100644 --- a/manifests/function/ephemeral/replacements/kustomization.yaml +++ b/manifests/function/ephemeral/replacements/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - ephemeral-env-vars.yaml - networking.yaml + - generated-secrets.yaml diff --git a/manifests/function/ephemeral/secret.yaml b/manifests/function/ephemeral/secret.yaml index edf321876..0970a7ed8 100644 --- a/manifests/function/ephemeral/secret.yaml +++ b/manifests/function/ephemeral/secret.yaml @@ -17,8 +17,8 @@ stringData: ssh_pwauth: True chpasswd: list: | - root:deploY!K8s - deployer:deploY!K8s + root:REPLACEMENT_ISO_PASSWORD_ROOT + deployer:REPLACEMENT_ISO_PASSWORD_DEPLOYER expire: False users: - default @@ -42,7 +42,7 @@ stringData: apiVersion: v1 clusters: - cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + certificate-authority-data: REPLACEMENT_CP_KUBECONFIG_CA_CERT server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT name: kubernetes contexts: @@ -56,19 +56,19 @@ stringData: users: - name: kubernetes-admin user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lVRUZqa1hPbzMvM0YvWkg0eE12bkpTUUhVOUc4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweU1ERXlNekV4TnpReU5EVmFGdzAwT0RBMQpNVGd4TnpReU5EVmFNRjR4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSlVXREVPTUF3R0ExVUVCd3dGClVHeGhibTh4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyZFdKbGNtNWwKZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFsWGR5bHArVwpaVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMbHRGUVdQL2ZJYVdTcllhWEVzNVhiT09XCmVXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWtXd0hkalJYU3dFWEVvWnNuQlZJcVpnUE4KVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWjhDYkhkS0RPMTV2bnc4aXlCVzdIRVM3NQpoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2MFdQcnpoVGQ5M0tBVUJyUEJMNE4yeXdwCldEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3NvSVgrV1FERTV2c213OEhnYkJ1QXBCcm0KVCsrdHMvSFVEM0NMQVFJREFRQUJvMkl3WURBbkJnTlZIU01FSURBZW9SbWtGekFWTVJNd0VRWURWUVFERXdwcgpkV0psY201bGRHVnpnZ0VBTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRREFnUXdNQjBHQTFVZEpRUVdNQlFHCkNDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKVksrcDlpVHNHSm0KZFpRNGhMSE56d01WanZiMC9DaFNLK09FTU95dm02OFFieXI0RUdZRTRzSzY4ZzVzNE9nODNHMkR4M1Z0aHpMWQpUaUhKVkl0NG9YYS8rYzlYMzFqOHFZeTNiNng1Q3VzSUgvZ3JJL3lNT3k2U2hiaEJhNG9YVG9id256NVBlZWJjCm5KMm82aHp2Qno1ZXY5WmRKYkpWZEtScXB4K25jQ0ZmbUdSYzdRenFFV3dpMFFuaEVyVFRUdmhQYWd1cjRJd0IKYktQclpCYkRIZE1KNk5IN0YxUm13MDVvODE1WVZ1Nnp3WlVjZGEyajgwbGZ0Q3MxSjVxcnRINmg4N3ppRXllbwp1dlZiMWxqTjZmWmNiMFFtaGRZNjl6K29xVEZ2U2U5QldnQXdSM0lJMFdUQzI3cS9vYjV6a09KY1JkdWJ5dENRCjlCc0VmMllnSWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbFhkeWxwK1daVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMCmx0RlFXUC9mSWFXU3JZYVhFczVYYk9PV2VXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWsKV3dIZGpSWFN3RVhFb1pzbkJWSXFaZ1BOVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWgo4Q2JIZEtETzE1dm53OGl5Qlc3SEVTNzVoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2CjBXUHJ6aFRkOTNLQVVCclBCTDROMnl3cFdEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3MKb0lYK1dRREU1dnNtdzhIZ2JCdUFwQnJtVCsrdHMvSFVEM0NMQVFJREFRQUJBb0lCQURxRVMwNkJLR1o2RWVreApaQVZaQk1hamJqMmEwVmlsb1lmWUtCTnY2S040NlZnSHVBUlI2bjBOb0JRU09MekxKclpzSm5veEdDWnJZa2NCCllRSHRkTFh5b0dSUExwTzR3YVloVjcwNTd1YXJoV1pINHFobXNKQ2Q3S2J1S2ErRGlPRmlhOHNJemduL3NkZHcKdFVVSEFYQVdPY2xDa1NnQjBaSjNXZTdPcVBiMTlFelA0TW1qQWNGYithWUMvazVITEZxS3psMkFvc3YvUVRRTQpWcTI3NHhWLzRwZHNneE5kWjdiUWhrUG9BelhvOUIrdkFQQ2J1dmhpMzVxdnRGd1RSMUduSmFsUTBDV1ZzQkcwCktwbW8wMXZwYzVpU0wzNkF6QUd6bkIrS1plK3dPRllpaGVaQnI2RnM1TWs2b0pWSFpMeG1KYllHRVN1LzFUdG0KRyticjRna0NnWUVBeExLUGpXaUFQOTd3dk1GMm45L1FXaVMvM0FiYkRvM1NVK0kwdDFWUDhob1dCSEo2aDNQNQpHK3d6T1Y2Q2VUNHpmUFlaZjNFaEJaU2V6SExQV1ZLSFliOXFNQS95TUs4R2NwMXNBZms5U3hkKzdGT1VoUXlJCmFBY0pWelhoRGtkM3kwY1EwZHV0MC8vakNueEV2ZzlYa3doK2NxUGJ4ZmlyTkkxaHJCbWtrMU1DZ1lFQXdvZUcKNHRnY09xS3BQRzVDYzVsSTFhZlNES2s4M2ZmTkxwMHcyT1BjWWI4YlZSREZabTNhVlk4S1Q5emtudmJaa2JaeApNV00xUEFkbGJSMXdJeTV0eHplNzFuSWt2cXNhZVkxcEE3TzBKY1VPc1FBR1VNc3RaSjdjWTlnT3ZtMTZLcU1QCi94UXdVNm5UK1NJdXh6WXBXV3lHUStXclJQV3kwRDJ5Z1ZqcUVkc0NnWUVBdlZVUFB0TkhGN1BWMENyOHJ6azEKaVg5ME9pdFRNamdySzFsQzJ2SEFpVTY0d01FYzFrTTRscnNPTjN1VVpYWU5BNHl6MEdzcG1RQ010a2tRODI2dwpKOU9qTis0eGR0RVNpTUtrMDJXQXJVWkpndHVVeTFqYitCNUZ6Rzl0V1Z4TG9CeWd3UkFPeTFDMHowUDh1MkZ6CkwzRnVuWlRDR0ZhYkhYTzFmMzRUWDBjQ2dZQk9xczRTbUlDNSthUGs2MVgyTjZ2cnMwVlBsM1VrOHB4SVdJc3oKZXRwWnNSWVZqWVcyeVgvOUQ2NkU0M2lWREpDcHk1VDArd0RCT09COGd1WWhaQnBDOFRnR0hmemNHb2ZIVmpkOApwc1NZYlp0bVd2TXk0eWVGUkhVdDcyYnUvWWpsQ3pKaDNrRTQ1RG56eXk0Tm84cU8va05CMi9RcUhBNW5CanhVCjhLY2Y5d0tCZ1FDQ1RQbnBYMTlxQXFMRGtSYkVKMWZXM2Z2NysxamN5QVA4VEpTV3ZmWWQzdklEVk1pcVZkcG4KUjRXMFhVa0ZBVVJYM1hDSTE5SVRNY2Zkd3hybHVrNWtHUERnM3Y1cTh6ZVJRdHRnL0IvNkNoZGt2akxzRnRHdApINEVsOGhxeU4zM09sdHJNWmdER0FlVkd4YUV5N0h5SFVZRmpKalRKdnE1azZJRmIrcVVTVnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + client-certificate-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_CERT + client-key-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_KEY owner: root:root path: /etc/kubernetes/admin.conf permissions: "0640" - content: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + REPLACEMENT_CP_CA_CERT encoding: base64 owner: root:root path: /etc/kubernetes/pki/ca.crt permissions: "0640" - content: | - LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBelZGTGpES0NQZUpJRUIvMEVZRk1wbkpUV2x1QUtGM3Bqc2pNcGw1MkdNTHI3TGwwCkdKbWpsNHZPQ1FPeUhmejljSkxPbzRwN0trMUNuZklCZ3E5c2tmSHZ6cW9kVmpyemwzbGRQZG55eXRST3hQakoKbHl4Mm5kYklhM2ZqSy9mcjhBalg1SjQ5RDY0MGpOek9qY082RllZV0VIM3RYcWtYNFJEUjVSektjejJ5RjMrbgpSaEN4Zmk1OWVxRUlQbG14KzlPbDJTNzh5TFptNFZGWk5Bb3pHT096bkNCMEJtbVhxeTM5OTJkK25CUDJuOVUzCmllS3VEUXJYME5JZEFndTZSSnlnekNhd0RIYVIrVWN5RTZUejBxcUxRaUgrRGF6Z1JyaWhnTmpPUzF4dENDZlQKQWlPQ0IrKzZ6Zk5DVWJmdUtscnlwT3dwNTlPQjFIeUI4RUxrVXdJREFRQUJBb0lCQVFDU0lPNFlGa3JFS0swSgpiUFNWRU9XeEFXVjV4ZTNzelFwUjZYQmVhSlM5QXQ1UFdaN2JjMTRQbWgxR0pTODhVTGRBeS92dVFiMXZXaFd6CnZHNSt5TVFKQzV5V0JsVmk3Z281SU5QUUZiTEwwVmRPc1pNbzJTaURKajcyM2hqOVRqTEtZRURvSWdkcmhaMDUKTkY1K1gzT3RwZ1ZHTDVvbDZVdHBrRU1UUWU2RkhYampxU0d2VkRhRnFWS25yemtVZitHcks5dXVYckxqWXpMWgo4bHpEbWd0YXhyN1pobnp4eEZMVUwzMXg0MFkwbGdzSkdTNHAwMncxTFdzL2I2bjBQKzk4TkxvUW5nS2lZdmVUCkM5dlVHT0dWWkJqNnBPTEdocWEzeWZ0Q25hbm1IRkFWTWN2WTllWW9ockFFWXlQenJPRURVR2pHUWJOUldwb24KL093RFI2T0JBb0dCQVBYUVlPM0Nhdm9Tckw5UTNZRmcrblRRWjFEYnpGYmZ4WjhYYVhWNUpDWEkyOG9ObG8wVwo0bCtMSnFHOTcxR2YwVElKeEpUcXRNU3NxSHNpdFZPOEthVHIyQ29XZWoybHZWWGhId3FSd3lhSkM1UllPR2VPCmxHY1MvM0xPejZyeE03bnJpakxUdHFKRDNjMUl1RTNwOERwNjFoTUlBYVI4WFlPNDVUNXMvWGd4QW9HQkFOWFQKVTNpNkZPYWh0ZjJQTTJBMHc0Sysyc2xVeW93VXhUQytBQmJrbUV4aGJiT3ViZ2VPbys1aFpNTjIzcGFnWWt1VgpSZ0lnQkE2Yk81RmRKMkhVRm5HcEdCMjVnOXZpd0k1ejhwZ0tsU3pGM21BT1dGWHBsWlJwT0dMbHpBbmpLS1RLCk1TQXRYS2UveU5IUjltUmFWd2hiK21QajVuTjlLcmQ0Rmd1WWx3ZkRBb0dBS1FwM2hIclhYWlZNbmt5a0R2dmcKRlN6T2N5T2ZoRW1zTnhtems5ZDcvNHIvbDBhWmdrajExcm5tNDA1UTdMSGdQWmgvNTlVZ0JVNUdldmlhaWJaNgp4WHhUQlFQbnVPODVJMk9JeVR6NDlqQWZiTThsNjdSVWRya25TVVhhU2xJbkxyMXl2M1cxb25YdVRGMzkxNVJkCmRZWVl3K2lzVFlndUhOWDhBR1kyRTZFQ2dZRUFveDdRTXUxaVBIOXBJc0kzNDFEZFJjVHJpMlBRRVFWWFdWUFoKSlozR1FaNmgzYzFYeXhRYUl5VFJoZndNMnNRSHVMbHI2dnNablRyM09uSGlOVk5pdTlyUHR2MXJoamQ1eGpMVwpBdjh2eGpRODdQS0VtU1hWSXA4U2tQL1ZwRVZUSUVQUExranN3bHdnaTFDdHN1am9ORXhXdkJXRUhONkQwK3NjCmhrUW1FNWtDZ1lFQWx6QzB5clVOSTBQMHdKQUw0S0JoM21oNDZST2V3TzIyb1FhZ0c4c1N5SjVpT0NIT1VaZDcKVnhPbmRZMVdKM2M5ZktXWmVQVXkvZEhCTUtjY2wvZXJmbkk0aHZ2bnhvejNob0Z2SDdnMHJGVU5vYVZzdlhpaQpPY2NCUURVMzNDdW5WVjRmeGNyNS8xV1NwUzZoT2ZIZDJ1NFZjNnpwQ2dTOXQ3VmFzZ1JweGJjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + