From faf07af7183f97a98d33c96d190057b2560ad8b4 Mon Sep 17 00:00:00 2001 From: Kostyantyn Kalynovskyi Date: Tue, 2 Feb 2021 04:45:38 +0000 Subject: [PATCH] Revert "Adding encryption of" This reverts commit 6ffde8fa17dcecd4243be076340a29a3c807f6e0. Reason for revert: it seems like this commit introduced breaking changes, reverting to see if this helps with toos/deployment/30_* script Change-Id: Ib67babfd3683489e1c3afe1264784758791fe44d --- .../replacements/generated-secrets.yaml | 27 ---------- .../ephemeral/replacements/kustomization.yaml | 1 - manifests/function/ephemeral/secret.yaml | 4 +- .../k8scontrol/replacements/cluster.yaml | 19 ------- .../replacements/kustomization.yaml | 1 - .../hostgenerator/patchesstrategicmerge.yaml | 2 +- .../hostgenerator/patchesstrategicmerge.yaml | 2 +- .../test-site/kubeconfig/kustomization.yaml | 5 -- .../kubeconfig/patchesstrategicmerge.yaml | 47 ----------------- .../test-site/kubeconfig/update-target.yaml | 39 -------------- .../hostgenerator/patchesstrategicmerge.yaml | 2 +- .../target/generator/kustomization.yaml | 2 +- .../generator/override/kustomization.yaml | 2 - .../generator/results/generated/secrets.yaml | 38 +++++--------- .../target/generator/secret-template.yaml | 19 +++++++ .../hostgenerator/patchesstrategicmerge.yaml | 2 +- .../target/generator/kustomization.yaml | 2 - .../target/generator/secret-template.yaml | 39 -------------- playbooks/airshipctl-gate-runner.yaml | 2 - playbooks/vars/test-config.yaml | 1 - tools/deployment/22_test_configs.sh | 15 +++++- tools/deployment/23_generate_secrets.sh | 28 ---------- .../certificates/ephemeral_config_ca_data | 17 +++++++ .../ephemeral_config_client_cert_data | 23 +++++++++ .../ephemeral_config_client_key_data | 51 +++++++++++++++++++ .../certificates/target_config_ca_data | 20 ++++++++ .../target_config_client_cert_data | 19 +++++++ .../target_config_client_key_data | 27 ++++++++++ .../deployment/templates/kubeconfig_template | 31 +++++++++++ tools/gate/00_setup.sh | 6 +-- tools/gate/config_template.yaml | 1 - 31 files changed, 245 insertions(+), 249 deletions(-) delete mode 100644 manifests/function/ephemeral/replacements/generated-secrets.yaml delete mode 100644 manifests/function/k8scontrol/replacements/cluster.yaml delete mode 100644 manifests/site/test-site/kubeconfig/patchesstrategicmerge.yaml delete mode 100644 manifests/site/test-site/kubeconfig/update-target.yaml delete mode 100644 manifests/site/test-site/target/generator/override/kustomization.yaml create mode 100644 manifests/site/test-site/target/generator/secret-template.yaml delete mode 100644 manifests/type/gating/target/generator/kustomization.yaml delete mode 100644 manifests/type/gating/target/generator/secret-template.yaml