From 4e12ce315ff3f909e528eb1bdee060900588ce9d Mon Sep 17 00:00:00 2001 From: "Shiba, Sidney" Date: Fri, 1 Oct 2021 16:34:51 -0600 Subject: [PATCH] CAPZ v0.5.2 Uplift - Reference Public Site This patchset provides the manifests for deploying a Target cluster on Azure cloud platform, exposing the API server to the public Internet. Relates-to: #600 Change-Id: I34789918b4be721fc518c033a82a4f8bce117494 --- .../function/phase-helpers/kustomization.yaml | 1 + .../kubectl_wait_machines.sh | 18 +++++ .../wait_machines_ready/kustomization.yaml | 6 ++ manifests/phases/executors.yaml | 15 ++++ manifests/phases/phases.yaml | 34 ++++++++ .../ephemeral/controlplane/cluster.json | 6 -- .../ephemeral/controlplane/kustomization.yaml | 24 ------ .../ephemeral/controlplane/machine_count.json | 3 - .../controlplane/machine_template.json | 4 - .../phases/infrastructure-providers.json | 18 ----- manifests/site/az-test-site/phases/plan.yaml | 17 ---- .../shared/clusterctl/clusterctl.yaml | 49 ------------ .../shared/clusterctl/kustomization.yaml | 2 - .../target/azure/kustomization.yaml | 2 - .../target/workers/kustomization.yaml | 18 ----- .../target/workers/machine_count.json | 3 - .../target/workers/machine_template.json | 5 -- .../reference-az-public-cluster/README.md | 69 +++++++++++++++++ .../controlplane/azure-cluster-identity.yaml | 8 ++ .../controlplane/azure-subnet-settings.yaml | 12 +++ .../ephemeral/controlplane/kustomization.yaml | 14 ++++ .../ephemeral/workers/kustomization.yaml | 10 +++ .../metadata.yaml | 4 +- .../phases/clusterctl-image-patch.yaml | 12 +++ .../phases/clusterctl-patch.yaml | 37 +++++++++ .../phases/kustomization.yaml | 16 +++- .../phases/plan_patch.yaml | 21 +++++ .../catalogues/encrypted/kustomization.yaml | 7 ++ .../target/catalogues/encrypted/secrets.yaml | 77 +++++++++++++++++++ .../target/catalogues/kustomization.yaml | 6 ++ .../target/catalogues/public-keys/example.pub | 51 ++++++++++++ .../catalogues/public-keys/kustomization.yaml | 10 +++ .../catalogues/shareable/azure-cluster.yaml | 23 ++++++ .../catalogues/shareable/kustomization.yaml | 5 ++ .../target/initinfra/kustomization.yaml | 3 +- .../azure/100_clean_up_resources.sh | 3 +- tools/deployment/azure/31_create_configs.sh | 2 +- tools/validate_docs | 3 +- 38 files changed, 457 insertions(+), 161 deletions(-) create mode 100644 manifests/function/phase-helpers/wait_machines_ready/kubectl_wait_machines.sh create mode 100644 manifests/function/phase-helpers/wait_machines_ready/kustomization.yaml delete mode 100644 manifests/site/az-test-site/ephemeral/controlplane/cluster.json delete mode 100644 manifests/site/az-test-site/ephemeral/controlplane/kustomization.yaml delete mode 100644 manifests/site/az-test-site/ephemeral/controlplane/machine_count.json delete mode 100644 manifests/site/az-test-site/ephemeral/controlplane/machine_template.json delete mode 100644 manifests/site/az-test-site/phases/infrastructure-providers.json delete mode 100644 manifests/site/az-test-site/phases/plan.yaml delete mode 100755 manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml delete mode 100755 manifests/site/az-test-site/shared/clusterctl/kustomization.yaml delete mode 100755 manifests/site/az-test-site/target/azure/kustomization.yaml delete mode 100644 manifests/site/az-test-site/target/workers/kustomization.yaml delete mode 100644 manifests/site/az-test-site/target/workers/machine_count.json delete mode 100644 manifests/site/az-test-site/target/workers/machine_template.json create mode 100644 manifests/site/reference-az-public-cluster/README.md create mode 100644 manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-cluster-identity.yaml create mode 100644 manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-subnet-settings.yaml create mode 100644 manifests/site/reference-az-public-cluster/ephemeral/controlplane/kustomization.yaml create mode 100644 manifests/site/reference-az-public-cluster/ephemeral/workers/kustomization.yaml rename manifests/site/{az-test-site => reference-az-public-cluster}/metadata.yaml (51%) create mode 100644 manifests/site/reference-az-public-cluster/phases/clusterctl-image-patch.yaml create mode 100644 manifests/site/reference-az-public-cluster/phases/clusterctl-patch.yaml rename manifests/site/{az-test-site => reference-az-public-cluster}/phases/kustomization.yaml (50%) create mode 100644 manifests/site/reference-az-public-cluster/phases/plan_patch.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/encrypted/kustomization.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/encrypted/secrets.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/kustomization.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/public-keys/example.pub create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/public-keys/kustomization.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/shareable/azure-cluster.yaml create mode 100644 manifests/site/reference-az-public-cluster/target/catalogues/shareable/kustomization.yaml rename manifests/site/{az-test-site => reference-az-public-cluster}/target/initinfra/kustomization.yaml (70%) diff --git a/manifests/function/phase-helpers/kustomization.yaml b/manifests/function/phase-helpers/kustomization.yaml index 1ec5b3a79..e691018c2 100644 --- a/manifests/function/phase-helpers/kustomization.yaml +++ b/manifests/function/phase-helpers/kustomization.yaml @@ -13,3 +13,4 @@ resources: - wait_label_node - check_ingress_ctrl - merge_kubeconfig +- wait_machines_ready diff --git a/manifests/function/phase-helpers/wait_machines_ready/kubectl_wait_machines.sh b/manifests/function/phase-helpers/wait_machines_ready/kubectl_wait_machines.sh new file mode 100644 index 000000000..fd948db60 --- /dev/null +++ b/manifests/function/phase-helpers/wait_machines_ready/kubectl_wait_machines.