REPLACEMENT_CP_CA_KEY encoding: base64 owner: root:root path: /etc/kubernetes/pki/ca.key diff --git a/manifests/function/hardwareprofile-example/cleanup/kustomization.yaml b/manifests/function/hardwareprofile-example/cleanup/kustomization.yaml new file mode 100644 index 000000000..d3b152c8f --- /dev/null +++ b/manifests/function/hardwareprofile-example/cleanup/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- smp.yaml diff --git a/manifests/function/hardwareprofile-example/cleanup/smp.yaml b/manifests/function/hardwareprofile-example/cleanup/smp.yaml new file mode 100644 index 000000000..f013b823e --- /dev/null +++ b/manifests/function/hardwareprofile-example/cleanup/smp.yaml @@ -0,0 +1,11 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: smp-hwparofile +patches: |- + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: hardwareprofile-example + $patch: delete diff --git a/manifests/function/hostgenerator-m3/cleanup/kustomization.yaml b/manifests/function/hostgenerator-m3/cleanup/kustomization.yaml new file mode 100644 index 000000000..d3b152c8f --- /dev/null +++ b/manifests/function/hostgenerator-m3/cleanup/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- smp.yaml diff --git a/manifests/function/hostgenerator-m3/cleanup/smp.yaml b/manifests/function/hostgenerator-m3/cleanup/smp.yaml new file mode 100644 index 000000000..8c88971ee --- /dev/null +++ b/manifests/function/hostgenerator-m3/cleanup/smp.yaml @@ -0,0 +1,11 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: smp-hgc +patches: |- + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: host-generation-catalogue + $patch: delete diff --git a/manifests/function/k8scontrol/replacements/cluster.yaml b/manifests/function/k8scontrol/replacements/cluster.yaml new file mode 100644 index 000000000..fdd9d3080 --- /dev/null +++ b/manifests/function/k8scontrol/replacements/cluster.yaml @@ -0,0 +1,19 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: k8scontrol-cluster-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:latest +replacements: +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetClusterCa}" + target: + objref: + kind: Secret + name: target-cluster-ca + fieldrefs: ["{.data}"] diff --git a/manifests/function/k8scontrol/replacements/kustomization.yaml b/manifests/function/k8scontrol/replacements/kustomization.yaml index 3269310cb..95b40576f 100644 --- a/manifests/function/k8scontrol/replacements/kustomization.yaml +++ b/manifests/function/k8scontrol/replacements/kustomization.yaml @@ -4,3 +4,4 @@ resources: - versions.yaml - k8scontrol-env-vars.yaml - networking.yaml + - cluster.yaml diff --git a/manifests/phases/executors.yaml b/manifests/phases/executors.yaml index 3bd2be05f..106aa3b85 100644 --- a/manifests/phases/executors.yaml +++ b/manifests/phases/executors.yaml @@ -55,9 +55,8 @@ metadata: labels: airshipit.org/deploy-k8s: "false" spec: - type: krm sinkOutputDir: "target/generator/results/generated" - image: quay.io/aodinokov/sops:v0.0.3 + image: gcr.io/kpt-fn-contrib/sops:v0.1.0 envVars: - SOPS_IMPORT_PGP - SOPS_PGP_FP diff --git a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml index a8326e6be..1d667255f 100644 --- a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml @@ -14,4 +14,6 @@ transformers: # NOTE We can not use patchesStrategicMerge directive since Strategic Merge # plugin has to be executed once all replacements has been done. Therefore # we need to load Strategic Merge plugin as an external plugin - - patchesstrategicmerge.yaml + - ../../../../../function/hostgenerator-m3/cleanup + - ../../catalogues/cleanup + - ../../../../../function/hardwareprofile-example/cleanup diff --git a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml deleted file mode 100644 index 638dc89e2..000000000 --- a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: builtin -kind: PatchStrategicMergeTransformer -metadata: - name: smp -patches: |- - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: hardwareprofile-example - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-generation-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: networking - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: env-vars-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: versions-airshipctl - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: password-secret - $patch: delete diff --git a/manifests/site/test-site/ephemeral/catalogues/cleanup/kustomization.yaml b/manifests/site/test-site/ephemeral/catalogues/cleanup/kustomization.yaml new file mode 100644 index 000000000..db217834b --- /dev/null +++ b/manifests/site/test-site/ephemeral/catalogues/cleanup/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- smp.yaml +- ../../../target/generator/results/cleanup/ diff --git a/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/ephemeral/catalogues/cleanup/smp.yaml similarity index 69% rename from manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml rename to manifests/site/test-site/ephemeral/catalogues/cleanup/smp.yaml index 6c6b85275..5b96bd725 100644 --- a/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/ephemeral/catalogues/cleanup/smp.yaml @@ -12,12 +12,6 @@ patches: |- --- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue - metadata: - name: host-generation-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue metadata: name: networking $patch: delete @@ -33,9 +27,3 @@ patches: |- metadata: name: versions-airshipctl $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: password-secret - $patch: delete diff --git a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml index a8326e6be..1d667255f 100644 --- a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml @@ -14,4 +14,6 @@ transformers: # NOTE We can not use patchesStrategicMerge directive since Strategic Merge # plugin has to be executed once all replacements has been done. Therefore # we need to load Strategic Merge plugin as an external plugin - - patchesstrategicmerge.yaml + - ../../../../../function/hostgenerator-m3/cleanup + - ../../catalogues/cleanup + - ../../../../../function/hardwareprofile-example/cleanup diff --git a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml deleted file mode 100644 index 638dc89e2..000000000 --- a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: builtin -kind: PatchStrategicMergeTransformer -metadata: - name: smp -patches: |- - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: hardwareprofile-example - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-generation-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: networking - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: env-vars-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: versions-airshipctl - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: password-secret - $patch: delete diff --git a/manifests/site/test-site/host-inventory/hostgenerator/kustomization.yaml b/manifests/site/test-site/host-inventory/hostgenerator/kustomization.yaml index cef4e0595..e3d57f8d1 100644 --- a/manifests/site/test-site/host-inventory/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/host-inventory/hostgenerator/kustomization.yaml @@ -7,4 +7,5 @@ resources: transformers: - ../../../../function/hostgenerator-m3/replacements - - patchesstrategicmerge.yaml + - ../../../../function/hostgenerator-m3/cleanup + - ../../target/catalogues/cleanup diff --git a/manifests/site/test-site/kubeconfig/kustomization.yaml b/manifests/site/test-site/kubeconfig/kustomization.yaml index d48a7b893..5408ae7e9 100644 --- a/manifests/site/test-site/kubeconfig/kustomization.yaml +++ b/manifests/site/test-site/kubeconfig/kustomization.yaml @@ -1,2 +1,7 @@ resources: - kubeconfig.yaml + - ../target/catalogues + +transformers: + - update-target.yaml + - ../target/catalogues/cleanup diff --git a/manifests/site/test-site/kubeconfig/update-target.yaml b/manifests/site/test-site/kubeconfig/update-target.yaml new file mode 100644 index 000000000..c0da036a8 --- /dev/null +++ b/manifests/site/test-site/kubeconfig/update-target.yaml @@ -0,0 +1,69 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: k8scontrol-cluster-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:latest +replacements: +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.certificate-authority-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.client-certificate-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.client-key-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.certificate-authority-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-certificate-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-key-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"] diff --git a/manifests/site/test-site/target/catalogues/cleanup/kustomization.yaml b/manifests/site/test-site/target/catalogues/cleanup/kustomization.yaml new file mode 100644 index 000000000..153dfff8b --- /dev/null +++ b/manifests/site/test-site/target/catalogues/cleanup/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- smp.yaml +- ../../generator/results/cleanup/ diff --git a/manifests/site/test-site/host-inventory/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/target/catalogues/cleanup/smp.yaml similarity index 69% rename from manifests/site/test-site/host-inventory/hostgenerator/patchesstrategicmerge.yaml rename to manifests/site/test-site/target/catalogues/cleanup/smp.yaml index 6c6b85275..5b96bd725 100644 --- a/manifests/site/test-site/host-inventory/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/target/catalogues/cleanup/smp.yaml @@ -12,12 +12,6 @@ patches: |- --- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue - metadata: - name: host-generation-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue metadata: name: networking $patch: delete @@ -33,9 +27,3 @@ patches: |- metadata: name: versions-airshipctl $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: password-secret - $patch: delete diff --git a/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml b/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml index 824c2954c..d7b824970 100644 --- a/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml @@ -12,4 +12,6 @@ transformers: # NOTE We can not use patchesStrategicMerge directive since Strategic Merge # plugin has to be executed once all replacements has been done. Therefore # we need to load Strategic Merge plugin as an external plugin - - patchesstrategicmerge.yaml + - ../../../../../function/hostgenerator-m3/cleanup + - ../../catalogues/cleanup + - ../../../../../function/hardwareprofile-example/cleanup diff --git a/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml deleted file mode 100644 index 638dc89e2..000000000 --- a/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: builtin -kind: PatchStrategicMergeTransformer -metadata: - name: smp -patches: |- - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: hardwareprofile-example - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-generation-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: networking - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: env-vars-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: versions-airshipctl - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: password-secret - $patch: delete diff --git a/manifests/site/test-site/target/generator/kustomization.yaml b/manifests/site/test-site/target/generator/kustomization.yaml index b2f240258..37fe4dd38 100644 --- a/manifests/site/test-site/target/generator/kustomization.yaml +++ b/manifests/site/test-site/target/generator/kustomization.yaml @@ -1,2 +1,2 @@ generators: - - secret-template.yaml +- override diff --git a/manifests/site/test-site/target/generator/override/kustomization.yaml b/manifests/site/test-site/target/generator/override/kustomization.yaml new file mode 100644 index 000000000..cda38072d --- /dev/null +++ b/manifests/site/test-site/target/generator/override/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- ../../../../../type/gating/target/generator/ diff --git a/manifests/site/test-site/target/generator/results/cleanup/kustomization.yaml b/manifests/site/test-site/target/generator/results/cleanup/kustomization.yaml new file mode 100644 index 000000000..6dfa81441 --- /dev/null +++ b/manifests/site/test-site/target/generator/results/cleanup/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- override diff --git a/manifests/site/test-site/target/generator/results/cleanup/override/kustomization.yaml b/manifests/site/test-site/target/generator/results/cleanup/override/kustomization.yaml new file mode 100644 index 000000000..14e8aa723 --- /dev/null +++ b/manifests/site/test-site/target/generator/results/cleanup/override/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- ../../../../../../../type/gating/target/generator/cleanup/ diff --git a/manifests/site/test-site/target/generator/results/decrypt-secrets.yaml b/manifests/site/test-site/target/generator/results/decrypt-secrets.yaml deleted file mode 100644 index 5244ac47d..000000000 --- a/manifests/site/test-site/target/generator/results/decrypt-secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-config2 - annotations: - config.k8s.io/function: | - container: - image: gcr.io/kpt-functions/sops:latest - envs: - - SOPS_IMPORT_PGP -data: - ignore-mac: true diff --git a/manifests/site/test-site/target/generator/results/decrypt-secrets/configurable-decryption.yaml b/manifests/site/test-site/target/generator/results/decrypt-secrets/configurable-decryption.yaml new file mode 100644 index 000000000..c6b8f6b15 --- /dev/null +++ b/manifests/site/test-site/target/generator/results/decrypt-secrets/configurable-decryption.yaml @@ -0,0 +1,28 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Templater +metadata: + name: secret-template + annotations: + config.kubernetes.io/function: | + container: + image: quay.io/airshipit/templater:latest + envs: + - TOLERATE_DECRYPTION_FAILURES +template: | + {{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }} + apiVersion: v1 + kind: ConfigMap + metadata: + name: my-config2 + annotations: + config.k8s.io/function: | + container: + image: gcr.io/kpt-fn-contrib/sops:v0.1.0 + envs: + - SOPS_IMPORT_PGP + data: + ignore-mac: true + cmd: decrypt + {{- if eq $tolerate "true" }} + cmd-tolerate-failures: true + {{- end }} diff --git