delete mode 100755 tools/deployment/23_generate_secrets.sh create mode 100644 tools/deployment/certificates/ephemeral_config_ca_data create mode 100644 tools/deployment/certificates/ephemeral_config_client_cert_data create mode 100644 tools/deployment/certificates/ephemeral_config_client_key_data create mode 100644 tools/deployment/certificates/target_config_ca_data create mode 100644 tools/deployment/certificates/target_config_client_cert_data create mode 100644 tools/deployment/certificates/target_config_client_key_data create mode 100644 tools/deployment/templates/kubeconfig_template diff --git a/manifests/function/ephemeral/replacements/generated-secrets.yaml b/manifests/function/ephemeral/replacements/generated-secrets.yaml deleted file mode 100644 index 365c6051b..000000000 --- a/manifests/function/ephemeral/replacements/generated-secrets.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: ReplacementTransformer -metadata: - name: generated-secrets-replacements - annotations: - config.kubernetes.io/function: |- - container: - image: quay.io/airshipit/replacement-transformer:latest -replacements: -- source: - objref: - name: generated-secrets - fieldref: "{.isoImage.passwords.root}" - target: - objref: - kind: Secret - name: ephemeral-bmc-secret - fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_ROOT%"] -- source: - objref: - name: generated-secrets - fieldref: "{.isoImage.passwords.deployer}" - target: - objref: - kind: Secret - name: ephemeral-bmc-secret - fieldrefs: ["stringData.userData%REPLACEMENT_ISO_PASSWORD_DEPLOYER%"] diff --git a/manifests/function/ephemeral/replacements/kustomization.yaml b/manifests/function/ephemeral/replacements/kustomization.yaml index 200346b7f..ced9d187c 100644 --- a/manifests/function/ephemeral/replacements/kustomization.yaml +++ b/manifests/function/ephemeral/replacements/kustomization.yaml @@ -3,4 +3,3 @@ kind: Kustomization resources: - ephemeral-env-vars.yaml - networking.yaml - - generated-secrets.yaml diff --git a/manifests/function/ephemeral/secret.yaml b/manifests/function/ephemeral/secret.yaml index f6590b8b7..edf321876 100644 --- a/manifests/function/ephemeral/secret.yaml +++ b/manifests/function/ephemeral/secret.yaml @@ -17,8 +17,8 @@ stringData: ssh_pwauth: True chpasswd: list: | - root:REPLACEMENT_ISO_PASSWORD_ROOT - deployer:REPLACEMENT_ISO_PASSWORD_DEPLOYER + root:deploY!K8s + deployer:deploY!K8s expire: False users: - default diff --git a/manifests/function/k8scontrol/replacements/cluster.yaml b/manifests/function/k8scontrol/replacements/cluster.yaml deleted file mode 100644 index fdd9d3080..000000000 --- a/manifests/function/k8scontrol/replacements/cluster.