Adding encryption of k8s secrets and iso users passwords
This patchset introduces a generated with template [1] and encrypted VariableCatalogue generated-secrets that contains steps to generate: ephemeral and target CA+admin key/cert and passwords for users in ephemeral bootstrap iso. It also introduces the way how these secrets are used in manifests: They're decrypted by kustomize and incorporated into the folders `catalogues` in the site, so they can be used by replacement plugin. This patchset contains modifications in replacement plugin configurations to put the decrypted values from VariableCatalogue in place. Since k8s secrets were substituted with generated values this patchset removes pre-generated k8s secrets. [1] manifests/type/gating/target/generator/secret-template.yaml Change-Id: I0898c74012833f0e171d36bb8145acf358510b69
This commit is contained in:
Alexey Odinokov
@@ -126,10 +126,13 @@
|
||||
vars:
|
||||
site_name: test-site
|
||||
gate_scripts:
|
||||
- ./tools/deployment/provider_common/03_install_pip.sh
|
||||
- ./tools/deployment/provider_common/04_install_yq.sh
|
||||
- ./tools/deployment/01_install_kubectl.sh
|
||||
# 21_systemwide_executable.sh is run in the build-gate pre-run above
|
||||
- ./tools/deployment/22_test_configs.sh
|
||||
- ./tools/deployment/23_pull_documents.sh
|
||||
- ./tools/deployment/23_generate_secrets.sh
|
||||
- ./tools/deployment/24_build_images.sh
|
||||
- ./tools/deployment/25_deploy_ephemeral_node.sh
|
||||
- ./tools/deployment/26_deploy_capi_ephemeral_node.sh
|
||||
|
||||
Reference in New Issue
Block a user