a/manifests/site/test-site/target/generator/results/decrypt-secrets/kustomization.yaml b/manifests/site/test-site/target/generator/results/decrypt-secrets/kustomization.yaml new file mode 100644 index 000000000..4a4ef5320 --- /dev/null +++ b/manifests/site/test-site/target/generator/results/decrypt-secrets/kustomization.yaml @@ -0,0 +1,2 @@ +generators: + - configurable-decryption.yaml diff --git a/manifests/site/test-site/target/generator/results/generated/secrets.yaml b/manifests/site/test-site/target/generator/results/generated/secrets.yaml index f5b4e28ba..17bb49ccc 100644 --- a/manifests/site/test-site/target/generator/results/generated/secrets.yaml +++ b/manifests/site/test-site/target/generator/results/generated/secrets.yaml @@ -1,31 +1,48 @@ apiVersion: airshipit.org/v1alpha1 +ephemeralClusterCa: + crt: 'ENC[AES256_GCM,data:HZtJf820/r8f0YytJeL1X7EXsKL987I1f1gKLoSNHzSFczOi/zXsiRIWCWH6rYn4Z+smlFtAGufvEM8uPJp8ZdGDlV5zHzjOnfMklOB4n5qOEoEKzwhCgxZaQPBw9Jr0SQBVFOKGPiAnOTkkOgfE5FWra/7SkkmgdLbR4MyHar3y88Eumkrqm4qo3RrfVtaSzTWgygtXME7wRnhutbIiA6zxBsgXFpxoaKMgLmwvJpo9PjSxz5CAYq/SN9mKLYGx3Vyr4ovLjtTIorPlQNW+iL3vBLkwhLP41HKYvK5y+rBIxlEU3Gyvd8493lk6Gh55lbgpT45DYaylC6hD+Ec29DdOwFBg9s8yWFHz8rYVElv5a1+RnOfdfnrfYbNk4eanyZH6PBDyzFZ/KRdMEPGFnMVIQ2ngnDLXzCQOBCTjHLb2FlCSWDmNVFSyDx8CAw7ik1AyNgHScfpIdB/cP/ujpDDhJpFioXMD8gSsX+l0dTDRAZo5ZIIRx8gM0446lmHxWjYZM5oT25PW9SDdo+u7L5oc3kMcKXzo2JxQRY+DDXXtz4ZUigh2RGTN764thOoJQA0LXiW/MjuuXqyXHXY9o49EFHsdq3hgq5DDhcRGTg+0pOUoftmCrpZYeHrv7yYnhiwDi0ot/oZQtIi9GWpKgg4uhuK+gN5htQzM6GNbmibgXNSCJPKeG9AMHErLEzI8SfLh+QRz5Oc8NvsTPHw0OigeX2FqW3rTmbsLR/w1mCHy0Y0IEPHrRMDS4HwzpLyWMvjR2RAHx1sA48su/6qRfxOZEhvOvzX/N06WozO4KjkXWH40oUatxyzH9T0SQaw7Y77eH5zh8PPJ1KL+KhtjpxNTP9CZfuJocuskYbXxeGQgKd5Ky76S0pAjgvpCvGCjCb0ltacW7bBFpblashR+ptRxucI05eBVLSjMRJjxtKb41uUVAg5euNeLVx/r+RoFmbna0NCjOKKXm8k85OORfbPOxXCp3zBgz/D3/+2BAdQS3t9LXi1cF0DuAr1165yxZIT2U3/JBBE/wf/d3T7Z9eVSaH00HI8rJCEhg+Dp14CvpjjOIjYkSti9FmhLNOV2S4pjWzDwsLjV5yGQvJJKApm+yL4NcojfUE61jyDC+VFEmOnETcIfF5nghLk8L7QP9su5eRouqr0NboAPFd6K4Ec9GaH28nRSo8IlDDbVqdYYFzVYAn4mTKX6PWdYzKCISPe1BlYPcRiAocOFqDMKCDjxQuVvMnyl8/VRxJXVU7VMU3BoQ+rdp+/P4lFNxaJA9ewvfvX3Dk81c9AtBJ1t213GEwQ1uLUUaIG89l6AYJ2Wkj2uNfVGCwxwTRDQBsrArhFW8Pj01ysSJ2CNoRfkXBVTm9Pial9PJP3e9xBAoODkLEQfeeWxCQv58UacWnew6HXTf3iMDczH4zfAfGbYMhpVnR/iqkCWemWIq4XpdpjJLRSvpLM0Xi7VsHYDZo3K/bA4aXh9IiT3bOsFU2dM9tV9GR3WodwungbM00tTyQv0ADn2OOTSYD8B1pBzjLQDKn3sXHVyolPkGZIU4T9eB47200nCyaI0BXWGtzhEF9O9lPGg8H9AT6q1oW32s9UCzC4+VVUjXVGv2FY/QIZBkAtFnT4NC2P7sY0EpDuUNfWSPg3gYRTuIySRxJMCQevyC09NsmWx0lOiECmcvEnHh61VkmTeorHaoCpx7Jnb2TceYTCB/6fPUo4wZm64wWxpE7VDozpBL0cqjutuQuuDGKQQ153J0Gp619hruPW74iNqhoe+Qu706DGt/ZR6tpgC/pzmR3qno6a/xXuIXgBFGLJpZJNMcbFaWCsjwB8NovBFiOlTOZpdyhSbZi3DQV+SB0L7Pjt9DnGIBhKNyR1VAxoNMcA1fBw1nH0o1/fid6l42baOWc9CFOwyn72hXw+9QAh/wFy0g+mBRpD7gfl7mqr6vuIILFmo0Zt5FA==,iv:+GaLzo3IZQUbrKH+DwoClgPxECOkhyNkKwu6jj9TFes=,tag:7Gouyh6wTV0YG+MMkC+4bQ==,type:str]' + key: 'ENC[AES256_GCM,data:PYh6RRCwUbdFOegAET7Gy3g+m9LfknB4vCq6amB6pOW4Ebp3LmSjWk3fQBWIaor9J9vhB/Irp/LRcwkPg1jdyzKMP/rmmNthdkdbst4oDcZVI2B3SHUVeJgDM4qN4hZ+xHVgSx0QFS3ynp3KA1kweMis3/VqjwGY8835mqVDjNv7g4OEcmj89HZ/cPmkryf9xEy17cs2ixV6LCfB+8LGr8OoKCYxQFetr3auqEKjAnUWaKpQe2touU2oF5iwVtxThHGTu/ytOyRF5yEjHCezt1B2U3DQ3Vy6nt7PTMA0X6QtHHdP1mOIW/DS1CokdX6LaM8ynosH4XqcQMiP/HfLJ8ymx1xL6zl+CkDGS2gTCyYTR+Nq3jwwhac9G2Pa22IpeMipCKqVFGzbs/bHUzUAfj3Arje1ugCLdarZDVjE2qk9UYLqQ8Sw5eq8jEE1Jqh0GyAS/8VIWsl4+0zggSNYmDmeC9lMKPM/ltMxQg04k/gTKyHKqaeoqs8z1Y26taojGUEHFFJhUcO92JZiKlYbpE4lrm60fuLIl6uxB+mSKJkLdFyCON6QhA7rorKM5CZQb2xrU8mi+NY0O1h1MwXsTIsiXLZcDGzsTJKw8mhnRJGWLpqnJ05Y1/DgvtV9EhuaR6pORsovjP5UDH/qiO1n5gMPBes3ikvQkK8C0CcAH7XoVreVe+deEP/1yHnL5SAMP9Rq0xFJ0AupZDyDTDqdkCv/6ngfqcq+NMTinKEyZVyYy5bb9T6bgYoKAuUYnThttUnDIRtLlKLKHwl1VLtoVEpisd7i3WO3Ul6HhJT3gqHCbGVW9K7SFSotAumChmYnvXSVn64F3+lmyDbyUbttrkeooAZftYP7zjC31ITtltW8D321omb7cfwef/iW/bKtkoqIOnENpX0xUkg/JFpiQrTZTOwVCKj2i43whWdel2XEffD6nMSyys50UrOxd5CunDxXvWP6+/+J2g5GcI3JdbGGE/gDfT5V/9v+4P+Zb4/ayL3KaJbuQksQ5dqR4+QZogyjWrAe53I8UQI1B2YdL/ECoNc6QRaxby93Msl2Q7pShsR5tQBjLtgbeiOdIfmQ5nccfMbUPwubYUdErSZhpuquB2avWF6YNwCfk+oj73dWLPbNtALRCNY5rObhVb+T+te1MSxrZJ0tXQToLEk/5AUvrNNgYqD17ssTHuSKGhYkiqvynvIhXd0lTsPMDUV/ecGGh93PynRNhDVpVA37zl2DN+KOEmdJYOLVWgg3zEHoB02rosf0t9E4W338uOOq9wIFbQfoVfhA63vy/2B2EdpKZUOsqgNZqI+VPnllH5uaos0Bona2q9XnIApfT5oqTzqWLUrfw5EL6B/aKunFlVk5UMj2Op8RtRV7qqV1ybVV6azTb6Nf57lzdyyXFj8lmkDZnOBYWuq8ZpXdzNF+PJCKo4cob5VHATV9XqatEfOcMcDyvauh3Xtn6wGlbiD8K1XcrBgPoKxHNY4BjYX+gBgwSu+RqRUVCzw7wMxj8MLg5yGFr1wIfN3fOIpHXNKRBlcaUBujKLXqvsn3CzNokYYXX7Zp9oH5nGlzc+UP9PHGkt2WGDggAfqQ4wcoKk9MpxKEpGYWdblgh13ySZToA2k0a1xHOZZykDTSrxQtxSqC1ht0i0Oa9M5KxQMd2GVfcQyqV/3gZGGJ67sE4pQXfO4fmRX2Y+fcNqhLwYtcoILV0pAiy96y35sTLTTaokMvbcYHbPzLsJ4oqR37c6GYzWERL+Yf2TETpzCQSJpqmOuD+yXbOLW17wpWrIf3wfo/j4dD3las5fBXN8mPcd3a25dR+7sbef9dNMsOqsTkgNGstW7nSp/tymk4HMiVlH1QFGZthfg3I+APuP+Jqnbvyk1E0Eo39xwIXiMRKTqjT4hap5WPd1gfhIBe+Jg0+VZH/IoHkNbvVxqoFHvYStTrEe/kWo5Un2yBrGw6OlE4MNJPgBPS4F7Q+xFZod6XxcOYdvwGlNiYvlb1NRmRMx0Qlt1A7aISW09cverACiR4g108Z52KTqKOzAP5utO1iEC4je3XfEOdyQ84P1NjSxHaf8AIUjYX+oUDgFxsySbdmQzkKIqg4gyw+nVrdARYpPo0FvGVSckKF5o3M83j4P3jWaxcVj0qB/63zgdAgPum7COi8xLBViCXUsXYEczrvZCbCGTv2syGiHwLbYfH2UrIqyoSkkZ6rzZZwD+BqM1pWMP0MNEwca8DIVQFPcItRIt2vDktVmOJe3UJ+7lk+27Q1bC0DbT5PrEykXsmo8H7ctO75R0UEuQDmjuTPiPcTmxhNIi63fu/eW14SmI5m5neAJ6RSfnutCo9ia17A4K8epuZQaoerJgDTfm43uNlDPlPgK3oYHWJE353TlfA/Fkum7g2VhMJ8ceV2lswRjN6hVK1+l5ez+tXRkkjxanIfSBRZxW/6ooM5en2zyzFqV2VBEawZEXG91mQt0aQQFM9Ukg1I6xVsmluNyFGl4Z0YUmm4nhjmCBjx2h2Qe94QI2qBLbrQrmJMiXaqFHZM2hdTFrx/wazywS+eIazb2UbaGsLa8G78nPkYJck8j5pKbUy4MNYZz83iu4pXoaMXDNfQDzaXnceAbOTkeYNyLY0Hrr8h55NFFHY/JLEgJrhdnVt2nSdPxTrNDUQCNUtWud4mVSPMSqZGNXN6ZNHJkt867H/aFGc/treT4xe7cUaykReH2eRSLC06wM2QLyMD6WlZw18QMBRE2n2PfnfaL52YNYHyuIvNzf3HNlW7G8VOOcKOSAanTfJvQph9gAoh1N95xib6u9c+LhPAY59N0oGBCH80bmKYAnbbEgn+1Vle3x9UwGnkeTDR5yo+MWJVtqoLoKggPug1G8/+sUTgFw1gYpAx1a3KM+CHshswMwC8T4fE7cC0J9HuXfeIKm/oIfoY5+gVb3pGdvlXI3C0tXlpr1Iu8a5O07ugH7j+4rzd1o8Qb+0duVEEehKNWNSZA==,iv:JYJ5gIun3lEN156HbX36zhtDMOjUgPBWeGqRBsu/8Kc=,tag:Sopg+BPB6Q3BIlz3doAx9w==,type:str]' +ephemeralKubeconfig: + certificate-authority-data: 'ENC[AES256_GCM,data:fkJrkl1wkOR0rmsEuFCK78fSwWb3P1THxN2pXoMMnNt5AfdxLyYTb2OczfdtxU6HdrCeg3myibW83P4AIZfs5idEOKYeNgh05UDYHy2kxjIqYr8wBFM/OEe8okI0+AK0Fw0TmQzv3KEm+9yWfava5uFMe6eboSGwZ/CjTUMrIihTbw3xcHJ2PY2Fjl2YqJkcERauLBrLt1UyL0r+nTVbaqJ7mtziVLssv8H96+gTo1C1OaK3LHlHYjUDnK2Zkwcao6EqCxnFQfxlX4b2CkaqwUbs24sG2ewiJ3smIXPTWeLMZB4W/GKx7H33y1rATm+Sk2LixGP0zCXQl9AmETsQfZdOaLZEmdhizwEIyQd20Utb0RSGlP/RBclwUpX08DjR+Oq01mwUVJaDUpY5cOlO6ziFnjeJXZM3mQQ/MbLFVvkUUm0rGsRkYWz2XA/SQv5H3rvEUpKvBn4+MsIL0tID8ciBKoKvajP9KLy0l+njEAzJgqqGWdgO/ZhQ1gaPzOZo/OIFKH0jrhgs6AVG7lpm5eD1kgKpkux9mo9FYOaNetdRCyUnyI+cV8Ikix7CFfkVGS4o+FTDBHnZ0D6jkqbjimv+NwFCxzUxTrHcEBW3D5IYaTP2GVFkieALMWMF3foYhAqUiLfEjyRgwdTZpdTPigD1iXIVk4QUXONTZXmgGyrKabkFh730IT7QBDlRmvrwTIaJ0WDaHbPesL8ZYsW0MDQW1u10mLLjK/3BrCzb1lltasLQWh/q5e0MMFG1s4G/3Y0u1Lrs27bK1/SrMhhUwX2gxaxp5fWYARcKRtaarbZ1TgWC1PxqhUmbsvP60iPGn91qlGpMJ5VUdci0S9FQM/I7HoO3UjhhhzMTiQUyAWOu3+0QIDw0T5UIdHFbZYmqpn0XqXI8bhP8DPsHZ+XKEJRsBktl9/zdcZ+TY1QvsbtC6JgeS/P7RZfaWG74N2h/CgLiYuWpyuVxNlaYSpIJ9PNesRP1GK3CUpCp87H/MN0XOboXH9wLMFm7O8ayWKqOeVdNJ3ziFk66LsdbpxMlqy8CWrgGtPbgpDK8HkhlC6ra1BG5wAXUMXl4C6p/+027Et+IOuYwY8tD1z2r/wWpf0HcUrrMe1nHZv1vMszSA1i9eEBu6cAR1u5mKCzjayn/QEaYeGm/ROuzDskZy/KAPgpq6g2NYHqHfTPUeO6eB3+e1UDWJ4scPSJWetAFocr4TlZCWygg9Oite8h18N/LNziVQZ3QavUdCL/gZ9FWlS9i8zr8EFHYtQ3xJTC/g7W9EZkuNPYCJi3x/uHzc4sVfHK/mfoct1Gsbnq8atH6jDWhR1gfPS65AHQbLmqU1sRyGcwmRQAa8fiIlUP1VbTnkYFpXriVyfkhF/lBOxIMwAoe8OZ5nLg9pgnB/ZacZ5rEw/M1Fb3WrNdPYxe4pG7mgW6hLSyhkPEqmek8c/ZL13psgwhrsuhO90NEf/uxVt4HrPWUNdninHqiOjSB9iXgGaGSIUdCmLNn065MeKnOyThneHor61L+WarzDIhhZ/OUSgiKKGGvXPfKRLqMSXWf40Qy691EicQDjpu+RWkDy6np7WrOWd7uYBhkoz6WgQODB5Wm+DGob7eIxw1V/xiAuF0nDi1RJc3xEkbkaOX8LrUEMUMvvGxJTdGNfO8yW07owM0PddoUGuhDeg+g7SLUlHCJUxNpwi6lti02wbAZ6XAxc2ltN9fNZ98OE1VMtSlX+4pFLmMxtb9S1N53YS7MFejreADRoNskyFK5uYuPN5+a6lcOMHnXSKZnAC5EZsl3AiuNNIS2hIo4Hx7YJFZtB5JlF9YSjFXZDnZiSwZAGvhAUHq2Yn0UVModpN3TrBzSelJYwY+aQDJ8bSuQAp6U/2HJ2FFQFX35waZMHYqPyOlXiCGeOl7dYV+IpCMdZZaPzwI4EzjZkfKpW/FZBtJ/p45IytHI7gt/XAsiWQ==,iv:KxGVXmvi0AMbUQ1YAJTpYH5dIBA6ownuLtsI0K8Riko=,tag:j3HdCtl9Ptj6UH0otSsLJA==,type:str]' + client-certificate-data: 