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: ReplacementTransformer -metadata: - name: k8scontrol-cluster-replacements - annotations: - config.kubernetes.io/function: |- - container: - image: quay.io/airshipit/replacement-transformer:latest -replacements: -- source: - objref: - kind: VariableCatalogue - name: generated-secrets - fieldref: "{.targetClusterCa}" - target: - objref: - kind: Secret - name: target-cluster-ca - fieldrefs: ["{.data}"] diff --git a/manifests/function/k8scontrol/replacements/kustomization.yaml b/manifests/function/k8scontrol/replacements/kustomization.yaml index 95b40576f..3269310cb 100644 --- a/manifests/function/k8scontrol/replacements/kustomization.yaml +++ b/manifests/function/k8scontrol/replacements/kustomization.yaml @@ -4,4 +4,3 @@ resources: - versions.yaml - k8scontrol-env-vars.yaml - networking.yaml - - cluster.yaml diff --git a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml index 6e177c4e2..638dc89e2 100644 --- a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/patchesstrategicmerge.yaml @@ -43,5 +43,5 @@ patches: |- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: - name: generated-secrets + name: password-secret $patch: delete diff --git a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml index 6e177c4e2..638dc89e2 100644 --- a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/patchesstrategicmerge.yaml @@ -43,5 +43,5 @@ patches: |- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: - name: generated-secrets + name: password-secret $patch: delete diff --git a/manifests/site/test-site/kubeconfig/kustomization.yaml b/manifests/site/test-site/kubeconfig/kustomization.yaml index 470a44c8a..d48a7b893 100644 --- a/manifests/site/test-site/kubeconfig/kustomization.yaml +++ b/manifests/site/test-site/kubeconfig/kustomization.yaml @@ -1,7 +1,2 @@ resources: - kubeconfig.yaml - - ../target/catalogues - -transformers: - - update-target.yaml - - patchesstrategicmerge.yaml diff --git a/manifests/site/test-site/kubeconfig/patchesstrategicmerge.yaml b/manifests/site/test-site/kubeconfig/patchesstrategicmerge.yaml deleted file mode 100644 index 4f55344d9..000000000 --- a/manifests/site/test-site/kubeconfig/patchesstrategicmerge.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: builtin -kind: PatchStrategicMergeTransformer -metadata: - name: smp -patches: |- - --- - #apiVersion: airshipit.org/v1alpha1 - #kind: VariableCatalogue - #metadata: - # name: hardwareprofile-example - #$patch: delete - #--- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: host-catalogue - $patch: delete - --- - #apiVersion: airshipit.org/v1alpha1 - #kind: VariableCatalogue - #metadata: - # name: host-generation-catalogue - #$patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: networking - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: env-vars-catalogue - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: versions-airshipctl - $patch: delete - --- - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - name: generated-secrets - $patch: delete diff --git a/manifests/site/test-site/kubeconfig/update-target.yaml b/manifests/site/test-site/kubeconfig/update-target.yaml deleted file mode 100644 index 8a34de649..000000000 --- a/manifests/site/test-site/kubeconfig/update-target.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: ReplacementTransformer -metadata: - name: k8scontrol-cluster-replacements - annotations: - config.kubernetes.io/function: |- - container: - image: quay.io/airshipit/replacement-transformer:latest -replacements: -- source: - objref: - kind: VariableCatalogue - name: generated-secrets - fieldref: "{.targetKubeconfig.certificate-authority-data}" - target: - objref: - kind: KubeConfig - name: default - fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"] -- source: - objref: - kind: VariableCatalogue - name: generated-secrets - fieldref: "{.targetKubeconfig.client-certificate-data}" - target: - objref: - kind: KubeConfig - name: default - fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"] -- source: - objref: - kind: VariableCatalogue - name: generated-secrets - fieldref: "{.targetKubeconfig.client-key-data}" - target: - objref: - kind: KubeConfig - name: default - fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"] diff --git a/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml index 6e177c4e2..638dc89e2 100644 --- a/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/target/controlplane/hostgenerator/patchesstrategicmerge.yaml @@ -43,5 +43,5 @@ patches: |- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: - name: generated-secrets + name: password-secret $patch: delete diff --git a/manifests/site/test-site/target/generator/kustomization.yaml b/manifests/site/test-site/target/generator/kustomization.yaml index 37fe4dd38..b2f240258 100644 --- a/manifests/site/test-site/target/generator/kustomization.yaml +++ b/manifests/site/test-site/target/generator/kustomization.yaml @@ -1,2 +1,2 @@ generators: -- override + - secret-template.yaml diff --git a/manifests/site/test-site/target/generator/override/kustomization.yaml b/manifests/site/test-site/target/generator/override/kustomization.yaml deleted file mode 100644 index cda38072d..000000000 --- a/manifests/site/test-site/target/generator/override/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- ../../../../../type/gating/target/generator/ diff --git a/manifests/site/test-site/target/generator/results/generated/secrets.yaml b/manifests/site/test-site/target/generator/results/generated/secrets.yaml