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -xe + +# Wait until all Machines reach the Ready condition or timeout +kubectl --context $KCTL_CONTEXT wait --for=condition=ready --timeout=300s --all machines -A diff --git a/manifests/function/phase-helpers/wait_machines_ready/kustomization.yaml b/manifests/function/phase-helpers/wait_machines_ready/kustomization.yaml new file mode 100644 index 000000000..f25c44d0f --- /dev/null +++ b/manifests/function/phase-helpers/wait_machines_ready/kustomization.yaml @@ -0,0 +1,6 @@ +configMapGenerator: +- name: wait_machines_ready + options: + disableNameSuffixHash: true + files: + - script=kubectl_wait_machines.sh diff --git a/manifests/phases/executors.yaml b/manifests/phases/executors.yaml index 8f616fd7b..8b08a1190 100644 --- a/manifests/phases/executors.yaml +++ b/manifests/phases/executors.yaml @@ -598,3 +598,18 @@ configRef: kind: ConfigMap name: merge-kubeconfig apiVersion: v1 +--- +apiVersion: airshipit.org/v1alpha1 +kind: GenericContainer +metadata: + name: wait_machines_ready + labels: + airshipit.org/deploy-k8s: "false" +spec: + type: krm + image: localhost/toolbox + hostNetwork: true +configRef: + kind: ConfigMap + name: wait_machines_ready + apiVersion: v1 diff --git a/manifests/phases/phases.yaml b/manifests/phases/phases.yaml index 987e8121b..188ff2074 100644 --- a/manifests/phases/phases.yaml +++ b/manifests/phases/phases.yaml @@ -36,6 +36,18 @@ config: --- apiVersion: airshipit.org/v1alpha1 kind: Phase +metadata: + name: workers-ephemeral + clusterName: ephemeral-cluster +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: KubernetesApply + name: kubernetes-apply-controlplane + documentEntryPoint: ephemeral/workers +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase metadata: name: initinfra-target clusterName: target-cluster @@ -477,3 +489,25 @@ config: apiVersion: airshipit.org/v1alpha1 kind: GenericContainer name: merge-kubeconfig +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: kubectl-wait-machines-ephemeral + clusterName: ephemeral-cluster +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: GenericContainer + name: wait_machines_ready +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: kubectl-wait-machines-target + clusterName: target-cluster +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: GenericContainer + name: wait_machines_ready diff --git a/manifests/site/az-test-site/ephemeral/controlplane/cluster.json b/manifests/site/az-test-site/ephemeral/controlplane/cluster.json deleted file mode 100644 index 0b32c7d96..000000000 --- a/manifests/site/az-test-site/ephemeral/controlplane/cluster.json +++ /dev/null @@ -1,6 +0,0 @@ -[ - { "op": "replace","path": "/spec/subscriptionID","value": "cb3e23d3-b697-4c4f-a1a7-529e308691e4" }, - { "op": "replace","path": "/spec/resourceGroup","value": "azure-target" }, - { "op": "replace","path": "/spec/networkSpec/vnet/name","value": "azure-target-vnet" }, - { "op": "replace","path": "/spec/location","value": "centralus" } -] diff --git a/manifests/site/az-test-site/ephemeral/controlplane/kustomization.yaml b/manifests/site/az-test-site/ephemeral/controlplane/kustomization.yaml deleted file mode 100644 index ef7f2e073..000000000 --- a/manifests/site/az-test-site/ephemeral/controlplane/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../../../../function/k8scontrol-capz/v0.4.9 - -patchesJson6902: - - target: - group: controlplane.cluster.x-k8s.io - version: v1alpha3 - kind: KubeadmControlPlane - name: "target-cluster-control-plane" - path: machine_count.json - - target: - group: infrastructure.cluster.x-k8s.io - version: v1alpha3 - kind: AzureCluster - name: "target-cluster" - path: cluster.json - - target: - group: infrastructure.cluster.x-k8s.io - version: v1alpha3 - kind: AzureMachineTemplate - name: "target-cluster-control-plane" - path: machine_template.json diff --git a/manifests/site/az-test-site/ephemeral/controlplane/machine_count.json b/manifests/site/az-test-site/ephemeral/controlplane/machine_count.json deleted file mode 100644 index 3c60b971d..000000000 --- a/manifests/site/az-test-site/ephemeral/controlplane/machine_count.json +++ /dev/null @@ -1,3 +0,0 @@ -[ - { "op": "replace","path": "/spec/replicas","value": 1 } -] diff --git a/manifests/site/az-test-site/ephemeral/controlplane/machine_template.json b/manifests/site/az-test-site/ephemeral/controlplane/machine_template.json deleted file mode 100644 index 4b4ecd969..000000000 --- a/manifests/site/az-test-site/ephemeral/controlplane/machine_template.json +++ /dev/null @@ -1,4 +0,0 @@ -[ - { "op": "replace","path": "/spec/template/spec/location","value": "centralus" }, - { "op": "replace","path": "/spec/template/spec/vmSize","value": "Standard_D2s_v3" } -] diff --git a/manifests/site/az-test-site/phases/infrastructure-providers.json b/manifests/site/az-test-site/phases/infrastructure-providers.json deleted file mode 100644 index 473cda092..000000000 --- a/manifests/site/az-test-site/phases/infrastructure-providers.json +++ /dev/null @@ -1,18 +0,0 @@ -[{ - "op": "replace", - "path": "/init-options/infrastructure-providers", - "value": ["azure:v0.4.9"] - }, - { - "op": "replace", - "path": "/providers/0", - "value": { - "name": "azure", - "type": "InfrastructureProvider", - "variable-substitution": true, - "versions": { - "v0.4.9": "airshipctl/manifests/function/capz/v0.4.9" - } - } - } -] diff --git a/manifests/site/az-test-site/phases/plan.yaml b/manifests/site/az-test-site/phases/plan.yaml deleted file mode 100644 index 627df5fbc..000000000 --- a/manifests/site/az-test-site/phases/plan.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: PhasePlan -metadata: - name: phasePlan -phases: - - name: clusterctl-init-ephemeral - - name: controlplane-ephemeral - - name: initinfra-target - - name: clusterctl-init-target - - name: clusterctl-move - - name: workers-target ---- -apiVersion: airshipit.org/v1alpha1 -kind: Clusterctl -metadata: - name: clusterctl_init -env-vars: true diff --git a/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml b/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml deleted file mode 100755 index 7ee8db13f..000000000 --- a/manifests/site/az-test-site/shared/clusterctl/clusterctl.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: Clusterctl -metadata: - labels: - airshipit.org/deploy-k8s: "false" - name: clusterctl-v1 -init-options: - core-provider: "cluster-api:v0.3.7" - bootstrap-providers: - - "kubeadm:v0.3.7" - infrastructure-providers: - - "azure:v0.4.8" - control-plane-providers: - - "kubeadm:v0.3.7" -providers: - - name: "azure" - type: "InfrastructureProvider" - variable-substitution: true - versions: - v0.4.8: manifests/function/capz/v0.4.8 - - name: "kubeadm" - type: "BootstrapProvider" - variable-substitution: true - versions: - v0.3.7: manifests/function/cabpk/v0.3.7 - - name: "cluster-api" - type: "CoreProvider" - variable-substitution: true - versions: - v0.3.7: manifests/function/capi/v0.3.7 - - name: "kubeadm" - type: "ControlPlaneProvider" - variable-substitution: true - versions: - v0.3.7: manifests/function/cacpk/v0.3.7 -# env-vars: true -additional-vars: - CONTAINER_CAPI_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/cluster-api-controller:v0.3.7 - CONTAINER_CAPI_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 - CONTAINER_CABPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-bootstrap-controller:v0.3.7 - CONTAINER_CABPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 - CONTAINER_CACPK_MANAGER: us.gcr.io/k8s-artifacts-prod/cluster-api/kubeadm-control-plane-controller:v0.3.7 - CONTAINER_CACPK_AUTH_PROXY: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1 - # Fake environment variables values so it can pass the validate-site-docs - AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK" - AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK" - AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo=" - AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK" - AZURE_ENVIRONMENT: "AzurePublicCloud" \ No newline at end of file diff --git a/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml b/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml deleted file mode 100755 index 4bc44013e..000000000 --- a/manifests/site/az-test-site/shared/clusterctl/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - clusterctl.yaml diff --git a/manifests/site/az-test-site/target/azure/kustomization.yaml b/manifests/site/az-test-site/target/azure/kustomization.yaml deleted file mode 100755 index c93698763..000000000 --- a/manifests/site/az-test-site/target/azure/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - ../../../../function/k8scontrol-capz/v0.4.8 diff --git a/manifests/site/az-test-site/target/workers/kustomization.yaml b/manifests/site/az-test-site/target/workers/kustomization.yaml deleted file mode 100644 index 01ba2e87c..000000000 --- a/manifests/site/az-test-site/target/workers/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ../../../../function/workers-capz/v0.4.9 - -patchesJson6902: - - target: - group: cluster.x-k8s.io - version: v1alpha3 - kind: MachineDeployment - name: target-cluster-md-0 - path: machine_count.json - - target: - group: infrastructure.cluster.x-k8s.io - version: v1alpha3 - kind: AzureMachineTemplate - name: target-cluster-md-0 - path: machine_template.json diff --git a/manifests/site/az-test-site/target/workers/machine_count.json b/manifests/site/az-test-site/target/workers/machine_count.json deleted file mode 100644 index b40c0da81..000000000 --- a/manifests/site/az-test-site/target/workers/machine_count.json +++ /dev/null @@ -1,3 +0,0 @@ -[ - { "op": "replace","path": "/spec/replicas","value": 3 } -] diff --git a/manifests/site/az-test-site/target/workers/machine_template.json b/manifests/site/az-test-site/target/workers/machine_template.json deleted file mode 100644 index b5059316f..000000000 --- a/manifests/site/az-test-site/target/workers/machine_template.json +++ /dev/null @@ -1,5 +0,0 @@ -[ - { "op": "replace","path": "/spec/template/spec/location","value": "centralus" }, - { "op": "replace","path": "/spec/template/spec/vmSize","value": "Standard_B2s" }, - { "op": "add", "path": "/spec/template/spec/dataDisks", "value": [{"diskSizeGB": 256, "lun": 0, "nameSuffix": "datadisk"}]} -] diff --git a/manifests/site/reference-az-public-cluster/README.md b/manifests/site/reference-az-public-cluster/README.md new file mode 100644 index 000000000..e197dda01 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/README.md @@ -0,0 +1,69 @@ +# Reference Site for Deploying Public facing Target Cluster on Azure Cloud +This site provides the manifests to deploy a Target cluster on Azure cloud, +that is accessible from the public Internet. + +## Pre-Conditions +You will need to provide the Azure cloud (Service Pricipal role Contributor) credentials in the imported secrets. +See *manifests/site/reference-az-public-cluster/target/encrypted/results/imported/secrets.yaml* + +You have to edit this file with the *sops* CLI and provide the following credential data: +* subscriptionID - enter value as is +* tenantID - enter value as is +* clientID - enter value as is +* clientSecret - base64 encoded Client Secret + +```yaml +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: imported-secrets +azure: + identity: + subscriptionID: + tenantID: + clientID: + clientSecret: +``` + +## Deploying Your Target Cluster on Azure Cloud + +First you need to deploy an ephemeral cluster with Kind. + +>IMPORTANT: You need to delete all references to the **target-cluster** in $HOME/.airship/kubeconfig otherwise it will not work. +> +>Easy to delete $HOME/.airship/kubeconfig file before creating the ephemeral cluster. + + +```sh +CLUSTER=ephemeral-cluster /tools/deployment/kind/start_kind.sh +``` + +Once your ephemeral cluster has been created you can start the deployment as follow: + +```sh +airshipctl plan run deploy-gating --debug +``` + +After a few minutes your cluster should be up and operational. +To check you can go to https://portal.azure.com/ and verify that control plane and worker VMs +have been created. + +## Multi-tenancy +The CAPZ V0.5.0 supports proprietary Multitenancy, meaning that you can create multiple Target clusters +using different Azure subscriptions. This is achieved through the resources AzureCluster (subscriptionID), +AzureClusterIdentity (tenant ID, client ID) and Secret (client secret). + +In this reference site, these credentials data is provided in an (sops) encrypted file (see Pre Conditions section above), +which is used to patch the Azure account credentials to the resource mentioned in this section. + +## Validating the Clusterctl Move +In order to verify that CAPI/CAPZ Management components moved correctly to the Target cluster you can try to scale the +number of nodes up and down and see if the number of nodes increase and decrease as specified. + +A more elaborated test would be to deploy multiple Pods, ideally the replica count for a Deployment to be higher than the +number of worker nodes. Scale down the number of worker nodes and verify that the Pods are redistributed among remaining nodes. + +## Troubleshooting +You will find some tips for troubleshooting [here](https://capz.sigs.k8s.io/topics/troubleshooting.html) diff --git a/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-cluster-identity.yaml b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-cluster-identity.yaml new file mode 100644 index 000000000..def50f40d --- /dev/null +++ b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-cluster-identity.yaml @@ -0,0 +1,8 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 +kind: AzureClusterIdentity +metadata: + name: target-cluster-identity + namespace: default +spec: + clientSecret: + namespace: target-infra diff --git a/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-subnet-settings.yaml b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-subnet-settings.yaml new file mode 100644 index 000000000..537addb62 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/azure-subnet-settings.yaml @@ -0,0 +1,12 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 +kind: AzureCluster +metadata: + name: target-cluster + namespace: default +spec: + networkSpec: + subnets: + - name: internal-controlplane-subnet + role: control-plane + - name: internal-node-subnet + role: node diff --git a/manifests/site/reference-az-public-cluster/ephemeral/controlplane/kustomization.yaml b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/kustomization.yaml new file mode 100644 index 000000000..2d5ec78b2 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/ephemeral/controlplane/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../function/k8scontrol-capz/v0.5.2 + - ../../target/catalogues + +namespace: target-infra + +patchesStrategicMerge: + - azure-cluster-identity.yaml + - azure-subnet-settings.yaml + +transformers: + - ../../../../function/k8scontrol-capz/v0.5.2/replacements diff --git a/manifests/site/reference-az-public-cluster/ephemeral/workers/kustomization.yaml b/manifests/site/reference-az-public-cluster/ephemeral/workers/kustomization.yaml new file mode 100644 index 000000000..cd127f1c2 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/ephemeral/workers/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../function/workers-capz/v0.5.2 + - ../../target/catalogues + +namespace: target-infra + +transformers: + - ../../../../function/workers-capz/v0.5.2/replacements diff --git a/manifests/site/az-test-site/metadata.yaml b/manifests/site/reference-az-public-cluster/metadata.yaml similarity index 51% rename from manifests/site/az-test-site/metadata.yaml rename to manifests/site/reference-az-public-cluster/metadata.yaml index b0f997678..1938ad857 100644 --- a/manifests/site/az-test-site/metadata.yaml +++ b/manifests/site/reference-az-public-cluster/metadata.yaml @@ -4,7 +4,7 @@ metadata: name: manifest-metadata spec: phase: - path: manifests/site/az-test-site/phases - docEntryPointPrefix: manifests/site/az-test-site + path: manifests/site/reference-az-public-cluster/phases + docEntryPointPrefix: manifests/site/reference-az-public-cluster inventory: path: "" diff --git a/manifests/site/reference-az-public-cluster/phases/clusterctl-image-patch.yaml b/manifests/site/reference-az-public-cluster/phases/clusterctl-image-patch.yaml new file mode 100644 index 000000000..99ac406e6 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/phases/clusterctl-image-patch.yaml @@ -0,0 +1,12 @@ +- op: replace + path: /spec/capi_images/capi/manager/tag + value: "v0.4.2" +- op: replace + path: /spec/capi_images/cabpk/manager/tag + value: 'v0.4.2' +- op: replace + path: /spec/capi_images/cacpk/manager/tag + value: 'v0.4.2' +- op: replace + path: /spec/capi_images/capz/manager/tag + value: 'v0.5.2' diff --git a/manifests/site/reference-az-public-cluster/phases/clusterctl-patch.yaml b/manifests/site/reference-az-public-cluster/phases/clusterctl-patch.yaml new file mode 100644 index 000000000..978435832 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/phases/clusterctl-patch.yaml @@ -0,0 +1,37 @@ +- op: replace + path: /init-options/core-provider + value: 'cluster-api:v0.4.2' +- op: replace + path: /init-options/bootstrap-providers + value: 'kubeadm:v0.4.2' +- op: replace + path: /init-options/control-plane-providers + value: 'kubeadm:v0.4.2' +- op: replace + path: /init-options/infrastructure-providers + value: 'azure:v0.5.2' + +- op: replace + path: /providers/0 + value: + name: azure + type: InfrastructureProvider + url: airshipctl/manifests/function/capz/v0.5.2 +- op: replace + path: /providers/1 + value: + name: kubeadm + type: BootstrapProvider + url: airshipctl/manifests/function/cabpk/v0.4.2 +- op: replace + path: /providers/2 + value: + name: cluster-api + type: CoreProvider + url: airshipctl/manifests/function/capi/v0.4.2 +- op: replace + path: /providers/3 + value: + name: kubeadm + type: ControlPlaneProvider + url: airshipctl/manifests/function/cacpk/v0.4.2 diff --git a/manifests/site/az-test-site/phases/kustomization.yaml b/manifests/site/reference-az-public-cluster/phases/kustomization.yaml similarity index 50% rename from manifests/site/az-test-site/phases/kustomization.yaml rename to manifests/site/reference-az-public-cluster/phases/kustomization.yaml index ba1515561..5d9697959 100644 --- a/manifests/site/az-test-site/phases/kustomization.yaml +++ b/manifests/site/reference-az-public-cluster/phases/kustomization.yaml @@ -1,14 +1,24 @@ resources: - - ../../../phases + - ../../../type/gating/phases - ../../../function/airshipctl-base-catalogues - - plan.yaml + patchesJson6902: - target: group: airshipit.org version: v1alpha1 kind: Clusterctl name: "clusterctl_init" - path: infrastructure-providers.json + path: clusterctl-patch.yaml + - target: + group: airshipit.org + version: v1alpha1 + kind: VersionsCatalogue + name: "versions-airshipctl" + path: clusterctl-image-patch.yaml + +patchesStrategicMerge: + - plan_patch.yaml + transformers: - ../../../function/clusterctl/replacements - ../../../phases/replacements diff --git a/manifests/site/reference-az-public-cluster/phases/plan_patch.yaml b/manifests/site/reference-az-public-cluster/phases/plan_patch.yaml new file mode 100644 index 000000000..182f5689f --- /dev/null +++ b/manifests/site/reference-az-public-cluster/phases/plan_patch.yaml @@ -0,0 +1,21 @@ +apiVersion: airshipit.org/v1alpha1 +kind: PhasePlan +metadata: + name: deploy-gating +description: "Phase plan for docker-test-site deployment" +phases: + - name: clusterctl-init-ephemeral + - name: kubectl-wait-deploy-ephemeral + - name: controlplane-ephemeral + - name: kubectl-merge-kubeconfig + - name: kubectl-get-node-target + - name: kubectl-get-pods-target + - name: initinfra-target + - name: workers-ephemeral + - name: kubectl-wait-pods-any-ephemeral + - name: kubectl-get-pods-target + - name: kubectl-wait-machines-ephemeral + - name: clusterctl-init-target + - name: kubectl-wait-pods-any-ephemeral + - name: clusterctl-move + - name: kubectl-wait-machines-target diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/kustomization.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/kustomization.yaml new file mode 100644 index 000000000..b81981cd4 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - ../../../../../.private-keys/ + - secrets.yaml + +transformers: + - ../../../../../type/gating/shared/decrypt-secrets/ + - ../../../../../type/gating/shared/decrypt-secrets/cleanup/ diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/secrets.