'ENC[AES256_GCM,data:AHrZ8/PILjb11JmChZDN43f8HYcSDUgj3//H0T0Hq2dAypGWNgiNQzhuJDiEj16qUYTJZqywhV4Ft6z7kMpI3wx5GcKPnYHr1RQkiufORR9QAvD6DImK9/dyxF44htGkbv/8x7Xi/Fg61oDSXa81UmlHhXHeoCvHRaiAhtPtCmMPuFraCCWVzzxbqIjgaGWTaHQtp17ClgANPyt4eQq+hzk4fMCYKSCoqZcCqnklKiYaZI8lp/feT9MW4eRNJG6nrhGhEF8+DklOmf3uzdKIuq8kyBeHBD5gJ8mwj7N/oFHoWG9XAPojjs7ddU2QbNgRWroGcJEdHWNt3bsqEDkRc3CMEwMbACEIT1f9bGsnVwFVS6TDtJcNoKcp9rSyohNkcoeM2Fp5aweMkvof7+773rHXO7XjSKFhb/EcvES0kBNTVwAGAJ42a1gWgA3aXGllXr8jiFMehPIP/krgb5rqDiRxRY9BDQR74x6EV7la7zOtJTOSVBRe/CWhbqg7H9SJN08WY+4wcZ95+Bbi5pup0J3ZY8HUU5poFC27YLNkpVBLKe/95LKAtU6jEuYiPuOICVGlXZFIA8NHhFavenbsGxULRM+apKLFUIna1Q/w912kK7nWYdAMDJqgoseJz7TeARHDXUagWuwTPJLw9eKi/c0eS1cQ/d/Wxl3hc5v5M7YhxJ2jU4j0weo9hbuq3F3nHZ6eAB7xUZlP02MAuM65NpU0+c88KC9x9p5rt64+h5dssrdgo5IL2MvDAuwHztxMv5TMAp9ZaHfR9NrKYoBl2sSwtDw1Tq7QS9uoD9jbuIMGi3MON7FQ0joD7NrdATeBY2eJERXHrVfCZ1Ft3vpooiyYed/FKSlp+CzPDtYnLCfDThv/dMw9xSoKPbuigGxzkdvFfrLhkelbwKH6j/5xd1xKIzvzmRvGi2LDWHG6qpJASLrNBvoG2NdpEpIgewwDyUEk+eA/BZR8k26S1QuIyWkKn8jK8O+0I4Ff1/9Fjv6RBw0l1e6Na/3fT2I9znpGoIwGXBSI2HMzwPwj/VjOjM5pUfI1rza3FfskiN6to5hCVzZxTqKol8FkfSj67MAC1yW98ryM4RSvAHctbNqZal1Q39drgk/p3/HqTyTYWtTjNrSfsNg1wn1Qz/MBnebVHt3I/C8bUsJ/jQ4Y2/6AfOnQP9teO8LGw+C1FDj5+9hmmV+aRL9zA1CZOrSonBiUZvJRsh5tm7ZSppZ/dLh+barslw28go1NPqFNSBXdEqQgxMCTkVL0R7M/0W9HUbM3IVDX58TKijasJ22K8VfOYPR4C8plcAKosBCdpL5W1qoCpFpeo23aOR26LCuPHi2n4A5OxqeXHpdzSD0PQG3nhJQUX6PBY4wHDwx9q/fyrhcLl+uC9ezib41iRV4wRUpn/6exnvRCmrGpzuY6A5H4uWHSp841gSO+EANPtCaSVYb+8Xar4QV+cE2QrzzGIcJETgpjyDZGkw06vbU0jI01GvQISJBmLkeaUZvFFnaiwlBPpclSRyODGdGqWmVZz4uGJG+CB0WlZLIM992nN2Lv/LiiB2RdLswRGhD6mBSdpDpaEth2oZRXdgbfPOk5d6Aqqj2r+2TQMAZzyj6yNCLmjkQkl0eAdSOQMK0tvuZ1b0ft+jnW6qr9BWR/cXVoxv0W1mBxA9EvNRphXefNr7obAx9PrAjyB9mmr4v+sWxrVQk4wgmrEERzhXip1DwuyTSZFcfm4HtA5skq/QcVRrUraKOJfDU7oFq/ZMYPpbgFqQrFbjG32xdoj+JPlCIg2aqYX1uJwgrLxcZutTUpGllDBDxbiVbd2y0eoAvw858a5rXjiaay9llk447IofumD19ndpWjc5/DrJcWKvfGV/f05YTCrISAMBBcEQKpoP2NmKh47eV64l0zpWAMevuWET81jWgFE0AbpbiRGK5zO6J4eoYyqKvmGwSM/c55RvOyBPYJDwaSuJsE7Ydb8aboiYF5,iv:l0za+exweqGI4ND3zfdLELyAy9fUsf6GAxgc552p64o=,tag:sUdZIebwysPNteocS618lQ==,type:str]' + client-key-data: 'ENC[AES256_GCM,data:WeJY1lARUlPKfAixbJEFrf2ef75yr7zto2L3/rXmDXAPlFjqy3jwRbPPIQd26VAEUIYd6C9BxdJoq7yzlF394GSjiHWjcGnR8B3ELwvxVtxdyWEqHs4TC+LwyG3/5bv7ZMIo51USFn8W4UGNEJ8lCX8istzuDa4JCI+LbxlTdr9iuMaXDtRhqBgR/8aabQtCb4J3udAbhmUlNoXiLPDdlsntD/ZxTmJuoevPGZnfaPCcb1kTczP//kmGutlu74Z39FwyUwCo2k8OnXnioqxViUgRZ+b+DgnqZKmCTMNgEy7a4QnmGbjWQqXCNGI0u3OcZ5VWvp4BYydrx9K6VfHbu/ZqHQ0GGKpq2va0nLlQ3AneqQMPOqWiihA1tNkIkXYwjwmVT+ny8MLPpSYa7gc540iTh42UuU17iX+N8f0HlqSv5VqjRBUi5osXCKZKt9nzh6CKEySNpwU3SsWbI4zTIQ2HygK2r5F5H9VSATZEi4rjW/QIgKHIN7AQNGi04M3hiJKD+67sTpr84s2x79cPtskdO4XFH0byzzC1Rk/0MHDhaYvgzq/SG6dYN+dPctW5IRGJwyc+J1eFLHNYBfRnQEM9OG9YftlxXAL/ieR+3fJ8UEwxLJeQWZQxhe4gp46h36z9jf/nnVBm7A9+m30wkOAe3pyvHt91ZJiHTJHIHuK9+C5QM0VGEGw8ElPnYR4SzwkD4YzYZpAMguEpY2hTZPzWrW8hc/6LXYzAJovrODq4ZjNKkFEJAWQfM7NC6VyS/NVbhUIK/tCmCN008RDFN5Fq5IdRigd8tFP4LfUQmxVxkc27Ynd3XQXYWrNyAe7JMUCWidVdQW99gjiWaI+K7oSEntlXl7XWMdaChdG2wlIQC0T5oQPgGJ2e2HamcyNzS17etx5TZ1/dE5GH29V8GSAJbP4Kz7xRrzil+c/DLDeGHRAA36VJV4LMcJOZzkfqC/m8exILOLWkpqz98sxBhpPmgV41yZ81bMzr6OfHbYQ+wjDzLPwQ/hvVKmbhxVX1SkhewYWbDT2ada4rVnyLO84oZ+dYBRQ4IGt+qjkyqn4lvduipUpFcynu5SRQ36axoYxF5j2SNa39SqA4i+QcftFrjUlcs1c9k+I5sDqvCqkFMukVmTv6fP2bJPY+js9Ixc44ULMbTdb6LFXCKpigNFyr1Kyu0viF2/9Y5Av+lDgXOi5obApLemcVrs/Pr3u6GvcT6TWiYgtv6Sq/x83+m3X86cPRJZjM8v3utLrVWPbUe++Uc6wkKaBcSsKxaUnLR+n/GB9ZIyjzgmogAQ77ygj5AOWzxCidU9wiP8tvV+1BS4P/LSPFdSJ8khGORr4drvDvlD0hHwEpMFZQz5TyZCXkrazOPu0Lk6I5LENXHuwfu29dkjm0s7PTnPxlOC2UXTf42V2rsxVpAwp7+AuwVJVJrinBlQd7aWHXISWFbisgyEn3FEvIVDqMIjLeTtcmGeIwSuVwCpNt8OYmbcUCdRN586Re9ph8BPFL5Bbffw/O+4J6fiewEeRImgXfj716c6a1KjrhfgnLQZ+wE2gyFoUcu8YvVdu0L4YCIT+hhTDAr0LU/doS0bYj/KDpkzyyw392KTS3ZgHl9pU8WKcL3x6Ik/0qbacvCbxPLvfwWRfUA3seOqPWlMvP2i6u8poAdy+l0ij4XYtqvQEWoYBERrM0+5EsyfJmJtOZYoadTtsJV20s+j62oi0WKqys9fVlI8bzq/ygY+GuoJud7AWwbst21xiNLA2JmSAYNlaC7d5WKWZvnEbbWR2zrtIWq3aaXJFgq4Z6Xbb6V5HIpuJHNpK0r1YK4mWdY2KKFAcedawwmWAImQTJWXAzgYboQdyU5ccVCsBOSGCEZHSRkCXZN/ZGiOYr+ldqYdU2ngtUa9YB4jnbAa/Jz9C+EY4B8OYrm/VgoHOKz86gAteYD6eCCgeXSkjSX4Ju/7LFkjJsQnaRBTXVg7Cat+EwVwWswJ5cHpCBXUkSczKWwF3fj2OC9qHXjdAxADH56S7bG3wxnIMVNhqxT/7V0Y1nweZy3gYToC8pUHE+zxnhCpAR06iSC8wnkjLaqpCVlKtPYhRJTLPk1rWHENQS1AwIVJ0dLmGCqgJCv1aSnX8ykRiM0kaC4lYlK4BZMfe4RATt5UI6pKjv4lwyMVsdykQdOWcJSowADRSiLT4bui/4SBPTdpLTtN6SYpdUJ9UcoZhg6aK+KNEfqgcXTq3uiGGILX6yzXjbcHpDyFxn4skwGTqBoN/2fnfGdiWvP4RdZEtWELphPN4ZboGo8iQT/ztsni0ZeTykuWT5q5wQUncQCrAeaDvTco3bN/szi0Zngs4sIPY87WiXAhz5GzA44y2UMVZhWtAkXD3Y+7WgtDs229/r49MSmUElTC4/oxg9wSxpN1QtvWKdzdOWZdmQxHFMKM21ys0yezwo5fnsH+6XifL+MBaYwuiJf5B6Mvh83M89z19jmD4xfJd2o1MhaC0K1RMnarSYH4Y26q/2gnnN+Os8Jaag1wZhKl82M51BjPZribLj7yRlwJOKon7p+NLkYML51eObXv7Y8S5HIWNmaZD8CfOC2gEngVl5bog52wpF8xko3JtdOahizovd5G9HhG8IBs37rwzOoVh8J3wY1XGXFXie7lvqwT0NgCkFFwwD2K+GuEqImrV9iW9I8OOYXh78n4FDw2DmLQCW9cCMmFypkLlLxmQ/5JOJsGsaF/wklSZ0oMsS/wC+GW1AwNAO/e4iimNfxH2gD7Z3lTD874JFVhC5gfHgEv3M6NCEuoArJh8Gw2h38EpqlNcgAdnF7fr4CcLM6VFGOw2+D1jJXGQ2RUgZnhyPZSFRN53AQROcfuvBEzIXUKiW82eh3b3/FtcxTUbno7O9xkV0S0kPPYBg4BKK2Kmy5cmFLS03JKA5KvcSOHT7QpVG9oVXDQtbk/qGQZ5osd2Dr/pR5lmjnqHMbc+530vx4vgWjKzfutTYTg==,iv:QfiqUy0j3UUyhgyBZrTxdZV1MHb8+fugIanpWDOrzX8=,tag:y7lmjUQD6mBOTcEZBL/iyw==,type:str]' +isoImage: + passwords: + deployer: 'ENC[AES256_GCM,data:f8HvwuwgSQZ+FxleRdE=,iv:w/nOspDYaQJYUrxDaatZqfwzJz/MtosLLOw3BAi5kps=,tag:7ZxUsFiUsX4r9nx6Rf5LCQ==,type:str]' + root: 'ENC[AES256_GCM,data:llk5QE87o2EwzNTEfOA=,iv:xAnpHVc2rv2Trex1YzCmh0VEKDC88X9pWdFoOfZeofs=,tag:/Z6/tjBZuZMd0xgn25qrlg==,type:str]' kind: VariableCatalogue metadata: labels: airshipit.org/deploy-k8s: 'false' - name: password-secret -passwordRandom1: 'ENC[AES256_GCM,data:o1xUrKiOPaucB+U2JSg=,iv:vJkmHG5B9/xiQA+qfRHyYwQFKIG1P0S0k8qwFCEyICk=,tag:MqLeMZ3BXhNKaUKvZoLStw==,type:str]' + name: generated-secrets +targetClusterCa: + tls.crt: 