index 40925c06a..f5b4e28ba 100644 --- a/manifests/site/test-site/target/generator/results/generated/secrets.yaml +++ b/manifests/site/test-site/target/generator/results/generated/secrets.yaml @@ -1,41 +1,31 @@ apiVersion: airshipit.org/v1alpha1 -isoImage: - passwords: - deployer: 'ENC[AES256_GCM,data:8h3/8C3/ZzEHrAyXkaw=,iv:11RjLFIfTI7p/iAiPLClUFoccBv0ctQneb8ukEUie0Q=,tag:SEbPVjT2OIPkpuz3m83vNA==,type:str]' - root: 'ENC[AES256_GCM,data:Zc6IOnZRRVi6NSz1zzI=,iv:9VatWhTpVkqcGFO76996E39lSpQWDvHWWznf0udt0JQ=,tag:Dlguo6tnbztpNsGLQF++hg==,type:str]' kind: VariableCatalogue metadata: labels: airshipit.org/deploy-k8s: 'false' - name: generated-secrets -targetClusterCa: - tls.crt: 'ENC[AES256_GCM,data:f9FvSUJwBaBHSVmrZoiFEe1aU1e6HTNxdOc6FhRO3RIf69INnrd/p7jkLpZ0YvgdBd0SU9Mmz51FRoM8aUOjbhE3Ow58+XImwrJxkggK2flPKAlvYGmUyHZGp+SQqxxvszk7rwidQ26psP2NrVwo8wuZ7YjSekbReUa+ISB8coLeb/1u2UMynNAzjZ0MTR5FvPt101xeNTu/hzY7y1hr9JDof3d4tml7YnL8oRURLpp27b0SPb1jrKT17BOjy7ofx34HD8TnWDT5fVQXPnUFMhrCdm1CuU1G8ZJfAhugzlEo5lRRFvzwDOSukc0p50H+e89d4hDW6nIgCsCc/gPw99Z7XgT9BrNh+O79jsP9KYWHnjXNSlH3WzGgxQwGYPYqH+2pVupDXVIj7eIlzYSxjd/tiC7NA2yBU/toqQ14eUtEMRLffWqvJyI137jU8zp7cXy7eg4ShVNlsg9T9dr+NzCkWaKecer9MWdXTNRPBzCuAC0CSX1iI6wOR/pMOzfjlZNGe+8fAtbYN6F7DAD8aeehUesrxAzTukfvPSFb82S9CUcc/jaUydTs5tTlnP/t+F4YJZA8yWSmSM3VJLe0hs64tpub+xUCqjmsuJ7aQsOIWKKaKSC44eA092AAL8psPn/J11jdSBJcXaCkVfA09sc4nh+rpBok472G6cOYMeLXCoXsLTE8dwDIAIxbQ0Af5MwfX3dPA+lbmgI1edArpt6UjOXfETx0pplhQJ+C0ExwlCVs++rvIoSIndvHMURJE3eVo6F32SKF6aa/fGquiFLSmpmkwqDJy9Gt4AuGKAsa4o6cgtQZJsc7eh2ym2TDfEu5mv9V25kwOotu6I+X02hdsmpIbk4jCjWnL3lk6zCayoFHqf1jeFj1c51l5uD/zFstJMCHSGcFArrbemnPp+dyDPCoIZksFApsg+i3dp40GaM3uGfZdwjEEpXFQjUiOrwojJzfrx001RntdJQtPu/B+5i1jdrQ7FfzlTmeOKWCvFkDreyEAtJfHNL2CN/1vWVlVNQ4/MOACwaCPzWNZQcbAOl71CUoj5xfWAqJOv+kRA0YbAGhjZq7bp1qB4cS4Eg5sMK0uWVOfEKikGfIaNc4t8+FLiDLKQ0JlXRXREKur2SyuB5032Wir0GWhQezdmn5z+aG86BCpYl29RfnMKtOPdafBkjqQiekjvHXYqozvKpBt2aTdEx71mziT/rUegoqoiUWnY7VMjbKn0S3UI4xYzDvwOAPCjBWivNJSmYmOned+lw5y8StrKWhNexQCz6BlOyUJQWvnNB5QIfri5HJSboF0QA0jWuo7z5f0RpqeCfiPWO6vS7HkRyOZyoMtc4QfODh/+1cOqdmUKFDwV9k1GfqoVD9ExahoPlwzHL8ABi5jow0HgAX9zRZbDi2Tn2mtWA5kKVjgyzCJBemoTgcGVrR7yV2u8e2OiKPIRTs4JUR36BBgtA6nLelHYnr5nrRwz+O7RsuUU3RFwtzf+uAVSOR6lX+5i1al3C1sY85u4vsyAdBmL7JCdBQNfz70MLr7v192KBTmCk3c9tcjqWxk24XEVcL6/o/F6SQsS7LuVukBIlvuzN9dup3pDW6DkNTFaLgRl3L5nfh4KtWGQNMI/5K6EgxAQYGVHTzkskBNmnyMVITQE6A57Pfqt1Cwxo95+R8Mf942pH1su/yHC4y4HXZYmJJVfoAtSVTsQxD6iufW0O0qzj3g6bBeaBncTgQJesJxrXuE1NfXz3cwBaoW4TMQAJSDfq/cAkFfJDmFvf7gJRuEOIEbU8CDeF9+NekatGMRHyoo9shJps/KDdNIezWFw3zbtOJ/lhl50YE+12u9SiozYmY03BWLnUpLdCMAhpvgQ7GQo8/RfBO83QApnIRhh7WND19zTEd+UFZIV5GSzU9Nt5dKplS6EJ1juJQoqcVorIwZcQneKU4YJ1JVYOFsq/ouzWdzunnZLiKt1fHRGrDywp5UK53Wat1VuGxBuahyrBOfF0sQ4DTPA==,iv:b5Agmtpu4XkhaRQcn1ktO1/Pkun2pCsNUKgftcP9CGI=,tag:e2al4r8yA0WTQvC4iuDdgQ==,type:str]' - tls.key: 