airship/airshipctl
Code Issues Proposed changes

Adding encryption of k8s secrets and iso users passwords

Browse Source 
This patchset introduces a generated with template [1] and encrypted
VariableCatalogue generated-secrets that contains steps to
generate: ephemeral and target CA+admin key/cert and passwords for
users in ephemeral bootstrap iso.

It also introduces the way how these secrets are used in manifests:
They're decrypted by kustomize and incorporated into the folders
`catalogues` in the site, so they can be used by replacement plugin.

This patchset contains modifications in replacement plugin
configurations to put the decrypted values from VariableCatalogue
in place.

Since k8s secrets were substituted with generated values
this patchset removes pre-generated k8s secrets.

[1]
manifests/type/gating/target/generator/secret-template.yaml

Change-Id: I0898c74012833f0e171d36bb8145acf358510b69
This commit is contained in:
Alexey Odinokov 2021-02-02 16:55:17 +00:00
parent 743f652494
commit b51e7559b6
42 changed files with 392 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
manifests/function/ephemeral/replacements/generated-secrets.yaml Normal file
View File

@ -0,0 +1,72 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: generated-secrets-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
name: generated-secrets
fieldref: "{.isoImage.passwords.root}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_ROOT%"]
- source:
objref:
name: generated-secrets
fieldref: "{.isoImage.passwords.deployer}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_DEPLOYER%"]
- source:
objref:
name: generated-secrets
fieldref: "{.ephemeralClusterCa.key}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_CP_CA_KEY%"]
- source:
objref:
name: generated-secrets
fieldref: "{.ephemeralClusterCa.crt}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_CP_CA_CERT%"]
- source:
objref:
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_CA_CERT%"]
- source:
objref:
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_ADMIN_KEY%"]
- source:
objref:
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
target:
objref:
kind: Secret
name: ephemeral-bmc-secret
fieldrefs: ["stringData.userData%REPLACEMENT_CP_KUBECONFIG_ADMIN_CERT%"]

1
manifests/function/ephemeral/replacements/kustomization.yaml
View File

@ -3,3 +3,4 @@ kind: Kustomization
resources: resources:
- ephemeral-env-vars.yaml - ephemeral-env-vars.yaml
- networking.yaml - networking.yaml
- generated-secrets.yaml

14
manifests/function/ephemeral/secret.yaml
View File

@ -17,8 +17,8 @@ stringData:
ssh_pwauth: True ssh_pwauth: True
chpasswd: chpasswd:
list: | list: |
root:deploY!K8s root:REPLACEMENT_ISO_PASSWORD_ROOT
deployer:deploY!K8s deployer:REPLACEMENT_ISO_PASSWORD_DEPLOYER
expire: False expire: False
users: users:
- default - default
@ -42,7 +42,7 @@ stringData:
apiVersion: v1 apiVersion: v1
clusters: clusters:
- cluster: - cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= certificate-authority-data: REPLACEMENT_CP_KUBECONFIG_CA_CERT
server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT
name: kubernetes name: kubernetes
contexts: contexts:
@ -56,19 +56,19 @@ stringData:
users: users:
- name: kubernetes-admin - name: kubernetes-admin
user: user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lVRUZqa1hPbzMvM0YvWkg0eE12bkpTUUhVOUc4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweU1ERXlNekV4TnpReU5EVmFGdzAwT0RBMQpNVGd4TnpReU5EVmFNRjR4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSlVXREVPTUF3R0ExVUVCd3dGClVHeGhibTh4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyZFdKbGNtNWwKZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFsWGR5bHArVwpaVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMbHRGUVdQL2ZJYVdTcllhWEVzNVhiT09XCmVXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWtXd0hkalJYU3dFWEVvWnNuQlZJcVpnUE4KVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWjhDYkhkS0RPMTV2bnc4aXlCVzdIRVM3NQpoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2MFdQcnpoVGQ5M0tBVUJyUEJMNE4yeXdwCldEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3NvSVgrV1FERTV2c213OEhnYkJ1QXBCcm0KVCsrdHMvSFVEM0NMQVFJREFRQUJvMkl3WURBbkJnTlZIU01FSURBZW9SbWtGekFWTVJNd0VRWURWUVFERXdwcgpkV0psY201bGRHVnpnZ0VBTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRREFnUXdNQjBHQTFVZEpRUVdNQlFHCkNDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKVksrcDlpVHNHSm0KZFpRNGhMSE56d01WanZiMC9DaFNLK09FTU95dm02OFFieXI0RUdZRTRzSzY4ZzVzNE9nODNHMkR4M1Z0aHpMWQpUaUhKVkl0NG9YYS8rYzlYMzFqOHFZeTNiNng1Q3VzSUgvZ3JJL3lNT3k2U2hiaEJhNG9YVG9id256NVBlZWJjCm5KMm82aHp2Qno1ZXY5WmRKYkpWZEtScXB4K25jQ0ZmbUdSYzdRenFFV3dpMFFuaEVyVFRUdmhQYWd1cjRJd0IKYktQclpCYkRIZE1KNk5IN0YxUm13MDVvODE1WVZ1Nnp3WlVjZGEyajgwbGZ0Q3MxSjVxcnRINmg4N3ppRXllbwp1dlZiMWxqTjZmWmNiMFFtaGRZNjl6K29xVEZ2U2U5QldnQXdSM0lJMFdUQzI3cS9vYjV6a09KY1JkdWJ5dENRCjlCc0VmMllnSWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-certificate-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_CERT
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbFhkeWxwK1daVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMCmx0RlFXUC9mSWFXU3JZYVhFczVYYk9PV2VXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWsKV3dIZGpSWFN3RVhFb1pzbkJWSXFaZ1BOVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWgo4Q2JIZEtETzE1dm53OGl5Qlc3SEVTNzVoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2CjBXUHJ6aFRkOTNLQVVCclBCTDROMnl3cFdEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3MKb0lYK1dRREU1dnNtdzhIZ2JCdUFwQnJtVCsrdHMvSFVEM0NMQVFJREFRQUJBb0lCQURxRVMwNkJLR1o2RWVreApaQVZaQk1hamJqMmEwVmlsb1lmWUtCTnY2S040NlZnSHVBUlI2bjBOb0JRU09MekxKclpzSm5veEdDWnJZa2NCCllRSHRkTFh5b0dSUExwTzR3YVloVjcwNTd1YXJoV1pINHFobXNKQ2Q3S2J1S2ErRGlPRmlhOHNJemduL3NkZHcKdFVVSEFYQVdPY2xDa1NnQjBaSjNXZTdPcVBiMTlFelA0TW1qQWNGYithWUMvazVITEZxS3psMkFvc3YvUVRRTQpWcTI3NHhWLzRwZHNneE5kWjdiUWhrUG9BelhvOUIrdkFQQ2J1dmhpMzVxdnRGd1RSMUduSmFsUTBDV1ZzQkcwCktwbW8wMXZwYzVpU0wzNkF6QUd6bkIrS1plK3dPRllpaGVaQnI2RnM1TWs2b0pWSFpMeG1KYllHRVN1LzFUdG0KRyticjRna0NnWUVBeExLUGpXaUFQOTd3dk1GMm45L1FXaVMvM0FiYkRvM1NVK0kwdDFWUDhob1dCSEo2aDNQNQpHK3d6T1Y2Q2VUNHpmUFlaZjNFaEJaU2V6SExQV1ZLSFliOXFNQS95TUs4R2NwMXNBZms5U3hkKzdGT1VoUXlJCmFBY0pWelhoRGtkM3kwY1EwZHV0MC8vakNueEV2ZzlYa3doK2NxUGJ4ZmlyTkkxaHJCbWtrMU1DZ1lFQXdvZUcKNHRnY09xS3BQRzVDYzVsSTFhZlNES2s4M2ZmTkxwMHcyT1BjWWI4YlZSREZabTNhVlk4S1Q5emtudmJaa2JaeApNV00xUEFkbGJSMXdJeTV0eHplNzFuSWt2cXNhZVkxcEE3TzBKY1VPc1FBR1VNc3RaSjdjWTlnT3ZtMTZLcU1QCi94UXdVNm5UK1NJdXh6WXBXV3lHUStXclJQV3kwRDJ5Z1ZqcUVkc0NnWUVBdlZVUFB0TkhGN1BWMENyOHJ6azEKaVg5ME9pdFRNamdySzFsQzJ2SEFpVTY0d01FYzFrTTRscnNPTjN1VVpYWU5BNHl6MEdzcG1RQ010a2tRODI2dwpKOU9qTis0eGR0RVNpTUtrMDJXQXJVWkpndHVVeTFqYitCNUZ6Rzl0V1Z4TG9CeWd3UkFPeTFDMHowUDh1MkZ6CkwzRnVuWlRDR0ZhYkhYTzFmMzRUWDBjQ2dZQk9xczRTbUlDNSthUGs2MVgyTjZ2cnMwVlBsM1VrOHB4SVdJc3oKZXRwWnNSWVZqWVcyeVgvOUQ2NkU0M2lWREpDcHk1VDArd0RCT09COGd1WWhaQnBDOFRnR0hmemNHb2ZIVmpkOApwc1NZYlp0bVd2TXk0eWVGUkhVdDcyYnUvWWpsQ3pKaDNrRTQ1RG56eXk0Tm84cU8va05CMi9RcUhBNW5CanhVCjhLY2Y5d0tCZ1FDQ1RQbnBYMTlxQXFMRGtSYkVKMWZXM2Z2NysxamN5QVA4VEpTV3ZmWWQzdklEVk1pcVZkcG4KUjRXMFhVa0ZBVVJYM1hDSTE5SVRNY2Zkd3hybHVrNWtHUERnM3Y1cTh6ZVJRdHRnL0IvNkNoZGt2akxzRnRHdApINEVsOGhxeU4zM09sdHJNWmdER0FlVkd4YUV5N0h5SFVZRmpKalRKdnE1azZJRmIrcVVTVnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= client-key-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_KEY
owner: root:root owner: root:root
path: /etc/kubernetes/admin.conf path: /etc/kubernetes/admin.conf
permissions: "0640" permissions: "0640"
- content: | - content: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= REPLACEMENT_CP_CA_CERT
encoding: base64 encoding: base64
owner: root:root owner: root:root
path: /etc/kubernetes/pki/ca.crt path: /etc/kubernetes/pki/ca.crt
permissions: "0640" permissions: "0640"
- content: | - content: |
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBelZGTGpES0NQZUpJRUIvMEVZRk1wbkpUV2x1QUtGM3Bqc2pNcGw1MkdNTHI3TGwwCkdKbWpsNHZPQ1FPeUhmejljSkxPbzRwN0trMUNuZklCZ3E5c2tmSHZ6cW9kVmpyemwzbGRQZG55eXRST3hQakoKbHl4Mm5kYklhM2ZqSy9mcjhBalg1SjQ5RDY0MGpOek9qY082RllZV0VIM3RYcWtYNFJEUjVSektjejJ5RjMrbgpSaEN4Zmk1OWVxRUlQbG14KzlPbDJTNzh5TFptNFZGWk5Bb3pHT096bkNCMEJtbVhxeTM5OTJkK25CUDJuOVUzCmllS3VEUXJYME5JZEFndTZSSnlnekNhd0RIYVIrVWN5RTZUejBxcUxRaUgrRGF6Z1JyaWhnTmpPUzF4dENDZlQKQWlPQ0IrKzZ6Zk5DVWJmdUtscnlwT3dwNTlPQjFIeUI4RUxrVXdJREFRQUJBb0lCQVFDU0lPNFlGa3JFS0swSgpiUFNWRU9XeEFXVjV4ZTNzelFwUjZYQmVhSlM5QXQ1UFdaN2JjMTRQbWgxR0pTODhVTGRBeS92dVFiMXZXaFd6CnZHNSt5TVFKQzV5V0JsVmk3Z281SU5QUUZiTEwwVmRPc1pNbzJTaURKajcyM2hqOVRqTEtZRURvSWdkcmhaMDUKTkY1K1gzT3RwZ1ZHTDVvbDZVdHBrRU1UUWU2RkhYampxU0d2VkRhRnFWS25yemtVZitHcks5dXVYckxqWXpMWgo4bHpEbWd0YXhyN1pobnp4eEZMVUwzMXg0MFkwbGdzSkdTNHAwMncxTFdzL2I2bjBQKzk4TkxvUW5nS2lZdmVUCkM5dlVHT0dWWkJqNnBPTEdocWEzeWZ0Q25hbm1IRkFWTWN2WTllWW9ockFFWXlQenJPRURVR2pHUWJOUldwb24KL093RFI2T0JBb0dCQVBYUVlPM0Nhdm9Tckw5UTNZRmcrblRRWjFEYnpGYmZ4WjhYYVhWNUpDWEkyOG9ObG8wVwo0bCtMSnFHOTcxR2YwVElKeEpUcXRNU3NxSHNpdFZPOEthVHIyQ29XZWoybHZWWGhId3FSd3lhSkM1UllPR2VPCmxHY1MvM0xPejZyeE03bnJpakxUdHFKRDNjMUl1RTNwOERwNjFoTUlBYVI4WFlPNDVUNXMvWGd4QW9HQkFOWFQKVTNpNkZPYWh0ZjJQTTJBMHc0Sysyc2xVeW93VXhUQytBQmJrbUV4aGJiT3ViZ2VPbys1aFpNTjIzcGFnWWt1VgpSZ0lnQkE2Yk81RmRKMkhVRm5HcEdCMjVnOXZpd0k1ejhwZ0tsU3pGM21BT1dGWHBsWlJwT0dMbHpBbmpLS1RLCk1TQXRYS2UveU5IUjltUmFWd2hiK21QajVuTjlLcmQ0Rmd1WWx3ZkRBb0dBS1FwM2hIclhYWlZNbmt5a0R2dmcKRlN6T2N5T2ZoRW1zTnhtems5ZDcvNHIvbDBhWmdrajExcm5tNDA1UTdMSGdQWmgvNTlVZ0JVNUdldmlhaWJaNgp4WHhUQlFQbnVPODVJMk9JeVR6NDlqQWZiTThsNjdSVWRya25TVVhhU2xJbkxyMXl2M1cxb25YdVRGMzkxNVJkCmRZWVl3K2lzVFlndUhOWDhBR1kyRTZFQ2dZRUFveDdRTXUxaVBIOXBJc0kzNDFEZFJjVHJpMlBRRVFWWFdWUFoKSlozR1FaNmgzYzFYeXhRYUl5VFJoZndNMnNRSHVMbHI2dnNablRyM09uSGlOVk5pdTlyUHR2MXJoamQ1eGpMVwpBdjh2eGpRODdQS0VtU1hWSXA4U2tQL1ZwRVZUSUVQUExranN3bHdnaTFDdHN1am9ORXhXdkJXRUhONkQwK3NjCmhrUW1FNWtDZ1lFQWx6QzB5clVOSTBQMHdKQUw0S0JoM21oNDZST2V3TzIyb1FhZ0c4c1N5SjVpT0NIT1VaZDcKVnhPbmRZMVdKM2M5ZktXWmVQVXkvZEhCTUtjY2wvZXJmbkk0aHZ2bnhvejNob0Z2SDdnMHJGVU5vYVZzdlhpaQpPY2NCUURVMzNDdW5WVjRmeGNyNS8xV1NwUzZoT2ZIZDJ1NFZjNnpwQ2dTOXQ3VmFzZ1JweGJjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= REPLACEMENT_CP_CA_KEY
encoding: base64 encoding: base64
owner: root:root owner: root:root
path: /etc/kubernetes/pki/ca.key path: /etc/kubernetes/pki/ca.key