'ENC[AES256_GCM,data:dHn0PTHUtSPdvuojub16FQDoB+l2ulLdo+GlPKwRkjhZMigNu4V3QRSSFKM5cnda9SJbk8s++RuZKuq0r+95mqqsCCg5ygQK2dh8yimyEmax7bxXtv2iL3SwVFf4CUa+lmyV/rwHkagjQqOZAmgVlOE+lXmpa76DrX7U/KlQIokyYrt5juxNcrjq563j70obPuyapFHneEoylwdM2NXwBVO6fzX8oz9DOB1deBxsiCkoBfQRUbiH4V6r8Oc1XvGOGhCHMEIueFXy/f3IzzD3HREH6a54l6Q6E/OmK27zsqYPYoA5L9NG4k7FZLjZu9UsIMKk6V8YN8oUYUX6AYnlyiaRobBqVoLf4j+dHibgPkQC80iK5fMq1Ob/4uIxW/cm/iQwtn/tHhha36Ly9BVkLUMirk0jgcZIg2o/fpYohaIlcA86ufhpr/p0mNe2dinreoTWcZGSmTwNwGdZrUbYBMJnH+nNoj1tTZVOd/L6skHCvL7/l3WJHflaw+S3hr+WAEjz5vJoxgkU3V7myz3rLTfMA9Vl+0kxqcrLvuZQl8AFwtuZm84AZw74ruheFqvGs1z/dyoA1hkeUa0MJdg2iOot7rt+Y6ZWwAIgpPEAaSyWuviI67N/dhpkM9BNutALjwJnHN9uZS30YzZXCFpK1XM7K68nvuHVKb7JM6SIzMT5DahTqXfJ101gmMIMsbqBD9p8ftQTwYZSMWmjdojRlC25AtaD0UHv9G3SXZQyhgU8ZFmFI7n+gtwihlozOcAo51WvDRKxbzwf4wrY2VPORgZa6L55FF8mO1NrDrCWTbwDI33Me0i+tqYn36cOj+NF7je6Reu9DpSiECH3+a2tJsD2UGxuL37dutxk/PtXuG7N6TfGj4T9lVCbfaLF06i3oNrcNSUKF1pbMmOM3e50FOZM9gycfNWm+ONJk9frzTT6lha+rDEvsGld/6+gHVMWct7Z0xDgjohlEjs9YjF3gjQB+LF9I5ndRRbPXXM1RFqqSdkz1celXD6ZOGGY/jtTELYTXrnn14gYHhxa4NFQ8FSulf47DpeltBrUedugwuXfChmn+Ty1/5Y1Owm8fB+xjxGy+8FH6HonEzJBOVQCFnijjJ4TRCUIztFsMIMM1CdVlr3/ivxezW6oFyuqRpq3p9Z1MXZEXrfMk7vI0pSWfHl4gOCXTd1dDLSGFfpdqjxe2mL9FhDvUsXRURDnWPxAnYQX3D8NIuoykIaUyH0T+AVfLH+H2lGssQ3AWogHSVz5WNYKZze2YcWlGuGWogTLhaRXz131Staqqb7QHRId2pWsnoZCWNcWg9wGVMRj9RC5IGMmXNKEIMZEV4YPsFPh8yYv0iuqOi3ZGcWCZZIB7LiqkOkI1AoZaIL6zuWC+WOahsvLnqKTMDyl7jTZle6sQS8AiDaM4bZ8GCveLFB5dN1uwDD8HA7rmwHi6j6udN6Zki+NYj4ut2Ci3cfpWFgMqzTwn7M7cooq6a0TYicwgNnftKtY9trr9KUI+s6yN73bXxK/ASfwABvUGbV2pLZ0zMjiAk0P/M9n11VvleeniRMsziYlV2ccRLYC3KLdZdhtvNnCn791X2p1E5kQhMcziGDA4MeaoKY7VuqW3PRSKC/bze9UWrwYMYmnktXNeY4uWurP1cMCGOuJ1N0IcKHnwmvZHKB0ZAxlZZTl9SlZ7ktzcLlaYUFTIYdp6RqoT7vqnDCJLi/POYpKq9CHSCuuqJu4vnZfW8fwi/CBZQt/VR/jR7spVk42UYjvWy7G7DYy4hsaNZBQM+RS/59vgOVBwdvKZRiNPQUMAGvDXYMbp1slU+xHIYhp+jyBflt9RHuaKAe6eFyDEyLz87ccvqBFCDSFbKb5VSW3gTTfV+YU/L0kkR3ZSLghg0QQRwjXJPpacmP6Yp4DmJYsJpF3Hi6gUD0EwRBTPhGkIgM3FjZYTE9BVBA/Q+NNmH7MlA==,iv:6j/U4n0YatBxXxf+gUi6EzXbJU45jc9KZkWOtN0QT60=,tag:iPR3lKvc2h7hpOr39zcI0A==,type:str]' + tls.key: 'ENC[AES256_GCM,data:nL5+ONfbkauHH6DH5ViV42F6u8Cvl4bjiTEgUOmbU1a/nyvUUnLCJlaPesr1iPlj+VSlAEjj2FSTy+yi/4QHhdpql94dPCH0xLQFIZKqMegHXuT/+ID97upY0Zcnpa7vRYXbM1ev5dIN+0TkMAaVuCbXvMHG0i85kNKj1FsuLBgvTMfs1IzSXm3WsVIsUJHkGZMPSjF+SvfQ8hcnEiduLbkeEtBoOzLSk4EOgPbrruv550DR3sYb84kpRdf8gUpGzRq1Qkr6ELrnG1f5osMBUOwA1k/AiA2LCtEUPJJPb75V/AMrPQxQke0C7c2m/efk4OdJDpcnlqVXsYQpk3MX9qz99sYS0BiCZ/7cy4o6IwSX4lU2iPQV42JVb4oAkAleCja30OhO9cIAiW3QMBoYhSxD+sFHnW1HiJdsNhNBupNk/d8Vkv2VQg8+Rz4dgupd8b/VsD4nALaYS84JK1IsWClbd0y740LUOa4S/XSa0gLl1njocw4bg98XGBjiEEG9CB6jBOgS5LCL8hYdE7a9FX8iCRwDI67MU0ah7vx9hWYoal1Ke/xLWQI/D0aU0Zg4RXiykOY/HfLxzpD56CrUq2GMNw/iWzDXoCCM140G5l0vDBINYAbWtpYqRQM8aQM8yh9wTgA4PJsSDLOZCYi66GptfPXQXjREyTRyqVOx8AoA95Qp4ggVcGDz9uRYYgZknxc6gxcsPoKXcY4JcwwK9zp3dsxYN2GGVDgHstzVGRiWrm9vn5Y1Jy+x0ndvjC3HegEGju7OpkOsVYMl/u8mNCzi33efGHkA6DqCXA+n0DF8slHEeb7SngQsP3L2UbfMPOPSMyFFXYbWe5h7YP1DvPhsrTEAcvxIbOl/aagh9GJgLpq1pWFgYBL+4Lko67gjZnZCd+WTw3/R1W9jnuS7AQ+x0Lzxil6+fGIt+tYQ4QZChw7rghqoGus6UzcATe6BiSwHG5Ltj799iqsuLUckFFATayWSHYfDs5CsNokNqQRTm9Ko2YXEigLb1J230WgoWBgaeASL18vZ0b9Ziy2rWNC8ZHBis1mYKZvSlKhy5jgXBWSDYFjI9DPGp6hWbEefYd1KpgVN1g7aHkv7dZibKlEM8OkxB/jdncAruO+I8ROSFfj8iWVFjPuekLNqrMfubHJbXgUWOsp+BzQwgtsqpjVHFK55u0bJNZ/v2G+whzQA+VnU8RS5SVCV0ZpzJIsG06lBbhUGdP4RIJjhRwy8LI5fjwNshExsZPC4FcCV3n8bBb/8aqJIl7TQ92trz4QWSo8Yo/6rdKCIX3/zADHHfjgPjOwLw1Qy3QrMc4kxHcEk8b9fgHf9+Z4H7k2ttdco2W9Jh2utNk5Qq+Zms3XTl0Cw4gIaZIndg4Qr6ZBCy9kzLva8DYQgJLNqgrh67CZ2SRGnytkpNYQl4KgCzbAGdKyZlGisUXaqTMwFxGEMb9P8HKgRUo8t8mB0OySg+2a7UIL4EcQLQLeCMyLgCtB0Mi06bHdh9Mo4AGCFGwC3ocXbn81DdpzMKQDzKlqxTFwYPKn/PP15TGAhQaP/29ECAFiXTrouvl2wmGnpiSsFKWN1391UzO21eBmxwCMf970M5uDMeOak1gaqxJsW/ck6BnjmUHSwZv5r/pTBh5aDjDiylKC7+sH0/Xe1upTcb56Wks7rj8hf6Vf9l5kn9lZZsE47PeHP3JZgosXyKpNdMmKsD/kKvMZ2X47KWfRZoMNEY45rwnnYGErKAGqooGnonP21eXXiXDgTHt0ykGP0A/ecDMLFYVWedLKVb3pUi/R907GgMPBThwU7EZNZgnGLzqTtRe/hCZvJt3DHBbHZPRz/Qy5RC4zZftj1HQ+B9BXhymPembqSv/DE7AwvFHjP2W9ZFsPwE55AnldTcRGfTmKIz/Z39qf1u0HP1hV3Z43TPDaE1HO5amNQir8c9BdKocyLT9TgErX6EnqEiGB7lGwbHDz52VSHxQAswU/uHBRSZ3VaZ5WOpQY1Wq6PqZbvVxKXASE3zMoik9SmICfgSeY/HJZS2fHk5rjm7uKYgEL2Zkg1/hxXIQJs7slc7znhM8tdKZoAa5Do753cidM6PmbNwD+DmBwT5nZVp3KA5ffaMUW3YkzaeqBgkBxnUamhIwgx0E7kyuvzJxENm4XITI74wNVmFYSJW5CfI5zPKf9yWxOHDFFH6v3hdoLOC47f0DUZQEdGXmVyRQcWEbfgmiZ51qfdi88A3CuUDmR5VXAVpA7+7wZkydSVNWfViOCAiKEWRutMCtxktWTTNBCLOoaC/jEOjbuD2jPA9SzSwvPnZeT9Q3osuf+VxiwzGIIND4PpMHrG2BYT3SojLeIzOpUFnYYRbV0jdU3qAglJljJ87r102UfynejnJpyElPPh13mZNkHUW7dmWQATqxux1bX92ZfbSSMaJPMulK9F/DkZUcV40/LAchfpPTJ0o72pTvVi30o5VCOv5XBH0A5+clQ6hs2nLY3vd5TF+EsgFynRUoqPuP5+WSUO/zVOlpw/wd14wHmaud4c2Z9q6bDJeJmJgUSmI9LjlK06FSqnx9AEHLV7LZA0s4JEoBoRSP0zOYcZ6KeJGbS/kDR53s8XMq0bt+thCv9AtR7L9dogyhC4nDFdqcjLTgx7A6cQ8sh8wmwhWEvBEZ8pT0cgY5x1RYM5ae3SQSK8a2NpXg/X7o0pECxe+YIYtt+Go4M+6PS3JZnqxL5bHUcAo1M73BNku0in724EwA+sosvblLnutDUBvP4naOHC/RN9c8QgkLCHIy1y5+NLWEanx4yTvbCZkZbhqLSCsX6Aoew4eF5ep6Y2BNiAo4cXtX4FQvgzBqFFu9Dgwp4iPs0cy9S9w3bL9ELWmukwH3DhjpByNQ8UEfR5UFsb9lRmjtBdAGVkdaJAQxah1WWitdqRZjAaAo6y6sRFLM8FcXqSuCjKXTs6VHWiLLhSLCWAFFRzMNpGqnunOBhk4uYpn1/XSVF5UA==,iv:HFOdMUDdmYFat6lW7YDJeCvBSn4HlxEBHyBQ4pYi2cs=,tag:w/Mf8KeiAUjky7zcR0E2mA==,type:str]' +targetKubeconfig: + certificate-authority-data: 'ENC[AES256_GCM,data:pS6RXSBAeCT5kKyphp3sP+R8ps+CXvzEk8uSmW4vzuehcWioa/a7f7tfjBJWJq9QwG5tS63j/ijHdNcFne8aco6tqQSShqsH6uW7t8CrodB7+2cbRsoZ0Nr2u4Dl8Xddp/YHsCQ5NUHmjzYEADUn2Rg2vYZS8xVxB3iwHqRSVkWCCJRxYJiAhmXyy0xaYX5od11Yucqu7Fv3PUPP/BVZpxVUmk5pLRueZi1Dhg7vlVy9IdV26NwCPCyvRVPldjWfWptWnRAEWusn7efVgpIZpOg7vC+MEuvgIDBVqo5kyuKEHBOgzdhkEj9X4tUyLxG6qxYJDiEbpqPZk75yr88UHIqt2jDjd4M59AEqqPMCPWlOYrlueSyUFRC3z7r3bZPWJKBEB/ln+g4MeC2DbkZ8uyw9M/vEMzFkPUm4OXJXdU1phieRfRuAqxNLktDDRsfSiZfqG/DXa2cYBGa3E+0AHhmhGf6XeSOesIW2bsTdS75Bq9k00N9HbMSUG3IfBilajlZ6cTdwqvQNsVU7R/lKhfIKT1RJdx88Kb8SDgJp9vEcqsDyMx+TzL1LGkXcUYo3Pe1dR2mQ15l2vTOaWBtitLzM8d0AEtfaVfl9LCcDn4uFwFQ1P1jYHB75ULSK3Ft1VT1GfLoT9+vogr8Tzrz7p3q+glHHrBthuWPPga8zcEON8rYk99B5EFAEf+SnPQwDMnQ49aE8W40pyYeEgJBy1x9/I4EhZIfsIGjz45VX6iiGl4QV607ced/mZ0f2fzNlWorxxTSeXhIijyu42V9vvM7tz9Xl94FevpWbNH96SIVLQ9Bdl/fR1ZH2osZFmv6g5rwqY40FOVOR0KF0fWgBF95qUPsfSXQ0jVMlitv2tn5ijdYigJORccQxluFIRv9MdRqKG5GLrhG+OP06Tvl9agvArgHBiraTyKySMv0oq0+holFoGLUpOsCg3KenOeRbUvadkDRYx852H/s6nU9vjbYn5zSUVLcpZG1UWQakVcIWqjkQWvDtqv5td8gzSRJ8RkqwuXT0LIO79JcrG4LO38+8Lr65whuiRAC/W74F2IcPuPS0GbpWVyovzkhG6NutuJ/3hh8NHF9s1wm3e/X3SCsZKJEbKTH+46gc3T+Oeqpwc7vn46wsyIn8ix45kEJlf359eTQALYjkY2qIZSf7qwdvlN6W1n5xnPDgoYLzY4ZIRwiQruiTebSDvPwcbl0q8rkYDLLA5yv30RKvBLlyMyfWiBc8zFUemygHIRR3LZ7bDEml4Ki4grpJmArDegczeKNgoVJfB2D+QxTHOLpgKVLugxUkBnFFonFynAgnrS7ANCN2V8iUV+DRBsbL3etwSozVFs3IWYxlmqrfCFQzL/Tw+e+9RbYdCO6+5zIZJH66ThJYXewGnjIQmIjXQWXQFQ6DeqHVUM9I5etmFmrePj2vCDYPVOJ1xBNzePhKKy/HxSyb89ljiybMOafrPsMNXZTqAU8csii21Yfbjly13oBavQtzms/KtQk4pmoRRsXsMmMPX9GZqpRf9QpLkJQFMnQPeno9aGNf/5Q2DwlfWxJaopAR98CLJFKnx70pDS4DKeUUXFC/jAxm+Z1FNJqAtGRARxFnzZcYIzoMaeZ6z+crD7o/ALukrnIqWtFDJh/CCGJ6kbPup9142TxCK0DbQTobPJoIx0dBw4s14Wau7p96gRSFXni32FnBKE8CfpQED9qZ2y6U2MKb+7qaI91PRs6LbGJswmum9n4bPKcOiL60+n6PRd8gSJPpJ20M8OYRZuu7znUwzLf+G6jumLG1Aqwvm3/eWU8o4ouA/MkatrisR32Hg/Og2dw/L6W3a3shqh9PLg7GcwhmhY87dFAvfwiEYYx2wG7Oowm+IOiNOnNUaL6Ax3xWpje8Czp/FCHXI1z8E/ZHHcuEkAHPZaid1x0sEE9n0s7GeaI+D9FLPWKQ2sdbaDZgm9UG/w==,iv:03fiX+pQv3sINBBiMVG0jlszcRzBuik0+YLVs5WrQM8=,tag:/n/xc2EHUDbcOuAxZhPV1Q==,type:str]' + client-certificate-data: 