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/secrets.yaml new file mode 100644 index 000000000..7abe12ea2 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/encrypted/secrets.yaml @@ -0,0 +1,77 @@ +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: combined-target-secrets +secretGroups: + - name: azureIdentity + values: + - name: subscriptionID + data: ENC[AES256_GCM,data:Dv3YC68mrrxXi4ifCCshxvkdS0b2CRLukKAlfRQMpHUwc8wueA==,iv:jDtyqbjyI0OLr/fvkJ9Od/E+T/OvQnhqqAK2CNWaO4M=,tag:X/l5wIVeg+PX46sz6z4cJw==,type:str] + pinned: true + - name: tenantID + data: ENC[AES256_GCM,data:MEnegDMZrRZOIJhZkSNCXMHuiKqrHwqiYolZItJhPg==,iv:JvcPH2fPkj67Xg3CyIM9/xjdujpSdh4d90ENRBF8D+A=,tag:HZAiwX4I9DM0MeBz/B4tNw==,type:str] + pinned: true + - name: clientID + data: ENC[AES256_GCM,data:bh8hwdok64vKYa410mAWjRlN1x3kpT7jcgoKrLSzqg==,iv:JpMC2qmLhpkYOtdsD3eojB9pn5ZJwdbKX8eQvrWctt0=,tag:Q2upiE/cIpjiCwgtuR6VWw==,type:str] + pinned: true + - name: clientSecret + data: ENC[AES256_GCM,data:2dmtNnvkfm7w+/iK/fSXbhJBb+N48u3FGONGzWHH9rinb/nz7IZjWl/OPJ8mAnpKhW0C7Q==,iv:SaZKaVEUup7wxuODA8UfA88a9ovymFFjOOyt43bMUqg=,tag:vJTyUfPnU/+P+VJ/c1vatw==,type:str] + pinned: true + - name: targetK8sSecrets + updated: "2021-09-23T19:13:19Z" + values: + - data: ENC[AES256_GCM,data:xMWXeoNm2e58QrqTXuphU9gxAcQwibJpmeQQPUHClHTpXK0GOiasTsNdb4Jh1EyGiBaLicHG5dKd3W2p9WFiiR3KL0OdGvvp3vMrrsjB1btoE6DdfiP/lLteoxAlfKGlXG68YXEy1NTpYIKEhY2eZ7mULff5tEjAclO5SPBnJvEX96HgKSriSAXgXanVXDVT0D10hIV/Kj9DKl6k4XbYdCdUpU6yjxMhUL2sfvIWap+CJmf3TgAJNYxdfoKBxk5txEUsyTvZlHNL0brnwbeJosmsqIEuyJsX94fNO3Jl5LkAmSBiA9EObdqlPq9WXV7M94axebLsobgyJXFszsVh8czp4rSxnYZ+t7x3QKM1vuW+FSuAfYMa8UuRxwdHHMWqykOR3apAtsS5kdFAjZmqyhJ6uiPFrdO+q37JYK5/ccrSD6pFEl2YXu2XXiyqw+cUvQ/kwhPRSuX5euzYO3Ne0+4SLFgdMfdWb0vdCDqhE0nw+usHAz5qTrsa2cRV15R3t9TuL1TOrr8tGhvsXjnVLQks4A4qz2Lst1dayFafPtYHm+4Az/R8IePfAjLc1nt/uUvQ/Hd06LpgoLNxWgkhOPrEdEhnYIagkItO1eXAF09GX6fJjY3i0WdS8zc9f07PmuBnS2F81maoo0ESDCjsiKtRYJNqTLw8JvQ83XKbXdW2DZDdy2EqnMq+g6YA9CQ7gDpnOp8OfWaZxJ+f21DARxfukneipnP55u4/IlF3YWO4EkG2oZC6zJ+cjjiOJMCyCbZk/2Dy58athj+tf+CPfv0UURLrfvUsdHqnJbHlvEfhrkSM+C2ivpab2ScaPKXEuAKcgIYaoeEwrzDsg39y10ZFbnRETGMm39IM3CPlMaQDhcIXnGgD1daFcQ35tU05mXI3elUA1aYc7Mimn8tKEIr0qfDWwABzkzZdLJCr60bDOsrltrRNtMmDbwZicrweeGjBTf3tz8+uXWGVsjfd7P+zDM/W85NHIvya4i+hLrpeDdwNaPEADW3en8xUlHtETtN1w4lSwHOPvSM3YRhOyv2gYhs7gKk5WyvBZFVSKzAAG6PMjlzM0LxzChWAeWKXHtdondcA40PJLry6AR3E8IF+z1vfJgBJcYW4dWsvV0Xp3vVW3IucoZ7Z0bA0oXDhQr0ZnOsphmTJchcItLr7XEmDXnd9a4pRsnwtCj/CDLw55SbX5xRqyt7MIBMETnQarn+4NIHSRHkr0U2YaYwvuoUDP6F4bbF+crJk1ExAJVS7Bvkiheq7/XdpPAl03ZsPML8+uPqrRlmBAUAbTvkvzDD326Ni5J9uPUNBFNStP1gz0WMgLAhRHPztB6E/YMB5q5vWqO6OKIxFTsHQC5rKsZAdkRhQeMk4LgthZiVMrXUSB4Uc58NUaRSiAk4xlnuYaTkqETr4nfXGqVj7wkuMmh2VxlokATCpq9OUHp6vlJS8u7L6lf1hzOtBeX3bCzm8x3zUQNCFyVjNCkqD5T8XnHcuuBsDiEb5mA3zFn1H/QcQ9ADnAc367gIFcq3IcVVk45NRSyP7tSUT9VNejegWiC09uuEyTC0oIeo9s7JJU75fQzmSojPD1xcadx7NblgCPH/LLU8rgjzbXpNfyepfAuEIiRMjkZ8ThyxJTqYzEhwheL4wabquqPBrPLoob3R5SiSWetl3AI9OsqEudzodbrrsa29vPAWUO6y98AG0NgyCn1ldQXV7ANvaJFhAJnX8QaCiAkgsrejTieYPs6YcGIT1gplU0nVWyB7kya013hHuMfPf05zKLZ8MWqhIP9FWva9Hc6TSauaqYzZVUUbnjhGb9zL7XUCHXDdQ5nukkMIHst7oUlp5YdSsBpyKYnoKUtjvdsILhyBPecP3EwQYqnPpmzu5DwFrtMJfF6vwwqRM96HPW4zhYMHMXBF+AQV8DOsZGeyDagWJ29xZH1rE/o0WVO9Xt3jCZ3LIp7CUAoj1Y+vpOlzPqToedcMC72Nbf3mB3r+0QedIeXF7qBjAKxXGfRF0aS1umHUp5K7mL/k=,iv:bkKvZD52af8kPpJjCr+Sc+xw4fR3g/Cduwbf8glsd+I=,tag:7M/w6lYTQP2tznjbgAaVag==,type:str] + name: caCrt + - data: ENC[AES256_GCM,data:gMJ02tJBtk9I1GOe8gCGtskhCSvwh3gWJ6o6YuJR8iTXEZ1MQF9Ls6x9+NFNCbfYSDWk6RthyYl0pwDEn8uWVWDfLSRbCk4zBfAiDzvUCgEflouE/0cmb/u58SUeEq81LUxxg9rf6T6FFbLy8EVYpb9kpxrk506aJ0ReQUdINnSlnRAH+z5MitBs3FR5/uQIHDqEapnxuB0Pa7uKqVWuwsp1mDBzp0BGY2tQL9hU/F1XBOU65KkNOgV/RVz5zQv6MS28gYKUNkfCKLMjG3RbZe2OupIPrngp50Af2oWnRZQezy30jxW30bfeErhbmU04T8QoXe6cKMiW5LnuI9Xl0Qq7pCBL+JAfFdHkQdsmr5UzagOWlfKauUtgIigwhIFe/qtUWtinZK8qlrcnqwkOKnKDUY//0KdiFZbLBwttZH5it1bR9qGquK/prTlrTYrJasn8Yp+sVeOjVA9VTwqAeOX4dkyGQM8psgyIqxcOp1NXEzr/1vNhPRsn9ZSvUdGewrevSPsShF5SlaAztrb6+9dZIo15EIewEQ23zG4UNCO3hpGKDQxcQ3bIvvkw84hVhHSDRU2TQPUUylSXPuw4Qj9/xnpzLqHEOXtkxGk2r5M2/kAwgHsYNgQEBdT/cSxP9kMiZR16c2dbU9eC1UugczR7J7qj1LbduxWderWYiOQEcfv1FdXOkHEbi9tUzlUaHHZ/ow+/W8JZt6zFBLToc0WLUMH+mn23MgFzoFo8JnySzRrs1l+frtAHrRpyOsBn33NWGJfaU4V09XTl3umYeX2V7LHtY+Vm2yxIaKrk04FtBZpWfbywiAvnUTt4VszXttsm+hWPDR/qOqD9cLyA7qFvy2XtizQMEEd/I8e3ia41cIhhNIJ7m2zjq1EU2q8ZOYKb2ffbumNuESm1+p/AZTHCdEFyp54A9A59u1dH5goPQ4lCMF4lAuzbogcag9CPLqSDw9YVab0T6o2T7Uz7bTw5MISNLnksXYB/UGj674kjxMsVTbVJGi9H3wetGXT6nR7cYai2NmJd/OOKEldOik9I1jxkHYImMlVLXHxyrBOY7s95HRyVBVozMmLHE1tLaWCukN6CwaF+NdCSKp/9jKQaxF6eAe3TnjTDcezGOIZudSnooce2J5NIsL1xyeVCrtzmmiBibTk9dREG3OKr9/YYSmSePNBD34Sg09MfHlz350qB3oRaGxPpW1HpxNB9rpivq2JtE/KbXLnnXGbK7841i51KvRFP0I/6TuILGWQQl+E0yqjJx7ySJ7WUxg1B0poefLiDnkqdMH+VZbKHEzVyjLUavkWsY9wTBG6N4HrELcyplMPRxdRw06vBZiDPT7FOGYWADkhpQbz6Xtqdavy7VUMNOCL802J1gdvX0HYv/vHPtKkTIf2Ic/S3O17vLj1wMOwko1OgPaBuFWFeHiVk5kw9mTpGK7ZZ7FgkjzcKh5mzj1seSD+iqfxBIzEvNGatrjzeqfYvqpMOlHeF8x0CGs9NSBd2S6zHqC6umDFDgy/R409N+fkW9LpcOGSbGjTe4K95YnMeaVKJAQ11tnXVsJ/ndE2OrJeiHQ4/C5zy3rSb0u+QG5UznihieckP/2jsyBJllk8tYonys6XouN1eqWeBVfXL5YbYPbu8EjuOjXeC1US2iodCnbDj7RwhQHJnR7bzR4kgdNZWjhzqwyHEQYus3quZY/hnP/QCoa5u4eYV0KiugeNVM1uVWQXs27oCHOF9E44LZbpyC+LsAjKSIZwPbF6mQO2tOwPD5tk+EjC7HVJBN56FaCEwqo+ELO4ycVfSDs4v6aenZ2GJx0asQuHMflYnWKgdUMNpl1lS3QmrpcKJP/3Gfn+sIJ/jsd2ol6x1PpXn17P87HhoA5M57xWM48W9LbNH/bd7pYBE3CZchxVxwmFXbYvcv059vucZaqUhNuCEyk7EeKpKyMz09yaZHAHc0wnO1SE9QgjxsQYZDCoHj8veACVqB5HBz/ceJ04PlPOyfcTB0CAEBPzqUqyv8D05FlIiBOOpi/AAaBgQ2NeUqV3zD3sEEagGUM8kUNrf7ucU2/1DC/lKCj2+yopQabit1WyLAJbOzQRIJsMzBe5I7iiwUGD7t3m++z7KePCnucA9uNFUUm8xQuf4ksvugK5J5qWO2wojeDjT+pdzNR2/c1dsoaxqMhUZDZrfFwZmjcYrvDzIayQQ3RudGRoIf5sDsJjk/iDPH21oQNT6PIQhYmZ9tfVNmWUaWK4Q1+hzia3X9+ILCZZg3+03uvWibj62yUbAGzdLNDts5jjxgKhyYnAJ33I/NbctUPxv1jA32Sp16L1Ji03Y/d0oYW61cSrauQ/7x2LluCeJdj610pd6zKjlnxv5ezACzznOT9Fup+rGF7F+2z2G9bm8MxDwXBupHOIYIzriAl94NUUzDLWzZjO7b3bcaKHGAdnLjYdWD54al2ty2pEta4kYtfM9z+rBpK8tmSQnBoRb9sqCk+JNHJcI729vuOgzy//8dRLWX2VNf97m1bFswsG9WlqUNtQkivcls2nXS6UMzNUPvXsMvJip2Q5d2YGPAtqo+beBkiS71jX1or7M0+/iHmWIGSQc70FWZ1mOMo7PkZQ5jKEd0SuJpOlkB2+XCIz5zEANX8QTtSYHUjpOm0gTAxW+6U9MwE4IV9XKPWJgci62EhWqkcqf85ydZFszBuq7+JeVXOV3Vjqlz7qzlxxVbvbBIJ+wlKyI+RDQnor19JuVmCwOG+JiUwUnBxLRtHJWEV++0m8wdAU4NGB4vajWzMNleMSyiP5E2Jl9KjBn8hGJYY0tAOx8iXvHeMeGN+Qey8pChCWk+pxkGNl1T5CjBRyWjwxU6A4N9X7PVB3YNrBi0/QIwEoPS5B+N+c+WVzRW0v65fmpCf1Xg7+v9vRN3W4/fo6HYqxy8sqjgdR5rNb6j7x+b7Q6imsz4AlQ8qbD72LvCBxHziQzoSp+lHfvHxo7OyZ9/66QhA==,iv:Xe3QBl5rJnzRM7Vvvl72OHbu8411WrL3mRQxo3xyG3o=,tag:kAl5nx+lrlcrW1FpTz6rXg==,type:str] + name: caKey + - data: ENC[AES256_GCM,data:fy/Jhrx9c0TlsHvrRXvvYbdvDYVLLADGO0ost+VZoN0t8a8AYAXERhgtXjtTSTeQLxvmRybNCNxccfAQawnWCls4U2j0ioxYOHKAGuVwb3cUMT/4LUxDfhpeR4V1C5UIjV6xintreXFwhHEapR+52H/CAeeBEBEkDIN6NrK0QdwXap3H9QUGWRlzdMXo1oGb8Vltij9lcB9AvcbkDLOkOQ1YF06evSJyy6CWoYua5aqJTK8QU1hoNjYNPmEDPRnAaNIbG7vGihfzkZBt+HAI/MUvJl8Pg6d3d0xHMQqEOb0Oxy1u4eKDV5AgmuKHz/Z0trlj1X5Q13LSQHulAEDDFMuRlyzKZ1AP2V/oOoQ4IaQXdZ4n2V4cJjP3cGQ9+CUv1b1GcUDBTRh8gaT1NMBt1mE1tzAVvw5rXtXpmX5Q9+XnC9nf/rE7VSWxPgueF2m+TtkU5I07wMlw7TGHTJJ99Wv2x0ppuHWfesL7Gbu7XepuUzD3SXvL7Fcunl78jLlp9fFlbkc/BnJwTkG8C80a4JtWOLx6pHCzLv/Tl7nr1DTwKqdbKe651sRzUYXPzpT6Mu7OzNWrJyqbqwkVp+jBSq/3BUNJZNwxmGrkyOSzdCbKdMorojWJ0oYg+8EL+vtJ6O+E/mRIq8yUrWugbh4Ox2kO5pkkcA4r2Dzki73awU5wr9vHJ9isARtPPsMpUNxbrvxqQzWl3WFf3QPxs/iVS0ahyNt0W5Igb+N7K4Dbxcu0USSKtEgqecCNX2RNBpzNJ2PkK9R6RNnmQ+HWPPP/gVYhby14RhFvBekwcFwYo5d2PhfvmFh3GMpzwt6F1MBq1kMQuvn8VHwLf80E0zR6P3DU8VGEwLX767BN86vlaVbMiPRr3sTxziJpoA6YUpA/rEHf+SNpXaWIFD+brYR1d/SMfs0N9b0jePPZskI8QFysqLxXbxMnDKbbkIAWdGnuwlt0EEd0lXaMz3Zm7fvB/9QQ6Nxx/zn3+HDbxojrex+m5t3QK1rPLMrFKNVaIIRcju3lKZNfJ9a5NJkzrT16Fs0X+MOe9k30BkPAiKirB/mmSoJ8ysn8wCXDfiG12ogagYDgbeFfIB1EgxJNz90sASDWifJ8FkulGkNhbCrax2kcU03eq6t+iViug3IX3F5p38kJyL1EU+1EoUaElgdeaBH5lzDm2lRVwCfqGTKTi2MkDVbdqA5GOWDtqlRFMrKE+i+FwyJPBCh5nhrMbWQ3CirpgynLaxQk99Y46HVd+c+2Z8Rb5Gg8CJGbs9MhGO+Y6Fz/LUB/0PHq0laLxBpeM+AxNnYxn+dv5QkOxidcMU0mKIUuHr1hBk877hbq//n6CGdZOKRRbP1efBWUw38TbHlZgXgqSbK/zRIq9RaxUJIQLEJhe+cdLANYxWxWrNCejJCOSJQnH2nKevozcX2AlgpVi5jCQYhkLuWNVFFjRQZKascSbVas5SQDUN+2BD2oAPw4OYcuTddD8Jk7jc8u15xTnbs+b6iy1PiyvAksNlzWBJDSAtLCJSjbS4JFlqcxRI4Sdqf8cBCLPLXqmZxvtDToEelh6XF4tVQqa/J10Q1p6G1JDHezTZ6IYpHER9W4ZvmvoLai7OP4GhXnQiXntViIlJf1fNg6ekiQ3EzZVwwVwLQ4R2GvZ/FlpkhsVrP4PTInw9tBT4zuljAHG+KADwNa8daTWaL6a5G4q0GQqBC4UB96w2XsQrmz0xtdsWr4kOVNK64zDDewpC6sYyIBMqOkQRpqDWDmXxtLzoUKT3+BNWwxxIrOimhKjcLa7IWA39It35NXI0GHnOkgG4XxTZZ116UErO+LjkN3c0w+m8KlQnW6PLzRfk8uTpNfTnFchZnt7o7SXpl0nbmOptNJxSmHxLwPyU4I0r1l91zBCIfmWxY3d7HWW7If06pBLZDY4v+tlPQcOJeDlTLpQA3UK8JkK9R2ZMu2yHLMYX52u3qqYE5ClR2B/Gs5mg8s0JR4hthewPwi/NHnLb2OMACWRYPvkAwlqs4+0KUVSs736JqfTsWRnhQuVUUTo0Noc2HFrEw/hOqlk2WK4oRG,iv:Aw26uOLDC7cShsT6e9YLxq3HM2p2hAdMuVPus1Mg+Do=,tag:mE48NYspBBKopGearQX5UQ==,type:str] + name: crt + - data: ENC[AES256_GCM,data:Qn6UWWW+JZ+57kfhH9IRKqlUHPyrmpmXWTKC6YweVWvQ1l2mp/eF9/4MPN2E3D7z85tppZtCVpxnH9ao8+YjZcNV8WBpJ5AJSG4oAEGW2B2vbBUx/B4eYFAzP5bAg2yZqQjmzg2MVZ/0if60Jd562jTUO1XZk3hh9Js5qbJb6y36eTPOF4uoc7QPQrRh0Gwjk4qxzTYMCoJRbHZmQ1LYM75x9BqVb21+W82FEJlmpk6yp228rmaWD7Z1Bm8GWoiu3zs/tYPMVeN8ryrhuN4z8N9R69SiexUVJxOQkN1oAJyzAtM8495NZoPSeFoDDbOc05yssXATp3cIL9gtzZJ7/0Nf/t3egPogvPNFU/bSgvPg8xpMQ1307Pi1GVP0rmSyyrk84BD17pRK7O+2CKpwkLPXe0mtNnepLPNdrpwyS8wOmC7LUQ6fZXK2q4TEhZjWnzqp+gTZVTcV6VXt9T4LgC4EyuKuAmaKtJBXeOmDBIyUMcne10THmM4dZBk73hHd29t6YWKABTFUKFjOXsKsDp7U8JLXBBIWzYl8OhwncYzSeFqfn5lj2Kiw8Xac49QhcBdWqJqS9OZZ9OeelbSKt3NMMfW3BqEEq/bWz7evW85GrDjuIMFwYudt0nqTAI28jQIYw5FxkS3o7+NKT+jM5jAWSi4MBTrOJe8jbrekA7lJ8sxmM/6u8wRVP8GLmw59vbGpfBLy8Y2gfXy+B2Wymp/Vw+jiGNZo2OsmcJtCMXAp7eZAO8pH8upVTv5KCNW9Icoi2Iw5nxwYkzwEQVnd1+RwHK5c5qA5s7EGfUAakIuLsXWppATJmKf3Ilgx3naT8P0D3yXsDHm2gkRZx9HvAWGbcdt1/CxBMEJOdrxlop3v3CXXR2MoUekQJ9HUU9LGhLwn4Pep9uhPUmjnLKP4nb6FwREx9WbebrdulBX2CQBqT2LP/BE6wdr4UHpKOOHJdFfvVWpAjptCEKNGkiN7Wf7aLlf7aQlrkwQ6MtX68y9FRkyg4bWH6iqVdKbk39njXbneFtzCvbAEVmGI5eCwUKEtsxzu6GCfG1Qnt3B2dV/sSY/lYLnWJmKkcRSIgHmtfTXGhrBPWPNwJzduAG+jFakD2oJbfg9je0okPQFKfQmOu5lIRriJfrnL0lourVMEk97HCpOZU74JrA/RUM1f9N07aIliMgx0xH0rWPshc+YBBYTncrDz6j+L1UxjqoWDveVI7kFzO5niPibka5qolFVwFcOmMdSHIuZ5BdcOr8wFtyMi+7/utjyL4EmvHNIMqemdMztZNE6vP2MD6y7mhUaP0zaMVWw0WwTUSWBdtKcIeUdgVa55geoDt4K+6KT48T4/+TneGmYwm5i5c04i7o11k0wmFH47m3B9AtiOqbMU9XmfbMGjvyV0YovK9BYvPJ0rH32zWAtjNtd/+QlrVER+Kc0EKGL+cgD202FQslNT+uD5mV+QiJ41Lx/VFxeJU7K6BMniZJQkt7+gxg/WG5D2bt/YtWwoOCJffi3XudLnbFe80hr+u5jvLG9RATjs92YBqM2ek7yrtKSiwAoFe0bwk/yyLKS5at47q/dlZbPHCGjO3sqi67aDBNK12/50Xjs8SKu6JQXapF4lJj0DanrOn6ZD+z1H/HAJggPIAZ4nK6F0QF51b3UUZnq2Fk6ndg4J/OtK+yqpayxFAdew2B2SAlbzz/yaJks8mIMqRtbKJKr7S3DUDBe5eNPTNlr9vErqP25ZIc+yTF+Eg52IhcQ32Nftwy/FmQdjCqwTzm50MzooIHChxYViDKd+lEiIcg48faavjv6S78OgaiEYisi4B0ptN4cQalgTQA/Vy20KLBdGm3AHtH9cShM6MPiffUVBMWT2Zy5WIPiL3ntYJVAU5S/MDFEWJC2WQMzDm5VBMEBhiH3GdIPecoFy/98VzPDXF9USQH6k29XbYKShpypb5mevIyZzWT2vDKEqZivSmRiBoYqZit4bqASsYuBrRKSi/KyhfKax06pwh+aSxG1anMheyXSgYdbriM8t5cTLFEqNtr7Q0i3T0IfxmLwwIbbomz8M4wifzoD3rwI8v2N3Z/iKbwuxWuhBk6ZLab/goosiTOSD/37bkWSQE/ewVLZTiQKmAGYP16n9w/ICfvyAZrIvXM3ChzuQgTp82cl9wQPLb3du2DJS6TUts7rHlvSotL9kTNoG9pPriI/t3/XP0e4Iiue6mWprqFjr0CQJumJmU92ugMxTZMagUpF9vTyZMHkY1TIplY3wy+zKZztUGAHeNK4qnP+ojKeynZds5WRlM1V2j1PkErwmg4RhAu/rzPPihdft8eTwFRRYF8JaoUb64HeNt7ysCaucN4NBQL0LFsIdMwyliPxsQ4ALtyFQ4eUsRbtw0Q/cHJM+oiKb1UyLAhmepPP+ZvSLIdBGN15qKZOH4H/2kLmPVQgW8qY2jEObtrnJeM8hNfq18bKz0fvphy5z+6nfSM4zw/AOdIeSPc+aBgvkH1Ukviznup+ograVZz5JLT4C6c7cFXOu0j2hjXzRI+Vki1ODw7azZv56R+17vzS1wEIoc2nP8pRQQQ9qV9Kp1SJKRY2JDqxqVWuSyi5JGNr54fCRcDyKpk/9COgisstrvU5gR58lQoBgDbzLG/Xf6m3PbJG0kuBowbwUjNI8lNvB+1Lo83QQw9XWIDq7Q/NosdafgIDPnLv3jLldSHmK/76tHy22Nq54tuzFkt0jRjM0cAq9U9w23Xe4UZGUwGaIdLXrGveFPV1d5DbOHzXOx1uROpV47J/6oyGggA9B2Ww+eNuVvYO12R3lT9EP6gQftbchWnHOZhPc0FOJO4htG4OEZs7EHcN4Ki7IgTx66vmWTJURG4rRtZoSKz1jFQczcSYCR8dpDGqRiAropzDpGYVP6JdyVakzwAh8Kl0L+3GNZNKpAlnvXVyWuDqejKBUCWkmZ0nFiuVJ5eYVo0t5jDvv8FB2bL9LTzPjL16Puc1BICoTJrY=,iv:Ab4tJf3LTW45SbDy6qs9owM6AmcZFi9K4LQeXmll7jE=,tag:vNZ9vbr3Ttfv5eYj/2y4yA==,type:str] + name: key + - name: targetSshSecrets + updated: "2021-09-23T19:13:20Z" + values: + - data: ENC[AES256_GCM,data:41OK7T0IzjKmPVQR3nonA2sqzCXNcLTVDYGRHCewZUCTXF6u5G8EF6aEQZ9ZH5rC48c953CXVUu4B/49Cs2QRhjPrcjllxYJ6DR27AYA1BdeB3R9cVuxwktwGrEyY0EKC5bsnpuhANj8Cumn6jaGDa6XGzKElNUfTOB9cr78LNeAUfXM8rzvNg8kLRXW1YNLJppeMwdPGgKYgDzc5s4voPjUu5V8acL1jXCdNBjEqrGRCJ5SiS9XBtQJbtsCKzTQPdjHKpKY/6BLyapDvFNKBHhPtsOYK4v2WujE2NvdzkzLiqYSaA7HLlxx+F6HZbNLNruh/qCxRCPo993bBagFGegEWSB6OfFtSh021CqBqB/9QgUIZh0Ug7hDwtKisZjqIW6qJj+CjWyGBKxbINCjwQXKtsxpBfB2pL4XlxSj9QWvVMQEQRYiRK5H3bssiFydoEwlCHIFudgVNZpJPp6bV6gy67APrbjeDa3CtBvzXOWJazYjrRLbco3LnKt2QoOPOAcsAkgiCvpXi9zrjPiMwtNQlrDSxOVBsNqeBSMlV01vg4wwinXD7ckiAKQ90SFBks7LmH8G0ldspKPQuSxuImJZdouyJbsMdf81vYVljUN9RnLwBEzVo6N25Hq/NTs+crkVCNdb0WNTawTGa35A4NI0W1mK5vxP+Anev/W41AGY20Ui9zl6Ne99xSmmvaPapNwnNn1y+2rkww3VY6/m3syHF1J2XoDwcrtNxShVV6O0kFXiZz3zZSw6nhD+HkTWFUX2vHHhvYh0K9rNet5GOcV7255rFUwVNqQf+coy5WETEX5O+x3qkohtAEhKLOIBg1q3yU8ZbuGsq3TETOtTpzq+2YTo1pEI+whc+cEAF14VMgp6xpF4QC7d8YNdEcom40IWEVtKwKDeeGp6t3OoRds8ijsw/9ktUe6P0V4svIrRWvgXJZKs0eeAdJoeg5ObZsKlsKmCyWZ0i8t/PyrPHF6ejccYmNZ+n8TyQOU4HdN/VSfTvJXrjv5mUf4f9/skYIyMwLyFzLcAa3Vmd5FXvPS0r9hIDRRVTB7fInHzo30WFCS6bov7Uwk/L5FKvajKJnc+FtwmsElSy0CqAcm+flamldzgExwGag+BehsPAPtyNAfS2KDPcRFmiuWfokAQBvyS3m/ypJ7fwMQGok/p0B5nxXjD4ViIYSna0ckwZPtUrbQED2dP9fkscWjV5fZF9R64TTaNA/68KH71Lu4Z5GPf1BcBlUY6e5j+nnSWSk/xPoG+5kkwgpAgEhPtr+2wWia/y86YgcToXqy7SF4whvbbhNiTJhSMFh99w/LTZ0+ZfiOHzW+Ky5isU8DAo/SGU7GfABwJ7Jvs6sBF54pjP6NIjVpwJc9EmymFKMQnKwYqFFl8eyirs1OnHwrTb2pmtr8LGNz5nllyMPci4cML70Op2DzmtVvPBWFK23c0/SAXMCnYhgQTQonFMSBOBzknEgBftlbE8uyXhrxnLWTQ6fke7ZKcllpgaQLPlrJSzuhmIG3vGKOFVtIE5THt9/b9A+0mWG0eGel1/Qu6Ogd+/oEizJ8qHI5w/PtFtiNwDU5YnaMIB0uWO6Q+sb6u12OEvDx4ibAu4o6LI/VHTGRB2H5ekiU0nUQiWLFqW6PaTjh41a+WJwGZ1JYNwMnEGPxRUXnQAMXO5kHGAPzLbKTJ7evTGxB3Nh8wYpasu6bIzZ2Eg32NKkRWr2nrdDG8m3z+RfsPRw01NJDVdqdlan493Gl2Wv3OeVa+XDQcrOyOXjlOMTsgkTR/ZekL0/a73BQZIDyz4ICX4KMUG8Y4VCHsXtZFw/yHQzmbUYtN9h4BlYBYwh0JC5RJPdr66JSZDKYanjp3iexD1CFQK1U+PBL9vPqERAAYsE4uZjN1mec0Ps6SRxjCm27DKau72JWOl7jNYM+4thm4xPJ2HLgmx1L2KScYP/ZOHzMaaGNO28DHtTkUyU9mMCZFnCA2TrGOgvJRfo+G9IKAbZl4CYWXJqVRYA0BXXpRi1VAUZyueRCdoenFTtPZnrXzadPHAntJvWU0fwRegd+J7+xGvlGX2TXipQKTr8wkfKwoJqZ/5aIEiFFjLIn7oUdd29xuL8cDd+6ilWqs8azs6128WH+hqTugonExzFdXv11sXhaObzuv0Q4fk8sMqh2Mh6YuY35QOj/9qZc4mPNDN4B54da53PXHODGg5Exe/Zed+2RCxI4RSIypvJMQof51dHxZ13Bhs+0liX7xCjprKfjawr/PQ29UDeILu5zqYXdHJS1GjzGlcdcAy/hz1yLhIPcStrR/eXdoKHbE6srEWmaISaZY90Ax1yHWQG3oayWnLyhxkOkH7rGSmDIzyCQ+DNxhN2VlzvAg/dt8m0RW4Pz6Gh4c7T9v+MlMlO+Ay4sb183Li7acYdwO7lqo/7lZAeytAbUSo6KlPhFZvbYEbYHy7f+Z6mNEfvewX5ZW0ujzV9uQ5gBljkEnJCFl5zK7pGKhZb/5r66q85lHeaptvM7JjW8RpW3mO9wSKNMAmDw53sVzJdlou5MGc7hAaQkdiFRLB7PsYakqvEtcIMw4c0kwdvA76pWf4DPlvkk13FzYRDI+h0UUmesc+ESa211D96MYnVJXDz/z9C0NwPBqqbT8wmtWVYROGzWePkZETn//Pn4Ogb9tmJWrLKd8rt+ar4kCJDzzLiFUX6lctMlHYe5B9vSE88rwca1nJjz64I81A0DxahF5H5l00QhAAyjODLZO7hIPAl+A8qR4j8068SJ8gxcviMGzvvlIoXnPUKknIWHMAcb4U8FiYUudN3GmYM1mOm36ZT6eVbabFoCD4r2IS+xxxwbqEXH9Q34fog9dGr1BYWgz3u7Xaem4Mu+lR+syH5mO05Qp17bMbQDQ3Kq4PE7CST+D7H4roLF1Pe2zdGv1iia0qI7bUXAqYStrU33Ty4118WLseJzDyDX5PLJcLCsxL10xdylCYohNYkX3mvAzOSSGe8f5RJMpGDbP6G1iclogBCLdhrRk6eOHARhm3GuVIh/HqdtcNF9lpzMoQmR5ZD589PLFXzMvNRbKHRLPueyC+5PJKJ2QqBf2vJF23Fb9mL15Hf9Rm/oPEGOdYpjBQx819CfVuE566oWnSu8KX/GtHACvMDKyM23yeHpRL/SvNWW3/ujRwy6eeetEjEEhmvhTZzKGQMNDduhszoWmg0LQZQtbNwktB+grut1n3NZzVG7/jmsZ84nVXzz7rmSqtYG5Fcj12B0CdcxIIm+JTH0sJ0/khjp3WkLssKqK6ODS7EFMpODZG6i3ZdrncdSINbvTJdxkTkPzvvKYusqJAJ0vE/9aNAlYDx7PfCVlABHqNIEDXaAMO0OYCBjT9/BQwF+uHJD9PfdEn2azBnS/zic0YNnJToL4q+KmnNtbt5S0maH9Qd1rrgiYeX0JWaPHYY+fLwv9ajU1qYkyg0votZjYLRbpIZJIp0RvQWeZdCOIFj1mADDewSsBgV9ya8DbCXwWloyKotacuzfG+wCM03V5s6hc93xZC32qYiv/MmyAYXrzWS4Np3EebAOLMSbga5G6ov0920ZelR9YxSAjg9havqGLWK5yI37UWYuSxGRc4xifCvOcSD9s1IAztLaJA0Q5W9Lb00ZrQeJ8jnhIlyFziMHGd7f1SqfW1vj97NL0uUAkSSKp8zvkx+k4i5ir+zcjNg8/nkZHhRe+F9eAD48XSZCE9ZCuSEbHwq3KuMc36ZBrM/pKeEhoCv8CL8nS2pr4LsHOANj9x/FlX24ohwI3C3S1GGN8iQ3wlj8E1VmEAG289TQPAHej0n8kW0T54p0jlf5kzJQvmAdjmVvWCm3WSrm3+hZMKZyiWy5aKg4nl7oMonoeGCOXpNsA/J/GHwHUQRybAAz6JdvOLSME6I3KneqbKJRKZEMrRO0ju/SQYwJaLTVgf5lmOW6lG/raUA1OM+sbApBJN4Q8ONXvL8ePECMl17E3+gF3w5dKBsskrHgVcI7oa3u+FVqOZViJXrTgf4A/IfrgS8eU6SH2kVoBoGHTqPf4fjYZXkZq1BPNgUR35Q0qm/hxwI4hAMr8AQ2bBnzvu20lFr9qcxpFVHGngziFLlxiHS8AizwtuT5R1zBKsIjQd7tQ4KxEUMNZMUojLVr1IkxenmCBumnZh9SHwiFi0Cndo8ss+kU/QotquVJPsBjwHLBhrDlO04C9jiS7uZQtFGl6Txe5DD++whdY4kfTZ52FmwfNk2MitbdRdWuIxROPmDDdIIHUXd/aR/0Cef8s2IrywPocN8UExmvnDFRzzbNxVSCir82V1GI2BWwrW2UyXr/xc06+Lt1S,iv:ePVAAcOvaNMsPBycPEA4wjje9XkHs5ZdtdQdrUS4MuM=,tag:7OtRWLxVx2bZVcVAfTfKUA==,type:str] + name: privateKey + - data: ENC[AES256_GCM,data:wNZe1i9guiJXlPXB3WROfhrNqQVPvxLiZ8hQTJEe6ShamXOrkkaK+0GprQZNY9x8mHViiWjfgDUPoR3EcIRW1XcPxeEcxeWdSKhL4TbnETKhvGes//NWpW0gM7C0sKLRjL6WW3G42M1pcgCRgvFSbcJOA3weSylkY9GBkGLzxDmN0G0PKpIYvkfk7yp+KTk2aPqWRRQT6wuluCwI+5vtqASpwPJkxsn3IN0IQhWzCvNGhA1Tw0rI//eaU1vFYpMc2TVn3hVvMrVFTUMR/sqFAGCSXDVruZKMUrLTIBLdyWKqR227RpSMOzOBVe2AFy1l2iKvGs3ApVMJXR1Pd+4A4KZH5d7Il6mBsCCZ+OByCXrgo1U10sV0+mGnO4Ct/0Atz0UqbsiCRORwt709AGBb9Z/mFeQkhWfJrJPxHPWCIr7eKLSHiV6HsyHPJkoAAkevypO6dKxdd9L0vt3ygUhym7DLTKB3zdZBhERZsJ+jf1xxm2PzjWE47hz/+Hi12CgWnSl07hjPtZ/goQRF3e08myKVOXxKvzpCF22d+yG6AzGf7Sj+SXXsJza4VH/pVMiu59PqOKYjnaK8vL9vr5Cj1I0h5huTiFBBNtAlZvMltT/iRIJn3/bni3lollAuHBoKbZ0B3l15zRdgt1iI9i5g20+YYa3fdKo+3RyXCoseX8nGQ4Cqo3Z+G/msi/GryNZciWBOtvohRb/5mEJ98eR9sJuPLJ5Wkbb69x3vnOjHXNr3YxAYyDAw98tVTRItXBvS+ss2qDz2oPRgaoTCWYJEF6InxkvCtz2IwORRfN7Gs/0k5JRC8vMmRR2XZE4kL7tdTZLhAOKIhgBkxVFL6k6fen/fv3AzTld/u4p91MPzEa8YBPSxt+XXqqH3Tf5BqAwvbuBVQNS3QRjIvusJfERssJBa4v7ucP1s2SRO4EYW16AKvk4VGbx2yPPPE4iHRq9jeGM+bos=,iv:IhyWdsI9sagRPa7nl6ILycevQBxGmOvRUxyiVz2yEdc=,tag:vP8tD/AQAirsQLl16s0Alg==,type:str] + name: publicKey +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2021-10-01T20:16:44Z" + mac: ENC[AES256_GCM,data:WdROP4bxBmFF8o8F3Ai5uK8OrBP26o+jyfC+Wox6LMi/erYIyf+0PnwsTCIkbVccCrlocH5Ta6J2EM0oKcx1nix1Jy3z9zgD2YOpwAKnr9OHsXeR3IbBwJKLjbgf/U4yQLLkEdgaX0LfBdobFVa7W8NjbTO/oMMvxz20Q2djbtg=,iv:uj9lh14yKOn7lPNgQ7RA6ZABKu5GvdKCWBE/NJKq4+w=,tag:B1JAytDiMQVQaz02z10Ltg==,type:str] + pgp: + - created_at: "2021-09-23T19:13:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMAyUpShfNkFB/AQf8CxX6hQa+3E8rotc4sutTTsZ9ObfkzvOS0N5ZmqEWO57D + v/+kUiaqlkFPZLFhDh8dxHPSoerhBZMX5SuZQeFVMe+5hsXzzQIUaopBeuBjd4YD + NxqvLxkXQHQQw2e0rSfek3mQLbUTHvvhhwsZLLJKCqcoetGH0dyhOhByLBL5SFBw + haF7+EIXM3INfxqNxEubO8HXIY1+kUkAstChDvawvIiGSGBN7LTQ6haIxDYh3So6 + q2zThSvusNdsiK1XznOZ/PS0/U8Cf9sAxvl/IF1tjg/n0fsuyhumkhnORZX78Hos + wkAe534j4NGVapcI4UOj+WAl2ceNwTCuxIX1Mf17QdJeAc3SmJAgDIw8/FAxxO4z + B0zPFaYUU/MCGVBmnhrE3hrQC8eVUsJKxmxv8o+g9TtP4SIGEoEmXC9WaXrKPVai + uuEGKpB2L2CMLa9GWS1S6LaKByTm0EEiLnW6WrxC+A== + =K2dp + -----END PGP MESSAGE----- + fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 + - created_at: "2021-09-23T19:13:23Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hIwDXFUltYFwV4MBA/92YWKPyQPmfYk0M+1GUkprkhcJwiLRdPrYE6n6K6LTCVUa + o0YYL94dzwHzBnzeLvKJwkY89u/CwVPdTOL35JV/eZrkxStm5jd5eS60sF5KuNxh + HqT6g42Mf6wu3kU7nnBlf5d3dWUqbaZzhyxNEZ3lcy9Mm+xQKSQL2C2PHByj8NJe + ARcGFFsHo0erhuHY33vYQbgb+EHP8lOWHhGQmmhW1H0xucHyBCrF9GzNEVB2Cpbn + jP10lMeWVtN7C+/R4hDDACi2hplmIyS0DZLuAxd8pH675KV/mQUWM/NbigIDPQ== + =eNEc + -----END PGP MESSAGE----- + fp: D7229043384BCC60326C6FB9D8720D957C3D3074 + encrypted_regex: ^(data)$ + version: 3.7.1 diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/kustomization.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/kustomization.yaml new file mode 100644 index 000000000..c32bb741c --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - shareable + - encrypted diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/example.pub b/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/example.pub new file mode 100644 index 000000000..e25072c6c --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/example.pub @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBF1oQV0BCAC1iFfE7H3uu0hbWbRYVMoz5zZ91ACHETCOMVxN8GOG4SV0l8aQ +wmK9QWkYxhi52LnicVD3D7Uy75+J3zkvEDQ15C0AZ8UHXp4JlSQuXpFhrOhfYUF/ +6pr/QexT+hQjOacvY4qfnj4xKa/AGdv5vPIygtQumE6r3GhEVAxQ1GSwtCWSU3Zl +3Uqf7S8kDvJTemtR2UkVfpXcMd4AmMKgt7fVhPO8eFotqTLPvz/iClzER+q61fLA +d1rP9YlmY46MJp/PffPicWdJiKv2i6ynKcIwkrQyP6V2ZzYi/gAhNJst3ZlMfsiN +ekCtcow9Bn44uxW3U8W02FNQSNyn6V6QPDIXABEBAAG0U1NPUFMgRnVuY3Rpb25h +bCBUZXN0cyBLZXkgMSAoaHR0cHM6Ly9naXRodWIuY29tL21vemlsbGEvc29wcy8p +IDxzZWNvcHNAbW96aWxsYS5jb20+iQFOBBMBCAA4FiEE+8e54qT5KJrAwdSEPRbO +5KJzgbQFAl1oQV0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQPRbO5KJz +gbTDcQf7Bp7e2zY9pBBXTgDASQl31SSHp9WkRUV5iqPVC9iPCELggteBGMwIpbDl +obc6O8/06foxWctTUaaciPBo2+jeWFTO+DNvB7oXIArqr5673QHLh6jEABBjyt91 +rvta2wYF1XJBgxpui9aLICsCptFNIRvHeKUrXBI4fG5z3CDs/EOoY8K/AAYJUF+E +RtmvmisiE/m20UpbYRmkBJy25c89Wcn12I1SUJA3H3hGwvZCYp8hY1HPxxQUtU+D +ZBIpryi0xQqExGAlYqck7G03F+AD7/csaT1LEdCtWRLNwE8UkvfUF6liF0SgzxFo +1pp3gBU4swds9yO9wNe12JY/M5A/BLkBDQRdaEFdAQgAtun8JhSpNAKvOXwWX2nF +hnMXTJp4viMhlAZEdmMXEi27B2DM/nRzldjxGZoNUBSVbJNj2kx5ZUDl0o6eOpCh +vRaGuCOpYqOuSQvD8FnX0NgQULwuTZ+MawsaezktJEjDSBM1R6uASeJwDZj4hcUn +PgyAIESajPdowEkEjdYt261fGOLLcVoVdtqzOMBkLVdrK/FD1kGR9jnSlKEYDV9D +veBUBQGdqkgWXjS5BKcae07viC6xMa9AJS4pizyDALB2k0HQOelZNihOGXYUuvkc +s2Fivl0Tk3OCfH9XDvFehbYRHmkRDoMuKUDSzdy6tFBAkL0CPlXAWI6kQklaBEp1 +9QARAQABiQE2BBgBCAAgFiEE+8e54qT5KJrAwdSEPRbO5KJzgbQFAl1oQV0CGwwA +CgkQPRbO5KJzgbS7zwgAndbf532OXo9HwPH+yQQmzQCLDFL6P4V7LcFrrydYItTE +hxqI3tbb96MKXRAt+G5Mw6JjRkWhwzbU3jE7D7XBMHw7GriTTU9QltNHg7VUpSSa +iTfVcSNErzsaqbjbA7jMs7VWzOq4LZo6Efy8UDKg5qcqLFaTQrzQZYNHNfM+kLAi +UPU8m7vwmz6oJWsjHkQKUhKhHptlpwMwdHkoacqDO0x2H6H91l/PnDm4ZG6FybJt +cjr98i+p52/XOo81nLgX7tcFS3nrN9HNdgKg1ZW3yrzg8NOaFCVA8qLDgLk//M3q +DixOxiurECkFrMvt/bDxEGpN5GVy550MmyUZQrkuqg== +=Zs2s +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mI0EXWhBiAEEAM+5U/ol2T8n9Ns1r11eKun/PPArXxmo2502pAY3cf7ZpKDFfAvC +VF/PLusHcJToTCPOT0RVh5jO1MiQYcvQlnUIJOIEkCuUc7RsdBDsI94o+SEiGSN4 +DzK711xTvuhgLbFvCB/jcpjN8wpIYTJuD6wE75sf5jqlokrnhXZy5LcbABEBAAG0 +U1NPUFMgRnVuY3Rpb25hbCBUZXN0cyBLZXkgMiAoaHR0cHM6Ly9naXRodWIuY29t +L21vemlsbGEvc29wcy8pIDxzZWNvcHNAbW96aWxsYS5jb20+iM4EEwEIADgWIQTX +IpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbAwULCQgHAgYVCgkICwIEFgIDAQIe +AQIXgAAKCRDYcg2VfD0wdEdnA/9mMGieN4hrnmgMwchZ5fplBAUCeB4R+KewSHce +gfQIxN8i3vCOHaqmF8cmc2ifXfioqsSQU9JdRl7dx+TN9sgyWas1wfT01j98sfPk +NQrgrOxC/24SQ9f7C3bplXO+25kLXCPTUomMj8zf9marVeUVNeC6IduFRRI7hxrz +tIyN/riNBF1oQYgBBAChXi00fmpEs0Jiq0zOyYm9i749VoOsNReoB/5ix1QCimwV +ZKe1D37IP5Qqysxy+LIQc4lJ+Q8foNOx1Aev5+TDyv+iU82D9xr9uPLLbA82k3AZ +04OrBjrZ/Yt1NZhuaHzciZCPpmqzF9kqVqAZc+vMiKZL1WZjS7O1FwaidY1vXwAR +AQABiLYEGAEIACAWIQTXIpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbDAAKCRDY +cg2VfD0wdMMfBAC/66LvXwBPaHDakr0lo25PGOWWsf4o8yWui/Q/yhcc8KiELlzE +zmwnq0JDSodfJ5agMTxXfVu2oVUBDKuvTDLSCe2XUv+2ufAweg/xr/FrREc2TkLu +GZy6FMdtB7Ik1uJElmkIhnU7KsXXv6rq71gE+PCqnwqsn/SvLLaTJvtlEw== +=PafV +-----END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/kustomization.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/kustomization.yaml new file mode 100644 index 000000000..eb0bafd0d --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/public-keys/kustomization.yaml @@ -0,0 +1,10 @@ +configMapGenerator: + - name: target-encryption-keys + options: + disableNameSuffixHash: true + files: + - cmd-import-pgp=example.pub + literals: + # user U1 and U2 + - pgp=FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4,D7229043384BCC60326C6FB9D8720D957C3D3074 + # - hc-vault-transit=http://127.0.0.1:8200/v1/sops/keys/firstkey,http://127.0.0.1:8200/v1/sops/keys/secondkey diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/shareable/azure-cluster.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/shareable/azure-cluster.yaml new file mode 100644 index 000000000..e03965d08 --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/shareable/azure-cluster.yaml @@ -0,0 +1,23 @@ +# Site-level host catalogue. This info feeds the Templater +# kustomize plugin config in the hostgenerator-m3 function. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: azure-catalogue + labels: + airshipit.org/deploy-k8s: "false" + +cluster: + location: centralus + vnetName: target-cluster-vnet + resourceGroup: target-cluster-rg + +controlplane: + replicas: 1 + vmSize: Standard_D2s_v3 + sshPublicKey: "QWRkIHlvdXIgYmFzZTY0IGVuY29kZWQgc3NoIHB1YmxpYyBrZXkgaGVyZQo=" + +worker: + replicas: 1 + vmSize: Standard_D2s_v3 + sshPublicKey: "QWRkIHlvdXIgYmFzZTY0IGVuY29kZWQgc3NoIHB1YmxpYyBrZXkgaGVyZQo=" diff --git a/manifests/site/reference-az-public-cluster/target/catalogues/shareable/kustomization.yaml b/manifests/site/reference-az-public-cluster/target/catalogues/shareable/kustomization.yaml new file mode 100644 index 000000000..1648adc0e --- /dev/null +++ b/manifests/site/reference-az-public-cluster/target/catalogues/shareable/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - azure-cluster.yaml diff --git a/manifests/site/az-test-site/target/initinfra/kustomization.yaml b/manifests/site/reference-az-public-cluster/target/initinfra/kustomization.yaml similarity index 70% rename from manifests/site/az-test-site/target/initinfra/kustomization.yaml rename to manifests/site/reference-az-public-cluster/target/initinfra/kustomization.yaml index 1ec91046d..01a6cd674 100755 --- a/manifests/site/az-test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/reference-az-public-cluster/target/initinfra/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../../../function/cni/calico-capz/v3 + - ../../../../function/cni/calico-capz/v3.20.0 + commonLabels: airshipit.org/stage: initinfra diff --git a/tools/deployment/azure/100_clean_up_resources.sh b/tools/deployment/azure/100_clean_up_resources.sh index 3179a3ef2..56c185ef6 100755 --- a/tools/deployment/azure/100_clean_up_resources.sh +++ b/tools/deployment/azure/100_clean_up_resources.sh @@ -16,8 +16,7 @@ set -xe # Deleting Target Cluster resources from Azure Cloud -echo "Deleting Target Cluster on Azure Cloud ..." -airshipctl phase render azure -k Cluster | kubectl delete --kubeconfig ~/.airship/kubeconfig -f - +az group delete -n target-cluster-rg --yes # Deleting the Management cluster kind delete cluster --name capi-azure \ No newline at end of file diff --git a/tools/deployment/azure/31_create_configs.sh b/tools/deployment/azure/31_create_configs.sh index 3f92ec8a9..61ffa8610 100755 --- a/tools/deployment/azure/31_create_configs.sh +++ b/tools/deployment/azure/31_create_configs.sh @@ -36,7 +36,7 @@ export SYSTEM_REBOOT_DELAY=30 export AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH=${BRANCH:-"master"} # the git repo url or local file system path to a cloned repo, e.g., /home/stack/airshipctl export AIRSHIP_CONFIG_PRIMARY_REPO_URL=${REPO:-"https://review.opendev.org/airship/airshipctl"} -export SITE="airshipctl/manifests/site/az-test-site" +export SITE="airshipctl/manifests/site/reference-az-public-cluster" export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${remote_work_dir} export AIRSHIP_CONFIG_CA_DATA=$(cat tools/deployment/certificates/airship_config_ca_data| base64 -w0) export AIRSHIP_CONFIG_EPHEMERAL_IP=${IP_Ephemeral:-"10.23.25.101"} diff --git a/tools/validate_docs b/tools/validate_docs index 49c1801d8..a3c6357a0 100755 --- a/tools/validate_docs +++ b/tools/validate_docs @@ -25,7 +25,8 @@ set -o pipefail : ${MANIFEST_PATH:="manifests/site"} : ${SITE_ROOTS:="$(basename "${PWD}")/${MANIFEST_PATH}"} : ${MANIFEST_REPO_URL:="https://review.opendev.org/airship/airshipctl"} -: ${SITES_TO_SKIP:="az-test-site gcp-test-site openstack-test-site"} +: ${SITES_TO_SKIP:="reference-az-public-cluster gcp-test-site openstack-test-site"} + # Name of specific site to be validated SITE=$1