2
manifests/function/hardwareprofile-example/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- smp.yaml

11
manifests/function/hardwareprofile-example/cleanup/smp.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp-hwparofile
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete

2
manifests/function/hostgenerator-m3/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- smp.yaml

11
manifests/function/hostgenerator-m3/cleanup/smp.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp-hgc
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete

19
manifests/function/k8scontrol/replacements/cluster.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetClusterCa}"
target:
objref:
kind: Secret
name: target-cluster-ca
fieldrefs: ["{.data}"]

1
manifests/function/k8scontrol/replacements/kustomization.yaml
View File

@ -4,3 +4,4 @@ resources:
- versions.yaml - versions.yaml
- k8scontrol-env-vars.yaml - k8scontrol-env-vars.yaml
- networking.yaml - networking.yaml
- cluster.yaml

3
manifests/phases/executors.yaml
View File

@ -55,9 +55,8 @@ metadata:
labels: labels:
airshipit.org/deploy-k8s: "false" airshipit.org/deploy-k8s: "false"
spec: spec:
type: krm
sinkOutputDir: "target/generator/results/generated" sinkOutputDir: "target/generator/results/generated"
image: quay.io/aodinokov/sops:v0.0.3 image: gcr.io/kpt-fn-contrib/sops:v0.1.0
envVars: envVars:
- SOPS_IMPORT_PGP - SOPS_IMPORT_PGP
- SOPS_PGP_FP - SOPS_PGP_FP

4
manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml
View File

@ -14,4 +14,6 @@ transformers:
# NOTE We can not use patchesStrategicMerge directive since Strategic Merge # NOTE We can not use patchesStrategicMerge directive since Strategic Merge
# plugin has to be executed once all replacements has been done. Therefore # plugin has to be executed once all replacements has been done. Therefore
# we need to load Strategic Merge plugin as an external plugin # we need to load Strategic Merge plugin as an external plugin
- patchesstrategicmerge.yaml - ../../../../../function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup
- ../../../../../function/hardwareprofile-example/cleanup

47
manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml
View File

@ -1,47 +0,0 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

3
manifests/site/test-site/ephemeral/catalogues/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,3 @@
resources:
- smp.yaml
- ../../../target/generator/results/cleanup/

12
manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml → manifests/site/test-site/ephemeral/catalogues/cleanup/smp.yaml
View File

@ -12,12 +12,6 @@ patches: |-
--- ---
apiVersion: airshipit.org/v1alpha1 apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata: metadata:
name: networking name: networking
$patch: delete $patch: delete
@ -33,9 +27,3 @@ patches: |-
metadata: metadata:
name: versions-airshipctl name: versions-airshipctl
$patch: delete $patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

4
manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml
View File

@ -14,4 +14,6 @@ transformers:
# NOTE We can not use patchesStrategicMerge directive since Strategic Merge # NOTE We can not use patchesStrategicMerge directive since Strategic Merge
# plugin has to be executed once all replacements has been done. Therefore # plugin has to be executed once all replacements has been done. Therefore
# we need to load Strategic Merge plugin as an external plugin # we need to load Strategic Merge plugin as an external plugin
- patchesstrategicmerge.yaml - ../../../../../function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup
- ../../../../../function/hardwareprofile-example/cleanup

47
manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml
View File

@ -1,47 +0,0 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

3
manifests/site/test-site/host-inventory/hostgenerator/kustomization.yaml
View File

@ -7,4 +7,5 @@ resources:
transformers: transformers:
- ../../../../function/hostgenerator-m3/replacements - ../../../../function/hostgenerator-m3/replacements
- patchesstrategicmerge.yaml - ../../../../function/hostgenerator-m3/cleanup
- ../../target/catalogues/cleanup

5
manifests/site/test-site/kubeconfig/kustomization.yaml
View File

@ -1,2 +1,7 @@
resources: resources:
- kubeconfig.yaml - kubeconfig.yaml
- ../target/catalogues
transformers:
- update-target.yaml
- ../target/catalogues/cleanup

69
manifests/site/test-site/kubeconfig/update-target.yaml Normal file
View File

@ -0,0 +1,69 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]

3
manifests/site/test-site/target/catalogues/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,3 @@
resources:
- smp.yaml
- ../../generator/results/cleanup/

12
manifests/site/test-site/host-inventory/hostgenerator/patchesstrategicmerge.yaml → manifests/site/test-site/target/catalogues/cleanup/smp.yaml
View File

@ -12,12 +12,6 @@ patches: |-
--- ---
apiVersion: airshipit.org/v1alpha1 apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata: metadata:
name: networking name: networking
$patch: delete $patch: delete
@ -33,9 +27,3 @@ patches: |-
metadata: metadata:
name: versions-airshipctl name: versions-airshipctl
$patch: delete $patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

4
manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml
View File

@ -12,4 +12,6 @@ transformers:
# NOTE We can not use patchesStrategicMerge directive since Strategic Merge # NOTE We can not use patchesStrategicMerge directive since Strategic Merge
# plugin has to be executed once all replacements has been done. Therefore # plugin has to be executed once all replacements has been done. Therefore
# we need to load Strategic Merge plugin as an external plugin # we need to load Strategic Merge plugin as an external plugin
- patchesstrategicmerge.yaml - ../../../../../function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup
- ../../../../../function/hardwareprofile-example/cleanup

47
manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml
View File

@ -1,47 +0,0 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

2
manifests/site/test-site/target/generator/kustomization.yaml
View File

@ -1,2 +1,2 @@
generators: generators:
- secret-template.yaml - override

2
manifests/site/test-site/target/generator/override/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../../type/gating/target/generator/

2
manifests/site/test-site/target/generator/results/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- override

2
manifests/site/test-site/target/generator/results/cleanup/override/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../../../../type/gating/target/generator/cleanup/

12
manifests/site/test-site/target/generator/results/decrypt-secrets.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config2
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-functions/sops:latest
envs:
- SOPS_IMPORT_PGP
data:
ignore-mac: true

28
manifests/site/test-site/target/generator/results/decrypt-secrets/configurable-decryption.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
envs:
- TOLERATE_DECRYPTION_FAILURES
template: |
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config2
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
envs:
- SOPS_IMPORT_PGP
data:
ignore-mac: true
cmd: decrypt
{{- if eq $tolerate "true" }}
cmd-tolerate-failures: true
{{- end }}

2
manifests/site/test-site/target/generator/results/decrypt-secrets/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
generators:
- configurable-decryption.yaml

45
manifests/site/test-site/target/generator/results/generated/secrets.yaml
View File