'ENC[AES256_GCM,data:lmhhxijI7HD/SZRVrQMYo8Ngo4V0DCXDOSxn63cVePeSf8j9QbBJiwnxeZvPx+BMuzu/bv3QtsE5rUo2yuq2HZv8Ju+z5IQPrv0wSYYq9WOpi2SDRnN9Mn0c99TlkxxyJ/rUJsr2i2PlVhuVnKPwNqg/IXp/SMJp2FFiws2eIs0CglClzns/IgzXTJXlrAbVZHhD3YPs8+1I1Kr8cDRTqV6eyzWQpc6evzcDN8AK78I8uFNrLJjCbgh7CnSsnjxYngeF6B/bAqAdyTBxMjeU+GIDIHYmNKn9UlIdeqYC1rZx4Q359gH5mtFuGONDxhml7ideeNry7yPp6PuNHi7Cz33gyFzY+uiKZAkuCS2hucIfSIUOPLYlp0wcfYAxVCAwUUuvan5gE3d1SRk5BjMlseA7UMIpPX5lyB+9tek+9AAYyy7TczCbXWWM7GFYdwTYAqWwGx10fjblwvIwpK++MsdNQZMCHvTUbq83uSyCSb3T7hR6YG/qGnWcwUmJYj4iqT86Atr9rC3CSFwW/0GhvJmlMqMyhPB+VPlYWxqqASIcm8mqLFG6aCeODRvH20kzcsM9FVzO87xJafkOEJBfWUyn6m1GN9V/5z4Y2y/4VjgpksoVT1sV7jimtECjXIp+NCNyNKFc9w7YzSZW9FuvBJgMqzqWxJzupiDP1WiHpa5FMCcL2+k/jBPEqjL0nInWdNAyIc2dtnVsV3wBfhNAd68sDA3ele1HRBPE3OsGDxM/a5mzUu2HFVXdw7+ptq7Gv7qxUxWFP2zw+3cHDIM2Vkg/mPP7p5NMME4DnUb1eyV918db7N4TNJMm8tU/dYfozXYMjq/GpH/ubCaFg7pGB0qLCtkgVuunakY3ARYlfsi2i21gJg1KnHxWJDGqmC1ICjhdWybBA5xo1jBL5nhxT/cxTIRSeFEAYDaN7QTSQjwSrAQNysyUe+gSq8KyrkFMZponlIE9FE3CVhYqqbd2TXOvi9a620Y+Oke0BJb0IUNuaMOfveLTp8SmmAtaxFN0mQjiD1XIAa2L4EYnSj0WOChNuVHrSntiGaJTIrXAA1gto8ysU3OTkAeuRvCZSm3iYiKl5Hs2mmVae/oDBoeyLDviuS1olCFxiVItrQh5VorvBQuytogQMHbMDKk25c2tn0+xYCyZgsnSMPvommIj+yBbKTT5Rbc52AX8L+I5OCQLj+8nYrSuGh0694lLCi1Txqd/YLfHJu+QwrGg00EQga5XMRToHxu0SLqo6H3BA4WnwXsdHNt0wQeQB8L6l7Mc9yC6L2Iv83fkbdOmNHxMVwYSlmEmiaapaE2BArc2eQu/Qcxy1d9/VSoscP2XKc612g2yNCaDQk+zQBcYOKlM+AYkiVwPDsPZ6SMePzIYS+U61rhdd2VX3Wdp5bfWSI9obobey6bv7ThYdrR0T9Q2SzGZTY4a45jSTLALRXf0a9onZemD0wNyQMDFZAr9g1LEIuYMP3wI3n3TaAPtbdhBXqy2qrnyyQewgr3B6b5c43pYgmtwhL0eqPWus9/ud+mlvn9mpA42/GDwdzdvbJh2U4mzZdNQAYiI0bDZ81e3BdZiGF6w5aIiCLX/vgIZF40UHKaEJ62bdT8z42Y3kQ5CDDsIQDTWJtSxKkvt/OFDqHmP9zv/9paxekUzZA9PyI46pJUt3gXebpbCIXY0t4JEWkVATbKODApohY2arCLU4uK4X7DMKHnE+N54xBXHX1cfw/vCw2xvlHnrgbqEkEgqgOuVIKIbQJtmdwFr1D5InndHMtPB8EmHXW/OgRRnzIJ/OY6YXTTVI/9f+SG4SZMkhBoCfOP1h3jUNAQWcvuuhUxt7/4JHVF83kVnmD0u/9E9ObTP/56mDcExANfQjLwsNycuyz3x1Zns54KSUSwZi6kUhc5HttypfLDB0iTZZbqHCIwQgqoAy1FzqCOILCd7h78gqgzDnXF2tqoW94klKAvOx+fFfdn62P60MTpM6Rxq3V6hdQ==,iv:XFuBTIQJT4ns6M00T3HWSGHdknjsRZ4cRZQXSsLiOkU=,tag:3flxFrWSyiuyiyxGkXTReQ==,type:str]' + client-key-data: 'ENC[AES256_GCM,data:vlksLx8mgfvfu5Lnkv5DJrEUrsnT4Huknol3zk8gbcbowbB8YmHyjTWLEJ1MsAMJ2S1Y58ztnYmo+fXEoK0QXkiLjuIz6wFLZGUFhVSRQC1zUecFZgv74qAigwFcQ+HwFmYdCynNB1BXlZHRLMXYkLm4iyAGgJZw4zq0aown/DE0CYEtRm6oid4eOf3bdW2JD2TbedgQWB0wTVdgESn3kzT6xzS3i/7xlXwTzgDNmqW6noTsE7LsaUt7XM1y5R1Mcx3hYl3YSi60KIlEe1azavTjtM79uSoJabjBQm1RtPbbkW/+furP0/jgXXEz8N0qHmvH9CCu1E2YJS67RDEY1+Wt2YvfPA/wbtuUwc/HptbwCLXDdAlfKkIVOp3TyJki9e9RIYLAkSO5ljoJbeYZlzdeo1atTMLFE95o7q/Khj2w0pdLrkzMwE870Umg8DqlsxDcaBFgzPAbdWHNzr3gGQ97Jfcqnx6hRO4019gUx020NtZWCVg3bHTJO2n5A3G4OeG8mY/CFTZ3Xw04ECGj9aWbeHKXCGnpfsw12UbGYDUkcaF5UYb/Q5Ly6j9d5kVSPIBUihTiqdos2MmWQ+QdUpPYr0eeSR+5+3R7ld2yTla09jEa/ObvEGYRR8rENR3QwVws7g8+M8Tr0JeFGGrrhx4Uefs5Vrs+hr3UfupbBjuYGFsAqbbjgh9jGl2JY9bfbbxHdB5+72PrB6Wdg1E+Z64RBUR9cSD+7E7KZRBSMfEWGQEHgjAmizbr7vo//Xb1hcbRGCZtYc9fgDq5DYpe2UtT8o7C56TSR82nA++/GlzxoJgE8OrfyOpyqdTu3nIZmOG7WLjA8D+UQXhoIUXiSIw2RaKpqBvdoST+oE6KKu1l15SXJN+vYSKtecw3mjMfEBwN+OxMUXgJHKVIM/+W/LKmdc+yYpJX1ePoPGEl+N8xF1s+lGb4Ml6GYZwN2Jn/ePd45IQedw0Aujn4Wnh3kVZ3mjRCB24wAEH+Znp0mshGBJ5AEK9b2z3oPlGw7Q1Ii+prK4mD7ssvm3XfqRvew9JIYvkrcbUx8XlG48FOeV325Uj13H+GTiVgB45rz1nJxeUlEr+u4zQaUAgIFl/4N+akADIHmV/NyOOUOdDFXx+dOch5KiMZWNk9GDf3fxC+qkATIAPn9zaZ+HMc48wGTBsMbvWkRfOCSiA74Hf181ICAxVeJYlItTAqkSKRFI1M033dyeHx4A+jRGAJFXyyKL+4DW3J8qW9C3sMdc8yv4gWO80fwL5o8TUyO4yrFu87H2wQwAeZPzvE6TPZAYdcWgzaPss8HTMfvJ8g0ufC8r21EuLQR9qlzPUxgOh1DHVe3DQ6+cOsNJKrVuaKfFt6/KAzOWN/16x7HhjxIqZdZYV2Ei0XfbQbDz91cuQ5vfsh4Q5oT15Mc/AyoNrqVfdAsA8370hBVDPe052vuPwLHwOz87oR4FfP9pl3ynUGRhl+KDjHCpYg1+TYIBVEsPNzFBtDT5v4OWQh1gvou+gqdvb2W/RyM9lyEv44t7KqGAfgMPxNt2FuGgOTWY2drveVSi6K9qxgSqzFh82CxxyUkNOwSjajnr1Ssx1UTTMt+11FeeQIsMEKnokAIJTV78w1ZF/MwXDuqUGc/faunsNi+i/zIiAaJPz/F8Aa2hza65AbuQxnQqytEpTPV/DKXB+XgHiC02N3M8mE7qlF/zD3JWBt/IMThCaNT2p+c8Bckj5ce/9ESyXsNyh70A3Iw/f1Xep0tUVrQoKMmBU0EOFFHZqyBHsjpU3/IAWV9QAG/ysR6iBzHEbRIuhP1t/0IOKmZ7FeIQYGI0bBfyP1TumgSQNMCXCiUirPZEINYV2uRZHhA9SXx0MOo9EXgFNDRrW73RAj450nOCkY5iEwS9LXtswApNQiLXsvkbZ8eP7rwsvCaMfB5QtJ09eQaRjnz1pjiB+cXcweFwKT96qGFcfHzYiQCG7KIrGNckr2w+EZWLq6ivy1l5jwngKjMFfqJ/w1aI/qumWhYMOXirYf3HvGXaSSO7SWfpTYgSA0p9m99FKyCJeImew8Ef/QZKo6Tc+9zYRKuXeSlb+mdnXnPx0QOHoICGa2Fs4/OgtWAtWPb8H1PsvBtp05DctfOgrhm8g5XwOpqrr3NmR+dSjSxQVr49lBsB3pxRkffMB71pl8vzIYzlV6RDNMkPnFFge24wL776M25hyXqArtPU/pORBDaFhuD2RFI5unI+iOlqOwNGkf2Ta2MQ0QLiD1iaPy8wCIfViPc79E3cDC4JkP+TauS5dq9OjHTQz3aUaE4pnrM1DOTUld/YDjk3rXFdxTQ80I6AdVCWZGED6JrMjf6Kgww5Ygw1Q8pznoBBKy08nFW9BNTvRozYjYMH56Zk0zxFiw7iYEfYTXLYHA8uJTduDZh45wZYUd3WoMobNi5h+VjCOBoVhFAGdz+aUVvl080dtN4dOOvBcYUhJoBALmsWn6ODyyBnxEGuY+2Gul1jkDMs40ciI3BIq4Rtx9I8JdHhRrXcPDJW8WqkuevUxZYUawE8QC6e+ZqoPNwTk77yPsHloOuxRFcKAvwymQAR828nynFKnfA1zk8AEjVTyzTq3km/QLdKTh1j9EeKH2HZHkjTrCI/sS1MLfYelwAAwhg+h2sY6o9J94GPydYV6lGMvEINjuWRi03yeoIsUVbq+YWckj7wup2mlyntgtPb8RXb/i9IFbM8gjp7vPqn8qFUALT/P0dsQ/Tx8ObFdn6KLVEJikH8f/ZjdOi/k/a0xNtyxLtvJAWX6gMkSASt/oZQ8g+WjrholxNxZKbcJvOtSbaZjJ7MvOpjwx8GLWc6lH6n5sKAvd0Yo3jd5k1te+MJybWrMbLcwPUY+uUUWkY8OkGpq3nXliy9R4cpxsMs0VJ+9Z4dF8B7vpwLS2gfPqbCKxaCAs/u1KQcUuLOGBQQ4mjLTWvbPpVDSH4wQzWvucbWS8c42yD6RsAjJ63+7ngQ==,iv:k5QGyZdIRwKnMuVqG1qzu4iyaLD1HxvryjV+m4H7N8E=,tag:GDCtPo3HUjHUQvpV7dBS1w==,type:str]' sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - lastmodified: '2021-01-14T11:23:10Z' - mac: 'ENC[AES256_GCM,data:7aMFeEfn5MXU9M7U+rQ7fIcWG6A6BZILsvgVyEl+esa8EhEsOL6dRfITq2x+1t6ft+H5nRqbO5GyXJ3mhu7n/x5FBVVqBcZrvydojrqBWizXA4HQAc3t8OS3D1I2WLLx+S7mI5AiKDERGZX4ImiahSebqL/bNfpYdDQP+gX8+vQ=,iv:zchumZaGhTpyEEsJMMlW/e1vieqjVKT32Kiv0LuLPlk=,tag:q0vWzGZ8D4HYHTvdRymG0g==,type:str]' + lastmodified: '2021-02-04T01:31:55Z' + mac: 'ENC[AES256_GCM,data:2WFdA51KkN7/cM90p61XTPUjykAXqTYuM1mrGbh91GxRLVL0fBNGljCb5PCPY/Ir3xnP7VFQN6LtBwmLFdj+7spj4Y40srQBU4A2e8j9GzuhW14jtvy2de+2v2wG2BZVllyaWKbu4+Mzav17eK9mscawPUCefed8InxXiF3yV1c=,iv:XbAJ3aHV3kgo6MLGTYkBzWIGp199l1B5siXMiFBXlUs=,tag:Q/cz3bQ87/TwAAsikORuNQ==,type:str]' pgp: - - created_at: '2021-01-14T11:23:10Z' + - created_at: '2021-02-04T01:31:55Z' enc: | -----BEGIN PGP MESSAGE----- - hQEMAyUpShfNkFB/AQf+IIXYumKkSmzMHCoJVXculVowkez4aUI/OpdNw2CPWNDd - 3Kzea6kTv64ef+kll9DhczP0gVlgUZ0p0MenBfmkI4qt3wr5fyRUVjUpfF/R8Gmc - 9GZf4myDD5T2wDJVCkNmO2wogbZ7IZaGdx0HV3DihvSGg0xcGBUaFp/zeR9vXTQs - a+CecTBm4+7uLnDvHf4Rathy3gnlLrLLdsJXRgEOJ2Fqp/JjoqFqsWOol9lFwALM - yRkxbWjeL7ePddXBZ8QmOB/AB0RKSRQ2Yd9RXpp1gSFKn5NOfWIZsaVgdds2zOw5 - R5syWHhfzVylAxNrKJYIgr9hLje48W/Y6GSezkGvG9JcAebQzVP53UtXkwJSIjda - 86WAFwpgpZ0sEG7zpSpxS8p4g3XsXjOdD2b0y/dwXGYK5oeOjb/wGYFf1EX0p0xk - BqGQ8JHxikqW8oEuyEgeg96uEMZb1Vy7u657zPw= - =VfIN + hQEMAyUpShfNkFB/AQf8CFwdvykoBIMfsOO9bSuz8Cx+IFhJGwPPEsSId+q/EFdz + tCop9SpR86AB+4T+MtC46uH1+gcV3Ko/dlXP++49BQ0zWpzgfDxsnnuudZyNX19D + SFmlEHKBniKavLR7P3Qg8GJMpREVkjQTRgSnZdwttWXCmFGtnuhBKajautlqK7Am + 4J7iLGIiY1ynmig8JCJZ79CaSbyh8+/jmvjrx/17mR59HYUizH0P7FbPwAwDpoy1 + lFh//AJKJ65Y51ar/hYC+ljdgE91UNiF3zsSETI+Lp0r5y7XG/tKeV+tqQGUdhvn + L9m9eqrvAw05TD/o2DKZSoSeRKLcMlqNwxYko9YO9NJeAfc3RbCWltgTii49+srf + mwyCuz/BQwz5rRY6VP+QLYkDGmzEjekrJGqWZQP/BU44TihL06mv/mxY3xConG24 + Fy5Mi9UmNwsJMWBIlPEREantjbVnboiS0Q0DN0OAIw== + =+R0I -----END PGP MESSAGE----- fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 unencrypted_regex: ^(kind|apiVersion|group|metadata)$ diff --git a/manifests/site/test-site/target/generator/results/kustomization.yaml b/manifests/site/test-site/target/generator/results/kustomization.yaml index 90ab8dc39..1ec2d51e7 100644 --- a/manifests/site/test-site/target/generator/results/kustomization.yaml +++ b/manifests/site/test-site/target/generator/results/kustomization.yaml @@ -2,4 +2,4 @@ resources: - generated/secrets.yaml transformers: - - decrypt-secrets.yaml + - decrypt-secrets diff --git a/manifests/site/test-site/target/generator/secret-template.yaml b/manifests/site/test-site/target/generator/secret-template.yaml deleted file mode 100644 index 53f0f2832..000000000 --- a/manifests/site/test-site/target/generator/secret-template.