@ -1,31 +1,48 @@
apiVersion: airshipit.org/v1alpha1 apiVersion: airshipit.org/v1alpha1
ephemeralClusterCa:
crt: 'ENC[AES256_GCM,data:HZtJf820/r8f0YytJeL1X7EXsKL987I1f1gKLoSNHzSFczOi/zXsiRIWCWH6rYn4Z+smlFtAGufvEM8uPJp8ZdGDlV5zHzjOnfMklOB4n5qOEoEKzwhCgxZaQPBw9Jr0SQBVFOKGPiAnOTkkOgfE5FWra/7SkkmgdLbR4MyHar3y88Eumkrqm4qo3RrfVtaSzTWgygtXME7wRnhutbIiA6zxBsgXFpxoaKMgLmwvJpo9PjSxz5CAYq/SN9mKLYGx3Vyr4ovLjtTIorPlQNW+iL3vBLkwhLP41HKYvK5y+rBIxlEU3Gyvd8493lk6Gh55lbgpT45DYaylC6hD+Ec29DdOwFBg9s8yWFHz8rYVElv5a1+RnOfdfnrfYbNk4eanyZH6PBDyzFZ/KRdMEPGFnMVIQ2ngnDLXzCQOBCTjHLb2FlCSWDmNVFSyDx8CAw7ik1AyNgHScfpIdB/cP/ujpDDhJpFioXMD8gSsX+l0dTDRAZo5ZIIRx8gM0446lmHxWjYZM5oT25PW9SDdo+u7L5oc3kMcKXzo2JxQRY+DDXXtz4ZUigh2RGTN764thOoJQA0LXiW/MjuuXqyXHXY9o49EFHsdq3hgq5DDhcRGTg+0pOUoftmCrpZYeHrv7yYnhiwDi0ot/oZQtIi9GWpKgg4uhuK+gN5htQzM6GNbmibgXNSCJPKeG9AMHErLEzI8SfLh+QRz5Oc8NvsTPHw0OigeX2FqW3rTmbsLR/w1mCHy0Y0IEPHrRMDS4HwzpLyWMvjR2RAHx1sA48su/6qRfxOZEhvOvzX/N06WozO4KjkXWH40oUatxyzH9T0SQaw7Y77eH5zh8PPJ1KL+KhtjpxNTP9CZfuJocuskYbXxeGQgKd5Ky76S0pAjgvpCvGCjCb0ltacW7bBFpblashR+ptRxucI05eBVLSjMRJjxtKb41uUVAg5euNeLVx/r+RoFmbna0NCjOKKXm8k85OORfbPOxXCp3zBgz/D3/+2BAdQS3t9LXi1cF0DuAr1165yxZIT2U3/JBBE/wf/d3T7Z9eVSaH00HI8rJCEhg+Dp14CvpjjOIjYkSti9FmhLNOV2S4pjWzDwsLjV5yGQvJJKApm+yL4NcojfUE61jyDC+VFEmOnETcIfF5nghLk8L7QP9su5eRouqr0NboAPFd6K4Ec9GaH28nRSo8IlDDbVqdYYFzVYAn4mTKX6PWdYzKCISPe1BlYPcRiAocOFqDMKCDjxQuVvMnyl8/VRxJXVU7VMU3BoQ+rdp+/P4lFNxaJA9ewvfvX3Dk81c9AtBJ1t213GEwQ1uLUUaIG89l6AYJ2Wkj2uNfVGCwxwTRDQBsrArhFW8Pj01ysSJ2CNoRfkXBVTm9Pial9PJP3e9xBAoODkLEQfeeWxCQv58UacWnew6HXTf3iMDczH4zfAfGbYMhpVnR/iqkCWemWIq4XpdpjJLRSvpLM0Xi7VsHYDZo3K/bA4aXh9IiT3bOsFU2dM9tV9GR3WodwungbM00tTyQv0ADn2OOTSYD8B1pBzjLQDKn3sXHVyolPkGZIU4T9eB47200nCyaI0BXWGtzhEF9O9lPGg8H9AT6q1oW32s9UCzC4+VVUjXVGv2FY/QIZBkAtFnT4NC2P7sY0EpDuUNfWSPg3gYRTuIySRxJMCQevyC09NsmWx0lOiECmcvEnHh61VkmTeorHaoCpx7Jnb2TceYTCB/6fPUo4wZm64wWxpE7VDozpBL0cqjutuQuuDGKQQ153J0Gp619hruPW74iNqhoe+Qu706DGt/ZR6tpgC/pzmR3qno6a/xXuIXgBFGLJpZJNMcbFaWCsjwB8NovBFiOlTOZpdyhSbZi3DQV+SB0L7Pjt9DnGIBhKNyR1VAxoNMcA1fBw1nH0o1/fid6l42baOWc9CFOwyn72hXw+9QAh/wFy0g+mBRpD7gfl7mqr6vuIILFmo0Zt5FA==,iv:+GaLzo3IZQUbrKH+DwoClgPxECOkhyNkKwu6jj9TFes=,tag:7Gouyh6wTV0YG+MMkC+4bQ==,type:str]'
key: 'ENC[AES256_GCM,data:PYh6RRCwUbdFOegAET7Gy3g+m9LfknB4vCq6amB6pOW4Ebp3LmSjWk3fQBWIaor9J9vhB/Irp/LRcwkPg1jdyzKMP/rmmNthdkdbst4oDcZVI2B3SHUVeJgDM4qN4hZ+xHVgSx0QFS3ynp3KA1kweMis3/VqjwGY8835mqVDjNv7g4OEcmj89HZ/cPmkryf9xEy17cs2ixV6LCfB+8LGr8OoKCYxQFetr3auqEKjAnUWaKpQe2touU2oF5iwVtxThHGTu/ytOyRF5yEjHCezt1B2U3DQ3Vy6nt7PTMA0X6QtHHdP1mOIW/DS1CokdX6LaM8ynosH4XqcQMiP/HfLJ8ymx1xL6zl+CkDGS2gTCyYTR+Nq3jwwhac9G2Pa22IpeMipCKqVFGzbs/bHUzUAfj3Arje1ugCLdarZDVjE2qk9UYLqQ8Sw5eq8jEE1Jqh0GyAS/8VIWsl4+0zggSNYmDmeC9lMKPM/ltMxQg04k/gTKyHKqaeoqs8z1Y26taojGUEHFFJhUcO92JZiKlYbpE4lrm60fuLIl6uxB+mSKJkLdFyCON6QhA7rorKM5CZQb2xrU8mi+NY0O1h1MwXsTIsiXLZcDGzsTJKw8mhnRJGWLpqnJ05Y1/DgvtV9EhuaR6pORsovjP5UDH/qiO1n5gMPBes3ikvQkK8C0CcAH7XoVreVe+deEP/1yHnL5SAMP9Rq0xFJ0AupZDyDTDqdkCv/6ngfqcq+NMTinKEyZVyYy5bb9T6bgYoKAuUYnThttUnDIRtLlKLKHwl1VLtoVEpisd7i3WO3Ul6HhJT3gqHCbGVW9K7SFSotAumChmYnvXSVn64F3+lmyDbyUbttrkeooAZftYP7zjC31ITtltW8D321omb7cfwef/iW/bKtkoqIOnENpX0xUkg/JFpiQrTZTOwVCKj2i43whWdel2XEffD6nMSyys50UrOxd5CunDxXvWP6+/+J2g5GcI3JdbGGE/gDfT5V/9v+4P+Zb4/ayL3KaJbuQksQ5dqR4+QZogyjWrAe53I8UQI1B2YdL/ECoNc6QRaxby93Msl2Q7pShsR5tQBjLtgbeiOdIfmQ5nccfMbUPwubYUdErSZhpuquB2avWF6YNwCfk+oj73dWLPbNtALRCNY5rObhVb+T+te1MSxrZJ0tXQToLEk/5AUvrNNgYqD17ssTHuSKGhYkiqvynvIhXd0lTsPMDUV/ecGGh93PynRNhDVpVA37zl2DN+KOEmdJYOLVWgg3zEHoB02rosf0t9E4W338uOOq9wIFbQfoVfhA63vy/2B2EdpKZUOsqgNZqI+VPnllH5uaos0Bona2q9XnIApfT5oqTzqWLUrfw5EL6B/aKunFlVk5UMj2Op8RtRV7qqV1ybVV6azTb6Nf57lzdyyXFj8lmkDZnOBYWuq8ZpXdzNF+PJCKo4cob5VHATV9XqatEfOcMcDyvauh3Xtn6wGlbiD8K1XcrBgPoKxHNY4BjYX+gBgwSu+RqRUVCzw7wMxj8MLg5yGFr1wIfN3fOIpHXNKRBlcaUBujKLXqvsn3CzNokYYXX7Zp9oH5nGlzc+UP9PHGkt2WGDggAfqQ4wcoKk9MpxKEpGYWdblgh13ySZToA2k0a1xHOZZykDTSrxQtxSqC1ht0i0Oa9M5KxQMd2GVfcQyqV/3gZGGJ67sE4pQXfO4fmRX2Y+fcNqhLwYtcoILV0pAiy96y35sTLTTaokMvbcYHbPzLsJ4oqR37c6GYzWERL+Yf2TETpzCQSJpqmOuD+yXbOLW17wpWrIf3wfo/j4dD3las5fBXN8mPcd3a25dR+7sbef9dNMsOqsTkgNGstW7nSp/tymk4HMiVlH1QFGZthfg3I+APuP+Jqnbvyk1E0Eo39xwIXiMRKTqjT4hap5WPd1gfhIBe+Jg0+VZH/IoHkNbvVxqoFHvYStTrEe/kWo5Un2yBrGw6OlE4MNJPgBPS4F7Q+xFZod6XxcOYdvwGlNiYvlb1NRmRMx0Qlt1A7aISW09cverACiR4g108Z52KTqKOzAP5utO1iEC4je3XfEOdyQ84P1NjSxHaf8AIUjYX+oUDgFxsySbdmQzkKIqg4gyw+nVrdARYpPo0FvGVSckKF5o3M83j4P3jWaxcVj0qB/63zgdAgPum7COi8xLBViCXUsXYEczrvZCbCGTv2syGiHwLbYfH2UrIqyoSkkZ6rzZZwD+BqM1pWMP0MNEwca8DIVQFPcItRIt2vDktVmOJe3UJ+7lk+27Q1bC0DbT5PrEykXsmo8H7ctO75R0UEuQDmjuTPiPcTmxhNIi63fu/eW14SmI5m5neAJ6RSfnutCo9ia17A4K8epuZQaoerJgDTfm43uNlDPlPgK3oYHWJE353TlfA/Fkum7g2VhMJ8ceV2lswRjN6hVK1+l5ez+tXRkkjxanIfSBRZxW/6ooM5en2zyzFqV2VBEawZEXG91mQt0aQQFM9Ukg1I6xVsmluNyFGl4Z0YUmm4nhjmCBjx2h2Qe94QI2qBLbrQrmJMiXaqFHZM2hdTFrx/wazywS+eIazb2UbaGsLa8G78nPkYJck8j5pKbUy4MNYZz83iu4pXoaMXDNfQDzaXnceAbOTkeYNyLY0Hrr8h55NFFHY/JLEgJrhdnVt2nSdPxTrNDUQCNUtWud4mVSPMSqZGNXN6ZNHJkt867H/aFGc/treT4xe7cUaykReH2eRSLC06wM2QLyMD6WlZw18QMBRE2n2PfnfaL52YNYHyuIvNzf3HNlW7G8VOOcKOSAanTfJvQph9gAoh1N95xib6u9c+LhPAY59N0oGBCH80bmKYAnbbEgn+1Vle3x9UwGnkeTDR5yo+MWJVtqoLoKggPug1G8/+sUTgFw1gYpAx1a3KM+CHshswMwC8T4fE7cC0J9HuXfeIKm/oIfoY5+gVb3pGdvlXI3C0tXlpr1Iu8a5O07ugH7j+4rzd1o8Qb+0duVEEehKNWNSZA==,iv:JYJ5gIun3lEN156HbX36zhtDMOjUgPBWeGqRBsu/8Kc=,tag:Sopg+BPB6Q3BIlz3doAx9w==,type:str]'
ephemeralKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:fkJrkl1wkOR0rmsEuFCK78fSwWb3P1THxN2pXoMMnNt5AfdxLyYTb2OczfdtxU6HdrCeg3myibW83P4AIZfs5idEOKYeNgh05UDYHy2kxjIqYr8wBFM/OEe8okI0+AK0Fw0TmQzv3KEm+9yWfava5uFMe6eboSGwZ/CjTUMrIihTbw3xcHJ2PY2Fjl2YqJkcERauLBrLt1UyL0r+nTVbaqJ7mtziVLssv8H96+gTo1C1OaK3LHlHYjUDnK2Zkwcao6EqCxnFQfxlX4b2CkaqwUbs24sG2ewiJ3smIXPTWeLMZB4W/GKx7H33y1rATm+Sk2LixGP0zCXQl9AmETsQfZdOaLZEmdhizwEIyQd20Utb0RSGlP/RBclwUpX08DjR+Oq01mwUVJaDUpY5cOlO6ziFnjeJXZM3mQQ/MbLFVvkUUm0rGsRkYWz2XA/SQv5H3rvEUpKvBn4+MsIL0tID8ciBKoKvajP9KLy0l+njEAzJgqqGWdgO/ZhQ1gaPzOZo/OIFKH0jrhgs6AVG7lpm5eD1kgKpkux9mo9FYOaNetdRCyUnyI+cV8Ikix7CFfkVGS4o+FTDBHnZ0D6jkqbjimv+NwFCxzUxTrHcEBW3D5IYaTP2GVFkieALMWMF3foYhAqUiLfEjyRgwdTZpdTPigD1iXIVk4QUXONTZXmgGyrKabkFh730IT7QBDlRmvrwTIaJ0WDaHbPesL8ZYsW0MDQW1u10mLLjK/3BrCzb1lltasLQWh/q5e0MMFG1s4G/3Y0u1Lrs27bK1/SrMhhUwX2gxaxp5fWYARcKRtaarbZ1TgWC1PxqhUmbsvP60iPGn91qlGpMJ5VUdci0S9FQM/I7HoO3UjhhhzMTiQUyAWOu3+0QIDw0T5UIdHFbZYmqpn0XqXI8bhP8DPsHZ+XKEJRsBktl9/zdcZ+TY1QvsbtC6JgeS/P7RZfaWG74N2h/CgLiYuWpyuVxNlaYSpIJ9PNesRP1GK3CUpCp87H/MN0XOboXH9wLMFm7O8ayWKqOeVdNJ3ziFk66LsdbpxMlqy8CWrgGtPbgpDK8HkhlC6ra1BG5wAXUMXl4C6p/+027Et+IOuYwY8tD1z2r/wWpf0HcUrrMe1nHZv1vMszSA1i9eEBu6cAR1u5mKCzjayn/QEaYeGm/ROuzDskZy/KAPgpq6g2NYHqHfTPUeO6eB3+e1UDWJ4scPSJWetAFocr4TlZCWygg9Oite8h18N/LNziVQZ3QavUdCL/gZ9FWlS9i8zr8EFHYtQ3xJTC/g7W9EZkuNPYCJi3x/uHzc4sVfHK/mfoct1Gsbnq8atH6jDWhR1gfPS65AHQbLmqU1sRyGcwmRQAa8fiIlUP1VbTnkYFpXriVyfkhF/lBOxIMwAoe8OZ5nLg9pgnB/ZacZ5rEw/M1Fb3WrNdPYxe4pG7mgW6hLSyhkPEqmek8c/ZL13psgwhrsuhO90NEf/uxVt4HrPWUNdninHqiOjSB9iXgGaGSIUdCmLNn065MeKnOyThneHor61L+WarzDIhhZ/OUSgiKKGGvXPfKRLqMSXWf40Qy691EicQDjpu+RWkDy6np7WrOWd7uYBhkoz6WgQODB5Wm+DGob7eIxw1V/xiAuF0nDi1RJc3xEkbkaOX8LrUEMUMvvGxJTdGNfO8yW07owM0PddoUGuhDeg+g7SLUlHCJUxNpwi6lti02wbAZ6XAxc2ltN9fNZ98OE1VMtSlX+4pFLmMxtb9S1N53YS7MFejreADRoNskyFK5uYuPN5+a6lcOMHnXSKZnAC5EZsl3AiuNNIS2hIo4Hx7YJFZtB5JlF9YSjFXZDnZiSwZAGvhAUHq2Yn0UVModpN3TrBzSelJYwY+aQDJ8bSuQAp6U/2HJ2FFQFX35waZMHYqPyOlXiCGeOl7dYV+IpCMdZZaPzwI4EzjZkfKpW/FZBtJ/p45IytHI7gt/XAsiWQ==,iv:KxGVXmvi0AMbUQ1YAJTpYH5dIBA6ownuLtsI0K8Riko=,tag:j3HdCtl9Ptj6UH0otSsLJA==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:AHrZ8/PILjb11JmChZDN43f8HYcSDUgj3//H0T0Hq2dAypGWNgiNQzhuJDiEj16qUYTJZqywhV4Ft6z7kMpI3wx5GcKPnYHr1RQkiufORR9QAvD6DImK9/dyxF44htGkbv/8x7Xi/Fg61oDSXa81UmlHhXHeoCvHRaiAhtPtCmMPuFraCCWVzzxbqIjgaGWTaHQtp17ClgANPyt4eQq+hzk4fMCYKSCoqZcCqnklKiYaZI8lp/feT9MW4eRNJG6nrhGhEF8+DklOmf3uzdKIuq8kyBeHBD5gJ8mwj7N/oFHoWG9XAPojjs7ddU2QbNgRWroGcJEdHWNt3bsqEDkRc3CMEwMbACEIT1f9bGsnVwFVS6TDtJcNoKcp9rSyohNkcoeM2Fp5aweMkvof7+773rHXO7XjSKFhb/EcvES0kBNTVwAGAJ42a1gWgA3aXGllXr8jiFMehPIP/krgb5rqDiRxRY9BDQR74x6EV7la7zOtJTOSVBRe/CWhbqg7H9SJN08WY+4wcZ95+Bbi5pup0J3ZY8HUU5poFC27YLNkpVBLKe/95LKAtU6jEuYiPuOICVGlXZFIA8NHhFavenbsGxULRM+apKLFUIna1Q/w912kK7nWYdAMDJqgoseJz7TeARHDXUagWuwTPJLw9eKi/c0eS1cQ/d/Wxl3hc5v5M7YhxJ2jU4j0weo9hbuq3F3nHZ6eAB7xUZlP02MAuM65NpU0+c88KC9x9p5rt64+h5dssrdgo5IL2MvDAuwHztxMv5TMAp9ZaHfR9NrKYoBl2sSwtDw1Tq7QS9uoD9jbuIMGi3MON7FQ0joD7NrdATeBY2eJERXHrVfCZ1Ft3vpooiyYed/FKSlp+CzPDtYnLCfDThv/dMw9xSoKPbuigGxzkdvFfrLhkelbwKH6j/5xd1xKIzvzmRvGi2LDWHG6qpJASLrNBvoG2NdpEpIgewwDyUEk+eA/BZR8k26S1QuIyWkKn8jK8O+0I4Ff1/9Fjv6RBw0l1e6Na/3fT2I9znpGoIwGXBSI2HMzwPwj/VjOjM5pUfI1rza3FfskiN6to5hCVzZxTqKol8FkfSj67MAC1yW98ryM4RSvAHctbNqZal1Q39drgk/p3/HqTyTYWtTjNrSfsNg1wn1Qz/MBnebVHt3I/C8bUsJ/jQ4Y2/6AfOnQP9teO8LGw+C1FDj5+9hmmV+aRL9zA1CZOrSonBiUZvJRsh5tm7ZSppZ/dLh+barslw28go1NPqFNSBXdEqQgxMCTkVL0R7M/0W9HUbM3IVDX58TKijasJ22K8VfOYPR4C8plcAKosBCdpL5W1qoCpFpeo23aOR26LCuPHi2n4A5OxqeXHpdzSD0PQG3nhJQUX6PBY4wHDwx9q/fyrhcLl+uC9ezib41iRV4wRUpn/6exnvRCmrGpzuY6A5H4uWHSp841gSO+EANPtCaSVYb+8Xar4QV+cE2QrzzGIcJETgpjyDZGkw06vbU0jI01GvQISJBmLkeaUZvFFnaiwlBPpclSRyODGdGqWmVZz4uGJG+CB0WlZLIM992nN2Lv/LiiB2RdLswRGhD6mBSdpDpaEth2oZRXdgbfPOk5d6Aqqj2r+2TQMAZzyj6yNCLmjkQkl0eAdSOQMK0tvuZ1b0ft+jnW6qr9BWR/cXVoxv0W1mBxA9EvNRphXefNr7obAx9PrAjyB9mmr4v+sWxrVQk4wgmrEERzhXip1DwuyTSZFcfm4HtA5skq/QcVRrUraKOJfDU7oFq/ZMYPpbgFqQrFbjG32xdoj+JPlCIg2aqYX1uJwgrLxcZutTUpGllDBDxbiVbd2y0eoAvw858a5rXjiaay9llk447IofumD19ndpWjc5/DrJcWKvfGV/f05YTCrISAMBBcEQKpoP2NmKh47eV64l0zpWAMevuWET81jWgFE0AbpbiRGK5zO6J4eoYyqKvmGwSM/c55RvOyBPYJDwaSuJsE7Ydb8aboiYF5,iv:l0za+exweqGI4ND3zfdLELyAy9fUsf6GAxgc552p64o=,tag:sUdZIebwysPNteocS618lQ==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:WeJY1lARUlPKfAixbJEFrf2ef75yr7zto2L3/rXmDXAPlFjqy3jwRbPPIQd26VAEUIYd6C9BxdJoq7yzlF394GSjiHWjcGnR8B3ELwvxVtxdyWEqHs4TC+LwyG3/5bv7ZMIo51USFn8W4UGNEJ8lCX8istzuDa4JCI+LbxlTdr9iuMaXDtRhqBgR/8aabQtCb4J3udAbhmUlNoXiLPDdlsntD/ZxTmJuoevPGZnfaPCcb1kTczP//kmGutlu74Z39FwyUwCo2k8OnXnioqxViUgRZ+b+DgnqZKmCTMNgEy7a4QnmGbjWQqXCNGI0u3OcZ5VWvp4BYydrx9K6VfHbu/ZqHQ0GGKpq2va0nLlQ3AneqQMPOqWiihA1tNkIkXYwjwmVT+ny8MLPpSYa7gc540iTh42UuU17iX+N8f0HlqSv5VqjRBUi5osXCKZKt9nzh6CKEySNpwU3SsWbI4zTIQ2HygK2r5F5H9VSATZEi4rjW/QIgKHIN7AQNGi04M3hiJKD+67sTpr84s2x79cPtskdO4XFH0byzzC1Rk/0MHDhaYvgzq/SG6dYN+dPctW5IRGJwyc+J1eFLHNYBfRnQEM9OG9YftlxXAL/ieR+3fJ8UEwxLJeQWZQxhe4gp46h36z9jf/nnVBm7A9+m30wkOAe3pyvHt91ZJiHTJHIHuK9+C5QM0VGEGw8ElPnYR4SzwkD4YzYZpAMguEpY2hTZPzWrW8hc/6LXYzAJovrODq4ZjNKkFEJAWQfM7NC6VyS/NVbhUIK/tCmCN008RDFN5Fq5IdRigd8tFP4LfUQmxVxkc27Ynd3XQXYWrNyAe7JMUCWidVdQW99gjiWaI+K7oSEntlXl7XWMdaChdG2wlIQC0T5oQPgGJ2e2HamcyNzS17etx5TZ1/dE5GH29V8GSAJbP4Kz7xRrzil+c/DLDeGHRAA36VJV4LMcJOZzkfqC/m8exILOLWkpqz98sxBhpPmgV41yZ81bMzr6OfHbYQ+wjDzLPwQ/hvVKmbhxVX1SkhewYWbDT2ada4rVnyLO84oZ+dYBRQ4IGt+qjkyqn4lvduipUpFcynu5SRQ36axoYxF5j2SNa39SqA4i+QcftFrjUlcs1c9k+I5sDqvCqkFMukVmTv6fP2bJPY+js9Ixc44ULMbTdb6LFXCKpigNFyr1Kyu0viF2/9Y5Av+lDgXOi5obApLemcVrs/Pr3u6GvcT6TWiYgtv6Sq/x83+m3X86cPRJZjM8v3utLrVWPbUe++Uc6wkKaBcSsKxaUnLR+n/GB9ZIyjzgmogAQ77ygj5AOWzxCidU9wiP8tvV+1BS4P/LSPFdSJ8khGORr4drvDvlD0hHwEpMFZQz5TyZCXkrazOPu0Lk6I5LENXHuwfu29dkjm0s7PTnPxlOC2UXTf42V2rsxVpAwp7+AuwVJVJrinBlQd7aWHXISWFbisgyEn3FEvIVDqMIjLeTtcmGeIwSuVwCpNt8OYmbcUCdRN586Re9ph8BPFL5Bbffw/O+4J6fiewEeRImgXfj716c6a1KjrhfgnLQZ+wE2gyFoUcu8YvVdu0L4YCIT+hhTDAr0LU/doS0bYj/KDpkzyyw392KTS3ZgHl9pU8WKcL3x6Ik/0qbacvCbxPLvfwWRfUA3seOqPWlMvP2i6u8poAdy+l0ij4XYtqvQEWoYBERrM0+5EsyfJmJtOZYoadTtsJV20s+j62oi0WKqys9fVlI8bzq/ygY+GuoJud7AWwbst21xiNLA2JmSAYNlaC7d5WKWZvnEbbWR2zrtIWq3aaXJFgq4Z6Xbb6V5HIpuJHNpK0r1YK4mWdY2KKFAcedawwmWAImQTJWXAzgYboQdyU5ccVCsBOSGCEZHSRkCXZN/ZGiOYr+ldqYdU2ngtUa9YB4jnbAa/Jz9C+EY4B8OYrm/VgoHOKz86gAteYD6eCCgeXSkjSX4Ju/7LFkjJsQnaRBTXVg7Cat+EwVwWswJ5cHpCBXUkSczKWwF3fj2OC9qHXjdAxADH56S7bG3wxnIMVNhqxT/7V0Y1nweZy3gYToC8pUHE+zxnhCpAR06iSC8wnkjLaqpCVlKtPYhRJTLPk1rWHENQS1AwIVJ0dLmGCqgJCv1aSnX8ykRiM0kaC4lYlK4BZMfe4RATt5UI6pKjv4lwyMVsdykQdOWcJSowADRSiLT4bui/4SBPTdpLTtN6SYpdUJ9UcoZhg6aK+KNEfqgcXTq3uiGGILX6yzXjbcHpDyFxn4skwGTqBoN/2fnfGdiWvP4RdZEtWELphPN4ZboGo8iQT/ztsni0ZeTykuWT5q5wQUncQCrAeaDvTco3bN/szi0Zngs4sIPY87WiXAhz5GzA44y2UMVZhWtAkXD3Y+7WgtDs229/r49MSmUElTC4/oxg9wSxpN1QtvWKdzdOWZdmQxHFMKM21ys0yezwo5fnsH+6XifL+MBaYwuiJf5B6Mvh83M89z19jmD4xfJd2o1MhaC0K1RMnarSYH4Y26q/2gnnN+Os8Jaag1wZhKl82M51BjPZribLj7yRlwJOKon7p+NLkYML51eObXv7Y8S5HIWNmaZD8CfOC2gEngVl5bog52wpF8xko3JtdOahizovd5G9HhG8IBs37rwzOoVh8J3wY1XGXFXie7lvqwT0NgCkFFwwD2K+GuEqImrV9iW9I8OOYXh78n4FDw2DmLQCW9cCMmFypkLlLxmQ/5JOJsGsaF/wklSZ0oMsS/wC+GW1AwNAO/e4iimNfxH2gD7Z3lTD874JFVhC5gfHgEv3M6NCEuoArJh8Gw2h38EpqlNcgAdnF7fr4CcLM6VFGOw2+D1jJXGQ2RUgZnhyPZSFRN53AQROcfuvBEzIXUKiW82eh3b3/FtcxTUbno7O9xkV0S0kPPYBg4BKK2Kmy5cmFLS03JKA5KvcSOHT7QpVG9oVXDQtbk/qGQZ5osd2Dr/pR5lmjnqHMbc+530vx4vgWjKzfutTYTg==,iv:QfiqUy0j3UUyhgyBZrTxdZV1MHb8+fugIanpWDOrzX8=,tag:y7lmjUQD6mBOTcEZBL/iyw==,type:str]'
isoImage:
passwords:
deployer: 'ENC[AES256_GCM,data:f8HvwuwgSQZ+FxleRdE=,iv:w/nOspDYaQJYUrxDaatZqfwzJz/MtosLLOw3BAi5kps=,tag:7ZxUsFiUsX4r9nx6Rf5LCQ==,type:str]'
root: 'ENC[AES256_GCM,data:llk5QE87o2EwzNTEfOA=,iv:xAnpHVc2rv2Trex1YzCmh0VEKDC88X9pWdFoOfZeofs=,tag:/Z6/tjBZuZMd0xgn25qrlg==,type:str]'
kind: VariableCatalogue kind: VariableCatalogue
metadata: metadata:
labels: labels:
airshipit.org/deploy-k8s: 'false' airshipit.org/deploy-k8s: 'false'
name: password-secret name: generated-secrets
passwordRandom1: 'ENC[AES256_GCM,data:o1xUrKiOPaucB+U2JSg=,iv:vJkmHG5B9/xiQA+qfRHyYwQFKIG1P0S0k8qwFCEyICk=,tag:MqLeMZ3BXhNKaUKvZoLStw==,type:str]' targetClusterCa:
tls.crt: 'ENC[AES256_GCM,data:dHn0PTHUtSPdvuojub16FQDoB+l2ulLdo+GlPKwRkjhZMigNu4V3QRSSFKM5cnda9SJbk8s++RuZKuq0r+95mqqsCCg5ygQK2dh8yimyEmax7bxXtv2iL3SwVFf4CUa+lmyV/rwHkagjQqOZAmgVlOE+lXmpa76DrX7U/KlQIokyYrt5juxNcrjq563j70obPuyapFHneEoylwdM2NXwBVO6fzX8oz9DOB1deBxsiCkoBfQRUbiH4V6r8Oc1XvGOGhCHMEIueFXy/f3IzzD3HREH6a54l6Q6E/OmK27zsqYPYoA5L9NG4k7FZLjZu9UsIMKk6V8YN8oUYUX6AYnlyiaRobBqVoLf4j+dHibgPkQC80iK5fMq1Ob/4uIxW/cm/iQwtn/tHhha36Ly9BVkLUMirk0jgcZIg2o/fpYohaIlcA86ufhpr/p0mNe2dinreoTWcZGSmTwNwGdZrUbYBMJnH+nNoj1tTZVOd/L6skHCvL7/l3WJHflaw+S3hr+WAEjz5vJoxgkU3V7myz3rLTfMA9Vl+0kxqcrLvuZQl8AFwtuZm84AZw74ruheFqvGs1z/dyoA1hkeUa0MJdg2iOot7rt+Y6ZWwAIgpPEAaSyWuviI67N/dhpkM9BNutALjwJnHN9uZS30YzZXCFpK1XM7K68nvuHVKb7JM6SIzMT5DahTqXfJ101gmMIMsbqBD9p8ftQTwYZSMWmjdojRlC25AtaD0UHv9G3SXZQyhgU8ZFmFI7n+gtwihlozOcAo51WvDRKxbzwf4wrY2VPORgZa6L55FF8mO1NrDrCWTbwDI33Me0i+tqYn36cOj+NF7je6Reu9DpSiECH3+a2tJsD2UGxuL37dutxk/PtXuG7N6TfGj4T9lVCbfaLF06i3oNrcNSUKF1pbMmOM3e50FOZM9gycfNWm+ONJk9frzTT6lha+rDEvsGld/6+gHVMWct7Z0xDgjohlEjs9YjF3gjQB+LF9I5ndRRbPXXM1RFqqSdkz1celXD6ZOGGY/jtTELYTXrnn14gYHhxa4NFQ8FSulf47DpeltBrUedugwuXfChmn+Ty1/5Y1Owm8fB+xjxGy+8FH6HonEzJBOVQCFnijjJ4TRCUIztFsMIMM1CdVlr3/ivxezW6oFyuqRpq3p9Z1MXZEXrfMk7vI0pSWfHl4gOCXTd1dDLSGFfpdqjxe2mL9FhDvUsXRURDnWPxAnYQX3D8NIuoykIaUyH0T+AVfLH+H2lGssQ3AWogHSVz5WNYKZze2YcWlGuGWogTLhaRXz131Staqqb7QHRId2pWsnoZCWNcWg9wGVMRj9RC5IGMmXNKEIMZEV4YPsFPh8yYv0iuqOi3ZGcWCZZIB7LiqkOkI1AoZaIL6zuWC+WOahsvLnqKTMDyl7jTZle6sQS8AiDaM4bZ8GCveLFB5dN1uwDD8HA7rmwHi6j6udN6Zki+NYj4ut2Ci3cfpWFgMqzTwn7M7cooq6a0TYicwgNnftKtY9trr9KUI+s6yN73bXxK/ASfwABvUGbV2pLZ0zMjiAk0P/M9n11VvleeniRMsziYlV2ccRLYC3KLdZdhtvNnCn791X2p1E5kQhMcziGDA4MeaoKY7VuqW3PRSKC/bze9UWrwYMYmnktXNeY4uWurP1cMCGOuJ1N0IcKHnwmvZHKB0ZAxlZZTl9SlZ7ktzcLlaYUFTIYdp6RqoT7vqnDCJLi/POYpKq9CHSCuuqJu4vnZfW8fwi/CBZQt/VR/jR7spVk42UYjvWy7G7DYy4hsaNZBQM+RS/59vgOVBwdvKZRiNPQUMAGvDXYMbp1slU+xHIYhp+jyBflt9RHuaKAe6eFyDEyLz87ccvqBFCDSFbKb5VSW3gTTfV+YU/L0kkR3ZSLghg0QQRwjXJPpacmP6Yp4DmJYsJpF3Hi6gUD0EwRBTPhGkIgM3FjZYTE9BVBA/Q+NNmH7MlA==,iv:6j/U4n0YatBxXxf+gUi6EzXbJU45jc9KZkWOtN0QT60=,tag:iPR3lKvc2h7hpOr39zcI0A==,type:str]'
tls.key: 'ENC[AES256_GCM,data:nL5+ONfbkauHH6DH5ViV42F6u8Cvl4bjiTEgUOmbU1a/nyvUUnLCJlaPesr1iPlj+VSlAEjj2FSTy+yi/4QHhdpql94dPCH0xLQFIZKqMegHXuT/+ID97upY0Zcnpa7vRYXbM1ev5dIN+0TkMAaVuCbXvMHG0i85kNKj1FsuLBgvTMfs1IzSXm3WsVIsUJHkGZMPSjF+SvfQ8hcnEiduLbkeEtBoOzLSk4EOgPbrruv550DR3sYb84kpRdf8gUpGzRq1Qkr6ELrnG1f5osMBUOwA1k/AiA2LCtEUPJJPb75V/AMrPQxQke0C7c2m/efk4OdJDpcnlqVXsYQpk3MX9qz99sYS0BiCZ/7cy4o6IwSX4lU2iPQV42JVb4oAkAleCja30OhO9cIAiW3QMBoYhSxD+sFHnW1HiJdsNhNBupNk/d8Vkv2VQg8+Rz4dgupd8b/VsD4nALaYS84JK1IsWClbd0y740LUOa4S/XSa0gLl1njocw4bg98XGBjiEEG9CB6jBOgS5LCL8hYdE7a9FX8iCRwDI67MU0ah7vx9hWYoal1Ke/xLWQI/D0aU0Zg4RXiykOY/HfLxzpD56CrUq2GMNw/iWzDXoCCM140G5l0vDBINYAbWtpYqRQM8aQM8yh9wTgA4PJsSDLOZCYi66GptfPXQXjREyTRyqVOx8AoA95Qp4ggVcGDz9uRYYgZknxc6gxcsPoKXcY4JcwwK9zp3dsxYN2GGVDgHstzVGRiWrm9vn5Y1Jy+x0ndvjC3HegEGju7OpkOsVYMl/u8mNCzi33efGHkA6DqCXA+n0DF8slHEeb7SngQsP3L2UbfMPOPSMyFFXYbWe5h7YP1DvPhsrTEAcvxIbOl/aagh9GJgLpq1pWFgYBL+4Lko67gjZnZCd+WTw3/R1W9jnuS7AQ+x0Lzxil6+fGIt+tYQ4QZChw7rghqoGus6UzcATe6BiSwHG5Ltj799iqsuLUckFFATayWSHYfDs5CsNokNqQRTm9Ko2YXEigLb1J230WgoWBgaeASL18vZ0b9Ziy2rWNC8ZHBis1mYKZvSlKhy5jgXBWSDYFjI9DPGp6hWbEefYd1KpgVN1g7aHkv7dZibKlEM8OkxB/jdncAruO+I8ROSFfj8iWVFjPuekLNqrMfubHJbXgUWOsp+BzQwgtsqpjVHFK55u0bJNZ/v2G+whzQA+VnU8RS5SVCV0ZpzJIsG06lBbhUGdP4RIJjhRwy8LI5fjwNshExsZPC4FcCV3n8bBb/8aqJIl7TQ92trz4QWSo8Yo/6rdKCIX3/zADHHfjgPjOwLw1Qy3QrMc4kxHcEk8b9fgHf9+Z4H7k2ttdco2W9Jh2utNk5Qq+Zms3XTl0Cw4gIaZIndg4Qr6ZBCy9kzLva8DYQgJLNqgrh67CZ2SRGnytkpNYQl4KgCzbAGdKyZlGisUXaqTMwFxGEMb9P8HKgRUo8t8mB0OySg+2a7UIL4EcQLQLeCMyLgCtB0Mi06bHdh9Mo4AGCFGwC3ocXbn81DdpzMKQDzKlqxTFwYPKn/PP15TGAhQaP/29ECAFiXTrouvl2wmGnpiSsFKWN1391UzO21eBmxwCMf970M5uDMeOak1gaqxJsW/ck6BnjmUHSwZv5r/pTBh5aDjDiylKC7+sH0/Xe1upTcb56Wks7rj8hf6Vf9l5kn9lZZsE47PeHP3JZgosXyKpNdMmKsD/kKvMZ2X47KWfRZoMNEY45rwnnYGErKAGqooGnonP21eXXiXDgTHt0ykGP0A/ecDMLFYVWedLKVb3pUi/R907GgMPBThwU7EZNZgnGLzqTtRe/hCZvJt3DHBbHZPRz/Qy5RC4zZftj1HQ+B9BXhymPembqSv/DE7AwvFHjP2W9ZFsPwE55AnldTcRGfTmKIz/Z39qf1u0HP1hV3Z43TPDaE1HO5amNQir8c9BdKocyLT9TgErX6EnqEiGB7lGwbHDz52VSHxQAswU/uHBRSZ3VaZ5WOpQY1Wq6PqZbvVxKXASE3zMoik9SmICfgSeY/HJZS2fHk5rjm7uKYgEL2Zkg1/hxXIQJs7slc7znhM8tdKZoAa5Do753cidM6PmbNwD+DmBwT5nZVp3KA5ffaMUW3YkzaeqBgkBxnUamhIwgx0E7kyuvzJxENm4XITI74wNVmFYSJW5CfI5zPKf9yWxOHDFFH6v3hdoLOC47f0DUZQEdGXmVyRQcWEbfgmiZ51qfdi88A3CuUDmR5VXAVpA7+7wZkydSVNWfViOCAiKEWRutMCtxktWTTNBCLOoaC/jEOjbuD2jPA9SzSwvPnZeT9Q3osuf+VxiwzGIIND4PpMHrG2BYT3SojLeIzOpUFnYYRbV0jdU3qAglJljJ87r102UfynejnJpyElPPh13mZNkHUW7dmWQATqxux1bX92ZfbSSMaJPMulK9F/DkZUcV40/LAchfpPTJ0o72pTvVi30o5VCOv5XBH0A5+clQ6hs2nLY3vd5TF+EsgFynRUoqPuP5+WSUO/zVOlpw/wd14wHmaud4c2Z9q6bDJeJmJgUSmI9LjlK06FSqnx9AEHLV7LZA0s4JEoBoRSP0zOYcZ6KeJGbS/kDR53s8XMq0bt+thCv9AtR7L9dogyhC4nDFdqcjLTgx7A6cQ8sh8wmwhWEvBEZ8pT0cgY5x1RYM5ae3SQSK8a2NpXg/X7o0pECxe+YIYtt+Go4M+6PS3JZnqxL5bHUcAo1M73BNku0in724EwA+sosvblLnutDUBvP4naOHC/RN9c8QgkLCHIy1y5+NLWEanx4yTvbCZkZbhqLSCsX6Aoew4eF5ep6Y2BNiAo4cXtX4FQvgzBqFFu9Dgwp4iPs0cy9S9w3bL9ELWmukwH3DhjpByNQ8UEfR5UFsb9lRmjtBdAGVkdaJAQxah1WWitdqRZjAaAo6y6sRFLM8FcXqSuCjKXTs6VHWiLLhSLCWAFFRzMNpGqnunOBhk4uYpn1/XSVF5UA==,iv:HFOdMUDdmYFat6lW7YDJeCvBSn4HlxEBHyBQ4pYi2cs=,tag:w/Mf8KeiAUjky7zcR0E2mA==,type:str]'
targetKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:pS6RXSBAeCT5kKyphp3sP+R8ps+CXvzEk8uSmW4vzuehcWioa/a7f7tfjBJWJq9QwG5tS63j/ijHdNcFne8aco6tqQSShqsH6uW7t8CrodB7+2cbRsoZ0Nr2u4Dl8Xddp/YHsCQ5NUHmjzYEADUn2Rg2vYZS8xVxB3iwHqRSVkWCCJRxYJiAhmXyy0xaYX5od11Yucqu7Fv3PUPP/BVZpxVUmk5pLRueZi1Dhg7vlVy9IdV26NwCPCyvRVPldjWfWptWnRAEWusn7efVgpIZpOg7vC+MEuvgIDBVqo5kyuKEHBOgzdhkEj9X4tUyLxG6qxYJDiEbpqPZk75yr88UHIqt2jDjd4M59AEqqPMCPWlOYrlueSyUFRC3z7r3bZPWJKBEB/ln+g4MeC2DbkZ8uyw9M/vEMzFkPUm4OXJXdU1phieRfRuAqxNLktDDRsfSiZfqG/DXa2cYBGa3E+0AHhmhGf6XeSOesIW2bsTdS75Bq9k00N9HbMSUG3IfBilajlZ6cTdwqvQNsVU7R/lKhfIKT1RJdx88Kb8SDgJp9vEcqsDyMx+TzL1LGkXcUYo3Pe1dR2mQ15l2vTOaWBtitLzM8d0AEtfaVfl9LCcDn4uFwFQ1P1jYHB75ULSK3Ft1VT1GfLoT9+vogr8Tzrz7p3q+glHHrBthuWPPga8zcEON8rYk99B5EFAEf+SnPQwDMnQ49aE8W40pyYeEgJBy1x9/I4EhZIfsIGjz45VX6iiGl4QV607ced/mZ0f2fzNlWorxxTSeXhIijyu42V9vvM7tz9Xl94FevpWbNH96SIVLQ9Bdl/fR1ZH2osZFmv6g5rwqY40FOVOR0KF0fWgBF95qUPsfSXQ0jVMlitv2tn5ijdYigJORccQxluFIRv9MdRqKG5GLrhG+OP06Tvl9agvArgHBiraTyKySMv0oq0+holFoGLUpOsCg3KenOeRbUvadkDRYx852H/s6nU9vjbYn5zSUVLcpZG1UWQakVcIWqjkQWvDtqv5td8gzSRJ8RkqwuXT0LIO79JcrG4LO38+8Lr65whuiRAC/W74F2IcPuPS0GbpWVyovzkhG6NutuJ/3hh8NHF9s1wm3e/X3SCsZKJEbKTH+46gc3T+Oeqpwc7vn46wsyIn8ix45kEJlf359eTQALYjkY2qIZSf7qwdvlN6W1n5xnPDgoYLzY4ZIRwiQruiTebSDvPwcbl0q8rkYDLLA5yv30RKvBLlyMyfWiBc8zFUemygHIRR3LZ7bDEml4Ki4grpJmArDegczeKNgoVJfB2D+QxTHOLpgKVLugxUkBnFFonFynAgnrS7ANCN2V8iUV+DRBsbL3etwSozVFs3IWYxlmqrfCFQzL/Tw+e+9RbYdCO6+5zIZJH66ThJYXewGnjIQmIjXQWXQFQ6DeqHVUM9I5etmFmrePj2vCDYPVOJ1xBNzePhKKy/HxSyb89ljiybMOafrPsMNXZTqAU8csii21Yfbjly13oBavQtzms/KtQk4pmoRRsXsMmMPX9GZqpRf9QpLkJQFMnQPeno9aGNf/5Q2DwlfWxJaopAR98CLJFKnx70pDS4DKeUUXFC/jAxm+Z1FNJqAtGRARxFnzZcYIzoMaeZ6z+crD7o/ALukrnIqWtFDJh/CCGJ6kbPup9142TxCK0DbQTobPJoIx0dBw4s14Wau7p96gRSFXni32FnBKE8CfpQED9qZ2y6U2MKb+7qaI91PRs6LbGJswmum9n4bPKcOiL60+n6PRd8gSJPpJ20M8OYRZuu7znUwzLf+G6jumLG1Aqwvm3/eWU8o4ouA/MkatrisR32Hg/Og2dw/L6W3a3shqh9PLg7GcwhmhY87dFAvfwiEYYx2wG7Oowm+IOiNOnNUaL6Ax3xWpje8Czp/FCHXI1z8E/ZHHcuEkAHPZaid1x0sEE9n0s7GeaI+D9FLPWKQ2sdbaDZgm9UG/w==,iv:03fiX+pQv3sINBBiMVG0jlszcRzBuik0+YLVs5WrQM8=,tag:/n/xc2EHUDbcOuAxZhPV1Q==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:lmhhxijI7HD/SZRVrQMYo8Ngo4V0DCXDOSxn63cVePeSf8j9QbBJiwnxeZvPx+BMuzu/bv3QtsE5rUo2yuq2HZv8Ju+z5IQPrv0wSYYq9WOpi2SDRnN9Mn0c99TlkxxyJ/rUJsr2i2PlVhuVnKPwNqg/IXp/SMJp2FFiws2eIs0CglClzns/IgzXTJXlrAbVZHhD3YPs8+1I1Kr8cDRTqV6eyzWQpc6evzcDN8AK78I8uFNrLJjCbgh7CnSsnjxYngeF6B/bAqAdyTBxMjeU+GIDIHYmNKn9UlIdeqYC1rZx4Q359gH5mtFuGONDxhml7ideeNry7yPp6PuNHi7Cz33gyFzY+uiKZAkuCS2hucIfSIUOPLYlp0wcfYAxVCAwUUuvan5gE3d1SRk5BjMlseA7UMIpPX5lyB+9tek+9AAYyy7TczCbXWWM7GFYdwTYAqWwGx10fjblwvIwpK++MsdNQZMCHvTUbq83uSyCSb3T7hR6YG/qGnWcwUmJYj4iqT86Atr9rC3CSFwW/0GhvJmlMqMyhPB+VPlYWxqqASIcm8mqLFG6aCeODRvH20kzcsM9FVzO87xJafkOEJBfWUyn6m1GN9V/5z4Y2y/4VjgpksoVT1sV7jimtECjXIp+NCNyNKFc9w7YzSZW9FuvBJgMqzqWxJzupiDP1WiHpa5FMCcL2+k/jBPEqjL0nInWdNAyIc2dtnVsV3wBfhNAd68sDA3ele1HRBPE3OsGDxM/a5mzUu2HFVXdw7+ptq7Gv7qxUxWFP2zw+3cHDIM2Vkg/mPP7p5NMME4DnUb1eyV918db7N4TNJMm8tU/dYfozXYMjq/GpH/ubCaFg7pGB0qLCtkgVuunakY3ARYlfsi2i21gJg1KnHxWJDGqmC1ICjhdWybBA5xo1jBL5nhxT/cxTIRSeFEAYDaN7QTSQjwSrAQNysyUe+gSq8KyrkFMZponlIE9FE3CVhYqqbd2TXOvi9a620Y+Oke0BJb0IUNuaMOfveLTp8SmmAtaxFN0mQjiD1XIAa2L4EYnSj0WOChNuVHrSntiGaJTIrXAA1gto8ysU3OTkAeuRvCZSm3iYiKl5Hs2mmVae/oDBoeyLDviuS1olCFxiVItrQh5VorvBQuytogQMHbMDKk25c2tn0+xYCyZgsnSMPvommIj+yBbKTT5Rbc52AX8L+I5OCQLj+8nYrSuGh0694lLCi1Txqd/YLfHJu+QwrGg00EQga5XMRToHxu0SLqo6H3BA4WnwXsdHNt0wQeQB8L6l7Mc9yC6L2Iv83fkbdOmNHxMVwYSlmEmiaapaE2BArc2eQu/Qcxy1d9/VSoscP2XKc612g2yNCaDQk+zQBcYOKlM+AYkiVwPDsPZ6SMePzIYS+U61rhdd2VX3Wdp5bfWSI9obobey6bv7ThYdrR0T9Q2SzGZTY4a45jSTLALRXf0a9onZemD0wNyQMDFZAr9g1LEIuYMP3wI3n3TaAPtbdhBXqy2qrnyyQewgr3B6b5c43pYgmtwhL0eqPWus9/ud+mlvn9mpA42/GDwdzdvbJh2U4mzZdNQAYiI0bDZ81e3BdZiGF6w5aIiCLX/vgIZF40UHKaEJ62bdT8z42Y3kQ5CDDsIQDTWJtSxKkvt/OFDqHmP9zv/9paxekUzZA9PyI46pJUt3gXebpbCIXY0t4JEWkVATbKODApohY2arCLU4uK4X7DMKHnE+N54xBXHX1cfw/vCw2xvlHnrgbqEkEgqgOuVIKIbQJtmdwFr1D5InndHMtPB8EmHXW/OgRRnzIJ/OY6YXTTVI/9f+SG4SZMkhBoCfOP1h3jUNAQWcvuuhUxt7/4JHVF83kVnmD0u/9E9ObTP/56mDcExANfQjLwsNycuyz3x1Zns54KSUSwZi6kUhc5HttypfLDB0iTZZbqHCIwQgqoAy1FzqCOILCd7h78gqgzDnXF2tqoW94klKAvOx+fFfdn62P60MTpM6Rxq3V6hdQ==,iv:XFuBTIQJT4ns6M00T3HWSGHdknjsRZ4cRZQXSsLiOkU=,tag:3flxFrWSyiuyiyxGkXTReQ==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:vlksLx8mgfvfu5Lnkv5DJrEUrsnT4Huknol3zk8gbcbowbB8YmHyjTWLEJ1MsAMJ2S1Y58ztnYmo+fXEoK0QXkiLjuIz6wFLZGUFhVSRQC1zUecFZgv74qAigwFcQ+HwFmYdCynNB1BXlZHRLMXYkLm4iyAGgJZw4zq0aown/DE0CYEtRm6oid4eOf3bdW2JD2TbedgQWB0wTVdgESn3kzT6xzS3i/7xlXwTzgDNmqW6noTsE7LsaUt7XM1y5R1Mcx3hYl3YSi60KIlEe1azavTjtM79uSoJabjBQm1RtPbbkW/+furP0/jgXXEz8N0qHmvH9CCu1E2YJS67RDEY1+Wt2YvfPA/wbtuUwc/HptbwCLXDdAlfKkIVOp3TyJki9e9RIYLAkSO5ljoJbeYZlzdeo1atTMLFE95o7q/Khj2w0pdLrkzMwE870Umg8DqlsxDcaBFgzPAbdWHNzr3gGQ97Jfcqnx6hRO4019gUx020NtZWCVg3bHTJO2n5A3G4OeG8mY/CFTZ3Xw04ECGj9aWbeHKXCGnpfsw12UbGYDUkcaF5UYb/Q5Ly6j9d5kVSPIBUihTiqdos2MmWQ+QdUpPYr0eeSR+5+3R7ld2yTla09jEa/ObvEGYRR8rENR3QwVws7g8+M8Tr0JeFGGrrhx4Uefs5Vrs+hr3UfupbBjuYGFsAqbbjgh9jGl2JY9bfbbxHdB5+72PrB6Wdg1E+Z64RBUR9cSD+7E7KZRBSMfEWGQEHgjAmizbr7vo//Xb1hcbRGCZtYc9fgDq5DYpe2UtT8o7C56TSR82nA++/GlzxoJgE8OrfyOpyqdTu3nIZmOG7WLjA8D+UQXhoIUXiSIw2RaKpqBvdoST+oE6KKu1l15SXJN+vYSKtecw3mjMfEBwN+OxMUXgJHKVIM/+W/LKmdc+yYpJX1ePoPGEl+N8xF1s+lGb4Ml6GYZwN2Jn/ePd45IQedw0Aujn4Wnh3kVZ3mjRCB24wAEH+Znp0mshGBJ5AEK9b2z3oPlGw7Q1Ii+prK4mD7ssvm3XfqRvew9JIYvkrcbUx8XlG48FOeV325Uj13H+GTiVgB45rz1nJxeUlEr+u4zQaUAgIFl/4N+akADIHmV/NyOOUOdDFXx+dOch5KiMZWNk9GDf3fxC+qkATIAPn9zaZ+HMc48wGTBsMbvWkRfOCSiA74Hf181ICAxVeJYlItTAqkSKRFI1M033dyeHx4A+jRGAJFXyyKL+4DW3J8qW9C3sMdc8yv4gWO80fwL5o8TUyO4yrFu87H2wQwAeZPzvE6TPZAYdcWgzaPss8HTMfvJ8g0ufC8r21EuLQR9qlzPUxgOh1DHVe3DQ6+cOsNJKrVuaKfFt6/KAzOWN/16x7HhjxIqZdZYV2Ei0XfbQbDz91cuQ5vfsh4Q5oT15Mc/AyoNrqVfdAsA8370hBVDPe052vuPwLHwOz87oR4FfP9pl3ynUGRhl+KDjHCpYg1+TYIBVEsPNzFBtDT5v4OWQh1gvou+gqdvb2W/RyM9lyEv44t7KqGAfgMPxNt2FuGgOTWY2drveVSi6K9qxgSqzFh82CxxyUkNOwSjajnr1Ssx1UTTMt+11FeeQIsMEKnokAIJTV78w1ZF/MwXDuqUGc/faunsNi+i/zIiAaJPz/F8Aa2hza65AbuQxnQqytEpTPV/DKXB+XgHiC02N3M8mE7qlF/zD3JWBt/IMThCaNT2p+c8Bckj5ce/9ESyXsNyh70A3Iw/f1Xep0tUVrQoKMmBU0EOFFHZqyBHsjpU3/IAWV9QAG/ysR6iBzHEbRIuhP1t/0IOKmZ7FeIQYGI0bBfyP1TumgSQNMCXCiUirPZEINYV2uRZHhA9SXx0MOo9EXgFNDRrW73RAj450nOCkY5iEwS9LXtswApNQiLXsvkbZ8eP7rwsvCaMfB5QtJ09eQaRjnz1pjiB+cXcweFwKT96qGFcfHzYiQCG7KIrGNckr2w+EZWLq6ivy1l5jwngKjMFfqJ/w1aI/qumWhYMOXirYf3HvGXaSSO7SWfpTYgSA0p9m99FKyCJeImew8Ef/QZKo6Tc+9zYRKuXeSlb+mdnXnPx0QOHoICGa2Fs4/OgtWAtWPb8H1PsvBtp05DctfOgrhm8g5XwOpqrr3NmR+dSjSxQVr49lBsB3pxRkffMB71pl8vzIYzlV6RDNMkPnFFge24wL776M25hyXqArtPU/pORBDaFhuD2RFI5unI+iOlqOwNGkf2Ta2MQ0QLiD1iaPy8wCIfViPc79E3cDC4JkP+TauS5dq9OjHTQz3aUaE4pnrM1DOTUld/YDjk3rXFdxTQ80I6AdVCWZGED6JrMjf6Kgww5Ygw1Q8pznoBBKy08nFW9BNTvRozYjYMH56Zk0zxFiw7iYEfYTXLYHA8uJTduDZh45wZYUd3WoMobNi5h+VjCOBoVhFAGdz+aUVvl080dtN4dOOvBcYUhJoBALmsWn6ODyyBnxEGuY+2Gul1jkDMs40ciI3BIq4Rtx9I8JdHhRrXcPDJW8WqkuevUxZYUawE8QC6e+ZqoPNwTk77yPsHloOuxRFcKAvwymQAR828nynFKnfA1zk8AEjVTyzTq3km/QLdKTh1j9EeKH2HZHkjTrCI/sS1MLfYelwAAwhg+h2sY6o9J94GPydYV6lGMvEINjuWRi03yeoIsUVbq+YWckj7wup2mlyntgtPb8RXb/i9IFbM8gjp7vPqn8qFUALT/P0dsQ/Tx8ObFdn6KLVEJikH8f/ZjdOi/k/a0xNtyxLtvJAWX6gMkSASt/oZQ8g+WjrholxNxZKbcJvOtSbaZjJ7MvOpjwx8GLWc6lH6n5sKAvd0Yo3jd5k1te+MJybWrMbLcwPUY+uUUWkY8OkGpq3nXliy9R4cpxsMs0VJ+9Z4dF8B7vpwLS2gfPqbCKxaCAs/u1KQcUuLOGBQQ4mjLTWvbPpVDSH4wQzWvucbWS8c42yD6RsAjJ63+7ngQ==,iv:k5QGyZdIRwKnMuVqG1qzu4iyaLD1HxvryjV+m4H7N8E=,tag:GDCtPo3HUjHUQvpV7dBS1w==,type:str]'
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
lastmodified: '2021-01-14T11:23:10Z' lastmodified: '2021-02-04T01:31:55Z'
mac: 'ENC[AES256_GCM,data:7aMFeEfn5MXU9M7U+rQ7fIcWG6A6BZILsvgVyEl+esa8EhEsOL6dRfITq2x+1t6ft+H5nRqbO5GyXJ3mhu7n/x5FBVVqBcZrvydojrqBWizXA4HQAc3t8OS3D1I2WLLx+S7mI5AiKDERGZX4ImiahSebqL/bNfpYdDQP+gX8+vQ=,iv:zchumZaGhTpyEEsJMMlW/e1vieqjVKT32Kiv0LuLPlk=,tag:q0vWzGZ8D4HYHTvdRymG0g==,type:str]' mac: 'ENC[AES256_GCM,data:2WFdA51KkN7/cM90p61XTPUjykAXqTYuM1mrGbh91GxRLVL0fBNGljCb5PCPY/Ir3xnP7VFQN6LtBwmLFdj+7spj4Y40srQBU4A2e8j9GzuhW14jtvy2de+2v2wG2BZVllyaWKbu4+Mzav17eK9mscawPUCefed8InxXiF3yV1c=,iv:XbAJ3aHV3kgo6MLGTYkBzWIGp199l1B5siXMiFBXlUs=,tag:Q/cz3bQ87/TwAAsikORuNQ==,type:str]'
pgp: pgp:
- created_at: '2021-01-14T11:23:10Z' - created_at: '2021-02-04T01:31:55Z'
enc: | enc: |
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQf+IIXYumKkSmzMHCoJVXculVowkez4aUI/OpdNw2CPWNDd hQEMAyUpShfNkFB/AQf8CFwdvykoBIMfsOO9bSuz8Cx+IFhJGwPPEsSId+q/EFdz
3Kzea6kTv64ef+kll9DhczP0gVlgUZ0p0MenBfmkI4qt3wr5fyRUVjUpfF/R8Gmc tCop9SpR86AB+4T+MtC46uH1+gcV3Ko/dlXP++49BQ0zWpzgfDxsnnuudZyNX19D
9GZf4myDD5T2wDJVCkNmO2wogbZ7IZaGdx0HV3DihvSGg0xcGBUaFp/zeR9vXTQs SFmlEHKBniKavLR7P3Qg8GJMpREVkjQTRgSnZdwttWXCmFGtnuhBKajautlqK7Am
a+CecTBm4+7uLnDvHf4Rathy3gnlLrLLdsJXRgEOJ2Fqp/JjoqFqsWOol9lFwALM 4J7iLGIiY1ynmig8JCJZ79CaSbyh8+/jmvjrx/17mR59HYUizH0P7FbPwAwDpoy1
yRkxbWjeL7ePddXBZ8QmOB/AB0RKSRQ2Yd9RXpp1gSFKn5NOfWIZsaVgdds2zOw5 lFh//AJKJ65Y51ar/hYC+ljdgE91UNiF3zsSETI+Lp0r5y7XG/tKeV+tqQGUdhvn
R5syWHhfzVylAxNrKJYIgr9hLje48W/Y6GSezkGvG9JcAebQzVP53UtXkwJSIjda L9m9eqrvAw05TD/o2DKZSoSeRKLcMlqNwxYko9YO9NJeAfc3RbCWltgTii49+srf
86WAFwpgpZ0sEG7zpSpxS8p4g3XsXjOdD2b0y/dwXGYK5oeOjb/wGYFf1EX0p0xk mwyCuz/BQwz5rRY6VP+QLYkDGmzEjekrJGqWZQP/BU44TihL06mv/mxY3xConG24
BqGQ8JHxikqW8oEuyEgeg96uEMZb1Vy7u657zPw= Fy5Mi9UmNwsJMWBIlPEREantjbVnboiS0Q0DN0OAIw==
=VfIN =+R0I
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
unencrypted_regex: ^(kind|apiVersion|group|metadata)$ unencrypted_regex: ^(kind|apiVersion|group|metadata)$

2
manifests/site/test-site/target/generator/results/kustomization.yaml
View File

@ -2,4 +2,4 @@ resources:
- generated/secrets.yaml - generated/secrets.yaml
transformers: transformers:
- decrypt-secrets.yaml - decrypt-secrets

19
manifests/site/test-site/target/generator/secret-template.yaml
View File

@ -1,19 +0,0 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
values:
template: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: password-secret
annotations:
config.kubernetes.io/path: secrets.yaml
passwordRandom1: {{ derivePassword 1 "long" (randAscii 10) "user" "example.com" }}

3
manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml
View File

@ -10,4 +10,5 @@ transformers:
# NOTE We can not use patchesStrategicMerge directive since Strategic Merge # NOTE We can not use patchesStrategicMerge directive since Strategic Merge
# plugin has to be executed once all replacements has been done. Therefore # plugin has to be executed once all replacements has been done. Therefore
# we need to load Strategic Merge plugin as an external plugin # we need to load Strategic Merge plugin as an external plugin
- patchesstrategicmerge.yaml - ../../../../../function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup

2
manifests/type/gating/target/generator/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- secret-cleanup.yaml

11
manifests/type/gating/target/generator/cleanup/secret-cleanup.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp_cleanup
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: generated-secrets
$patch: delete

2
manifests/type/gating/target/generator/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- secret-template.yaml

54
manifests/type/gating/target/generator/secret-template.yaml Normal file
View File

@ -0,0 +1,54 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
values:
ephemeralCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
targetCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
template: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: generated-secrets
annotations:
config.kubernetes.io/path: secrets.yaml
{{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj .ephemeralCluster.ca.validity }}
{{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil .ephemeralCluster.kubeconfigCert.validity $ephemeralClusterCa }}
ephemeralClusterCa:
crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
key: {{ $ephemeralClusterCa.Key|b64enc|quote }}
ephemeralKubeconfig:
certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }}
{{- $targetClusterCa := genCAEx .targetCluster.ca.subj .targetCluster.ca.validity }}
{{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil .targetCluster.kubeconfigCert.validity $targetClusterCa }}
targetClusterCa:
tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }}
tls.key: {{ $targetClusterCa.Key|b64enc|quote }}
targetKubeconfig:
certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }}
isoImage:
passwords:
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}

15
playbooks/airship-airshipctl-deploy-kustomize.yaml Normal file
View File

@ -0,0 +1,15 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
roles:
- install-kustomize

13
tools/deployment/23_generate_secrets.sh
View File

@ -13,3 +13,16 @@
# limitations under the License. # limitations under the License.
set -xe set -xe
echo "Generating secrets using airshipctl"
airshipctl phase run secret-generate
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/airship"}
export AIRSHIP_CONFIG_PHASE_REPO_URL=${AIRSHIP_CONFIG_PHASE_REPO_URL:-"https://review.opendev.org/airship/airshipctl"}
export EXTERNAL_KUBECONFIG=${EXTERNAL_KUBECONFIG:-""}
echo "Generating ~/.airship/kubeconfig"
if [[ -z "$EXTERNAL_KUBECONFIG" ]]; then
# TODO: use airshipctl cluster get-kubeconfig command when it's implemented
KUSTOMIZE_PLUGIN_HOME=./ kustomize build --enable_alpha_plugins "${AIRSHIP_CONFIG_MANIFEST_DIRECTORY}/$(basename ${AIRSHIP_CONFIG_PHASE_REPO_URL})/manifests/site/test-site/kubeconfig/" | yq '.config' --yaml-output > ~/.airship/kubeconfig
fi

6
tools/gate/00_setup.sh
View File

@ -36,11 +36,11 @@ sudo apt update
sudo DEBIAN_FRONTEND=noninteractive apt -y install software-properties-common python3-pip curl wget ca-certificates sudo DEBIAN_FRONTEND=noninteractive apt -y install software-properties-common python3-pip curl wget ca-certificates
sudo DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install docker.io make sudo DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install docker.io make
ANSIBLE_PACKAGES="ansible netaddr" PACKAGES="yq ansible netaddr"
if [[ -z "${http_proxy}" ]]; then if [[ -z "${http_proxy}" ]]; then
sudo pip3 install $ANSIBLE_PACKAGES sudo pip3 install $PACKAGES
else else
sudo pip3 --proxy "${http_proxy}" install $ANSIBLE_PACKAGES sudo pip3 --proxy "${http_proxy}" install $PACKAGES
fi fi
echo "primary ansible_host=localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3" > "$ANSIBLE_HOSTS" echo "primary ansible_host=localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3" > "$ANSIBLE_HOSTS"

3
zuul.d/jobs.yaml
View File

@ -126,10 +126,13 @@
vars: vars:
site_name: test-site site_name: test-site
gate_scripts: gate_scripts:
- ./tools/deployment/provider_common/03_install_pip.sh
- ./tools/deployment/provider_common/04_install_yq.sh
- ./tools/deployment/01_install_kubectl.sh - ./tools/deployment/01_install_kubectl.sh
# 21_systemwide_executable.sh is run in the build-gate pre-run above # 21_systemwide_executable.sh is run in the build-gate pre-run above
- ./tools/deployment/22_test_configs.sh - ./tools/deployment/22_test_configs.sh
- ./tools/deployment/23_pull_documents.sh - ./tools/deployment/23_pull_documents.sh
- ./tools/deployment/23_generate_secrets.sh
- ./tools/deployment/24_build_images.sh - ./tools/deployment/24_build_images.sh
- ./tools/deployment/25_deploy_ephemeral_node.sh - ./tools/deployment/25_deploy_ephemeral_node.sh
- ./tools/deployment/26_deploy_capi_ephemeral_node.sh - ./tools/deployment/26_deploy_capi_ephemeral_node.sh