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: Templater -metadata: - name: secret-template - annotations: - config.kubernetes.io/function: | - container: - image: quay.io/airshipit/templater:latest -values: -template: | - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - labels: - airshipit.org/deploy-k8s: "false" - name: password-secret - annotations: - config.kubernetes.io/path: secrets.yaml - passwordRandom1: {{ derivePassword 1 "long" (randAscii 10) "user" "example.com" }} diff --git a/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml b/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml index f2deca017..f1d15671a 100644 --- a/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml +++ b/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml @@ -10,4 +10,5 @@ transformers: # NOTE We can not use patchesStrategicMerge directive since Strategic Merge # plugin has to be executed once all replacements has been done. Therefore # we need to load Strategic Merge plugin as an external plugin - - patchesstrategicmerge.yaml + - ../../../../../function/hostgenerator-m3/cleanup + - ../../catalogues/cleanup diff --git a/manifests/type/gating/target/generator/cleanup/kustomization.yaml b/manifests/type/gating/target/generator/cleanup/kustomization.yaml new file mode 100644 index 000000000..5d28ccd4a --- /dev/null +++ b/manifests/type/gating/target/generator/cleanup/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- secret-cleanup.yaml diff --git a/manifests/type/gating/target/generator/cleanup/secret-cleanup.yaml b/manifests/type/gating/target/generator/cleanup/secret-cleanup.yaml new file mode 100644 index 000000000..bf70e529f --- /dev/null +++ b/manifests/type/gating/target/generator/cleanup/secret-cleanup.yaml @@ -0,0 +1,11 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: smp_cleanup +patches: |- + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: generated-secrets + $patch: delete diff --git a/manifests/type/gating/target/generator/kustomization.yaml b/manifests/type/gating/target/generator/kustomization.yaml new file mode 100644 index 000000000..3ffd12cf5 --- /dev/null +++ b/manifests/type/gating/target/generator/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- secret-template.yaml diff --git a/manifests/type/gating/target/generator/secret-template.yaml b/manifests/type/gating/target/generator/secret-template.yaml new file mode 100644 index 000000000..137b0cfb0 --- /dev/null +++ b/manifests/type/gating/target/generator/secret-template.yaml @@ -0,0 +1,54 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Templater +metadata: + name: secret-template + annotations: + config.kubernetes.io/function: | + container: + image: quay.io/airshipit/templater:latest +values: + ephemeralCluster: + ca: + subj: "/CN=Kubernetes API" + validity: 3650 + kubeconfigCert: + subj: "/CN=admin/O=system:masters" + validity: 365 + targetCluster: + ca: + subj: "/CN=Kubernetes API" + validity: 3650 + kubeconfigCert: + subj: "/CN=admin/O=system:masters" + validity: 365 +template: | + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: generated-secrets + annotations: + config.kubernetes.io/path: secrets.yaml + {{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj .ephemeralCluster.ca.validity }} + {{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil .ephemeralCluster.kubeconfigCert.validity $ephemeralClusterCa }} + ephemeralClusterCa: + crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }} + key: {{ $ephemeralClusterCa.Key|b64enc|quote }} + ephemeralKubeconfig: + certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }} + client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }} + client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }} + {{- $targetClusterCa := genCAEx .targetCluster.ca.subj .targetCluster.ca.validity }} + {{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil .targetCluster.kubeconfigCert.validity $targetClusterCa }} + targetClusterCa: + tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }} + tls.key: {{ $targetClusterCa.Key|b64enc|quote }} + targetKubeconfig: + certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }} + client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }} + client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }} + isoImage: + passwords: + root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }} + deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }} diff --git a/playbooks/airship-airshipctl-deploy-kustomize.yaml b/playbooks/airship-airshipctl-deploy-kustomize.yaml new file mode 100644 index 000000000..0f145166b --- /dev/null +++ b/playbooks/airship-airshipctl-deploy-kustomize.yaml @@ -0,0 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- hosts: all + roles: + - install-kustomize diff --git a/tools/deployment/23_generate_secrets.sh b/tools/deployment/23_generate_secrets.sh index 3e30c34aa..6b0cb34ac 100755 --- a/tools/deployment/23_generate_secrets.sh +++ b/tools/deployment/23_generate_secrets.sh @@ -13,3 +13,16 @@ # limitations under the License. set -xe + +echo "Generating secrets using airshipctl" +airshipctl phase run secret-generate + +export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/airship"} +export AIRSHIP_CONFIG_PHASE_REPO_URL=${AIRSHIP_CONFIG_PHASE_REPO_URL:-"https://review.opendev.org/airship/airshipctl"} +export EXTERNAL_KUBECONFIG=${EXTERNAL_KUBECONFIG:-""} + +echo "Generating ~/.airship/kubeconfig" +if [[ -z "$EXTERNAL_KUBECONFIG" ]]; then + # TODO: use airshipctl cluster get-kubeconfig command when it's implemented + KUSTOMIZE_PLUGIN_HOME=./ kustomize build --enable_alpha_plugins "${AIRSHIP_CONFIG_MANIFEST_DIRECTORY}/$(basename ${AIRSHIP_CONFIG_PHASE_REPO_URL})/manifests/site/test-site/kubeconfig/" | yq '.config' --yaml-output > ~/.airship/kubeconfig +fi diff --git a/tools/gate/00_setup.sh b/tools/gate/00_setup.sh index 2641a9f9d..285ca1ed7 100755 --- a/tools/gate/00_setup.sh +++ b/tools/gate/00_setup.sh @@ -36,11 +36,11 @@ sudo apt update sudo DEBIAN_FRONTEND=noninteractive apt -y install software-properties-common python3-pip curl wget ca-certificates sudo DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install docker.io make -ANSIBLE_PACKAGES="ansible netaddr" +PACKAGES="yq ansible netaddr" if [[ -z "${http_proxy}" ]]; then - sudo pip3 install $ANSIBLE_PACKAGES + sudo pip3 install $PACKAGES else - sudo pip3 --proxy "${http_proxy}" install $ANSIBLE_PACKAGES + sudo pip3 --proxy "${http_proxy}" install $PACKAGES fi echo "primary ansible_host=localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3" > "$ANSIBLE_HOSTS" diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3ab67813a..29c0aad4f 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -126,10 +126,13 @@ vars: site_name: test-site gate_scripts: + - ./tools/deployment/provider_common/03_install_pip.sh + - ./tools/deployment/provider_common/04_install_yq.sh - ./tools/deployment/01_install_kubectl.sh # 21_systemwide_executable.sh is run in the build-gate pre-run above - ./tools/deployment/22_test_configs.sh - ./tools/deployment/23_pull_documents.sh + - ./tools/deployment/23_generate_secrets.sh - ./tools/deployment/24_build_images.sh - ./tools/deployment/25_deploy_ephemeral_node.sh - ./tools/deployment/26_deploy_capi_ephemeral_node.sh