'ENC[AES256_GCM,data:uupoSTYpqqOG73En/jG9K6bEUY0CBVA56fflV0wNiriia9oTNIoU0kjebjG/e2HqfwGRKRJMjzJ/niGKKQNF1dWfga3vPDtNK49rZ+93B1JjEvsaKmZL4oqC4f0FpB2PISBSYUsOVIAe/2uOUpxVi0CQpJYI0wZKW0Bc/Wg5a9M/hRBC4MGdVM5FotlOU0otQ/uWT5qAFtRzQPgNgyfNrJHNuMSbjVm86BBNm0xbZa0iytMGyNXSjaaQcDhKqGOtLVxTOon3VyMwPePUN8ZVRifcNxQZ8uviH5xVgtX1T1FqXdVUe2I084UKxS11AnY8qmzI2ENHTdjqiVBh5svbegAb+byLKHNaTnJSWTmqcUC3d2gOgmNzUdbCAR/q1JeVc/i56jOwTjvW+qHgfQQk7eAIeu+vO7NsoyIa+xhwUX8OR451ep7JCxWSTng8GydMKNl9PwwUNv1IteUqITFfUeT9R7PyUhED+NH/cqVuOjvDEve/DX7CaGiBvHXGR9o1wWCA3V+S82+jnsKZ52OKLjiFDGL2MXC7EoylXNJvzNyGQdKXTyaU656kzseVkpcC4QhWRqk4rSnO14vgCsh1UX0LnSx4sh8vuip7GdA6PjPC4uzYgeATreCSe3Z5GWJX28FFTw6NyLrRgWblgW6oMLTzUigBjD1UfQm80l4QHUtt4cqDtfL2PmnzaSuA6cmdTsvVydziV5dGEn82VAFTSZyYRSYYZ72+I1EPqrPnnFLT8+e+NiE9obmECpn3PU86ctQRHpqpCNsvy3+8IE8FkQuaizqwtg8couubv7JYZmYKzx8GB2h5ConrMLiVnj81msfY8TlccQBAE93Y5by/j/G3rZNSnJOZyuiPgK8miChFKUie9N60EWvbjPzJyhHeRm9CEB29ctZwCrMgKh8DuUz4x+G57B1pESJ0vNIGWIYhkmuvL3wjTaqc+LuVqnAh0KJlckDRkoBVIQl839c0quke+jMOnPkvxqz1dIy8upWf5+cwyjOsR0NVKrzEXwk141jGdOVqWklIaGbeyRIN6pn57p6rPJ+vnDPUC1XzY4N9N5fEYcfXbFDXRV+cZziRMx8ds+eVvwdhzO0NpPNn+9HQQxJufXG3qXFaTcHtDfeXQM+NJtWzZvpn9YM+9OWcCaz6vRtd9RmmOaPgytZo1hZdDK/Kl0ZHZcjZ3h3o0KPwETSMFk/y72te+M7S76kxzRobJV4ZGdwcG1p2rPikZ5rc2qyqkkSzyai0fjZHeYKRaqLeECDbgyz53fdlSzLGYubam6iwarMAugoAVYdmESUydpGKOcjooIet/tZiWH2tnjwHSpCpITcT6Z/OPnjM0NK6HtrZSTbEX+Yip14HujhcdkwMdYDXDgEA+sbRbzZdv2Dv6/QrF2fX5DRRqMoReTmazl1hacwJNcy9h7gJ/K0Q69VE9pV3dXppZpSoNKzW/nkLghkSMTTd0Nynu8kSfR3GSj13i7pXZkgatSl+oNR4eVIB+4WcsPhHWEGT368l5nTobptDZUDz892wJKC8IzZ1/cd//LKlWrTZrCBCzXnZAhII/9I9HpB6M/KYt22ihJLkCJLzuUpuYziBqERnwt/SHfUgW/dYxraVh+IjQk2xl+I/7/vianSprZ6aAtGnEjnLMazg2rh+NMkqXrdnCKXXGBgeuM0cgfNIJusx7HEL90VdNyGsQcgikXsQEAbvNVE+kc6nj5w3dfJ1yno+4lF+w6AkhLj5JJgff1P5q1DmaBGBrgJZXK4rcP89UzPy4SU2ZUXGHLmCu6e4d+cQrjaldO4jbRRZOazd8aOA0/Vsvx/zB6A96fJPJcDNq5GJ9WWa9nVqNwKxDYFDQdgE1AEBsETqR1eZlcWz4kyPfPcMj3Bl+y4Z0F6/1CzOY4y3pAneB2buhkegs4PoOm63F81ue8QGpwP9LHnNKPkw/Zj6uDH8QMW0EKVcE/HZPpafjBpisHrnTpTK3gANdgq1u1FMFWm3Koa8mbCdZAd/q2g1Jh2dHXie+mddh9aMHocV6gQ9F5ZtxwBPrNv+vMdLGW++ybvvQ5VL57N5ThBdxXi81Tj2gbRt7lCENZQkGfk6c3SLxDJxkMZ/ZHjTyR+YVsL4/+PiPTx/QknQQjfTU+5LiPzNIIoP63SVjmgOPuYTOCafnXgf53Ufcgzt0THugIcfWuaFGkOHFc8hw+W7dEjMxDPvpGolKwbvHe+9SCHF+cK7OHWATJ7rQVMFHHF3kxj6lwfni42p3gwVzenpI3W4vuPfwG0XqlRHP8sO35f3BCwjGJWsLQNE12Rq8htWm8xf0XC6nn2tZCi4M4GXday7ChAbd7eXrijm9ULdUob/sCyPei5WvpaHoyxR39SbpHIXm0lRi35MTivxCyOJ4YcJx5kWiBp0sU5rhcKYDk255HihIZ/95z0NB8ekoNrGTxyVsFfD0yBjgXkcKTdx0R4DGrhEiMXsrfPXdITtVflgtmQrXQVU2F8EmXeS8B/Se53wmYQGk6WpsgsjTxT7NNlSHxZgdLlkl4EHuTZ4KQlxVM4uyze9Y+xs6bAQfyjsdN0Qroe25cztbKvObJpD9XMKtHOyeZhia0wsZgRd/VyyoWrTXbdLc6evu8SzDzq7zaCdITDtBlRLs4yYzGDk/SJ+zblwiOxGYfZMpmyMUWr3kmD1rSf7GBK7hclFcrlH32gBpN1DdCSesnArtDZTqEjO2adtIwREN6o72WxP6qbziJ40FJoEkhaLbM6kpZQDZ1u7x1ZI1aeO3TPGBfPrOlxzAPZ1OIBHtMzyhmVbnvWXNlkEJ+rEuCYtWP7FjQb/WD8qilYKn9lHojMCL6Ow2x83tJgrvznObMwG9JNsbsESgE9PNXSQhdxyg2IPOp3wg8lk/hzbTX6aXr++YrcLJiHRD5K9Xux7RRHykinqHm5qvN46BmK66EMsg/pfFyWyJyJQCwA4pNjvO0GrnlsCryuXa1j5w+hzFoHKSp7TQUuMY+DvHaZz0yDccxQNO5XaRDD2W1szY8uYmdah7O5xog==,iv:gOYDduGKrIDp4gOzxB7sEgs3VIsQzcgEf61BbhUfxu0=,tag:doILyMGHlHxfdxlO6OxqHA==,type:str]' -targetKubeconfig: - certificate-authority-data: 'ENC[AES256_GCM,data:Jqvpqu25V6FZo51qL75lyl3viAIZj9IaGiNaQ7KhsNRIqDVjo5GRf4Cs0rkyGaXeMu4Nwqpg/QilbLOhCAoPCSmKZm4Ynrckpg24Ns/2NDh0lYaLu64VpKNyw+OWk69Oo/uOlPeAA8EzyqY/tv36LgHM4r5l0gePji5g2LtDv8mdgZ5/7lH3oSeLY3Ecz7L5hbSSZEMKWsYdcPKBmU5CRfUcorl3XoReOZLsrwHSzEJWHz2o4JcLKczM5uldSbtjoY+b89hS7bpGM8K4vU6GMQcvIoqhIMYvhTFLFfuAQybQZ0WlKtla8kQnPSmH8QTZDjIaJINBMw5icPDnoteZrRuxUSkFMJ5sLuwbgvgPSY/1WY+hHiSuWRAd6wdMwMYGo8TKENOeh4FbtCKB+XaVlu/UF33iSlKTaAg8m+ovgHvNGMPE0ziwc5zykEoBxHxPuaHro95Tjm70b5YyovXqXlTIlM4pgpaLsdkrDDbK0xPvYjYWeZOgEyydziBr0FwksOpZg66W3jM65se45DnogD3F33FNx4S7xrMaI2QIkFnBz0rISk8cgnwLzX3sXbzvY6+gvfwhnDz2JReatPHSJBxQjAJxZ5CEqRRWlSiLRbc9R+KvNUfTB60lqIRuZajtInyqGmEGdz6UZeuO8GHegZgrRTWOw4XM/ShcxF+1FW2bAj4c7lGpi84ycL1WCAsgN6YwdhkO0et5yPeVfh7uEjGK+/yH0q3TpCBT46mLvcbP4ZkZXDehS+MMhcGOjk0tCk1qiyZZqi1yV3lKWxC4gki+1VGnnHWsUa6hneg+DiZHa+SIUwd8P+mnv0PlhLIRg5eMPqY4hPa8S471IzxaseocbgygYX3b49QWyT/1TV0j/d6d4Ame4T72SanUCEJ+3c0MHxrqgfi3A/y+0aMyxN7RwPY+NvN42zxEKgSmVyxR8W8hjmugHymoV8uSwrdfSI26/az1hx66k1sS3kmoH6gtQ3EuoE6hd/dqOV+Kv3qrmHOfabmsnhRPsHBlSlXoNMhLDTjb5XUmv4JGDcyIcDLw4UukI/wh7PoriCLzIQ2iACz8XWN5DvEddFKOOU9lyAklpj44fCGikqr+72mxF7LdQUh1Jn9F6KGqWpPG5Vy6u3aTsGZuYk7ZeSxDNJxJiW7h3soaCn96vAzT4IO1pexsq+t8eAqND08QTHtMehHNiZjXaEF7d6ms0LUAZodLwFtk2jfVGQo6gSRj7XA9USYDMkEywZV0WTiFb5BvjnE2/K765SDRMWNQNgtK/bkSTvnSCdr4KgaVDjy/ty6AiGK2Rr+M6Zq9HqXK6eqoauhp345T/Tf8pckyVlP5sAN5ep9p8aIgqlK41tfLmgwLtwOxB/OPLf2xaLVS+5MpEKqds47d9xiqyO4cwsJ4sVkNoee/MzHKaU06aDWbRrOFTYbk1Nca4pYKdWymjpGkse7hGHnuYmNSIYeBHVQ2fG9UWW03VY5S2rZH+NYOeqz0HKyAnSTV2OsU0ZXPjJt8NuW9cL02z/jrarwYY5a9FjirdUEs+aodgEFYAozNtHGf6s1xFMmiFJNBFsmsLd53dqQwTwwTgil/p35+dgQ571hkZ3gcCy4QqWRgH8HDWC5CXh1CIARlXMj3Y5jBY+ykttnpl5DOL7DjAgJDIkf2ieNfzYHYKeMbVmQyKfugQibvu/PFX09GZspYA+GdCFFG6h4s0YeXkgT++PYoTElHvpa49GNgvIcLbYZ8g1XyIkZHeQhegWO9KfP+unWQyoCDhDt/J4AgZxVtI/qAm2SBdDM7QNpZi3AMvl/M00sWbBJUpG7v3yo6LDu8En4GGzM4YKBUdvHjbd3LAS47KHHVoCb4yY03hf2gI5IUTMxRn2oEU+aCmTTjAs/tErjiZg3Z4C6hyUjokWp+D2AIUIDIxHbwvCr/lAqEjTjuefj6ADdxAgVa1si8ZTR9AXgcz/iPTe+X/yTVYorlJ0HUGPzhVp7VW90bFpzt4BgxcyYFCeCW4g==,iv:OWiFQt9Kioyfjr/TpH46aDDsGUZc+2FdQmgMUBY5h7c=,tag:L2g6yTU2eZGD8C4G2fBI4g==,type:str]' - client-certificate-data: 'ENC[AES256_GCM,data:Q5HrI1svd2MnGA8FNqfy9KfT2ibuKFPpqspYu0dNKYk8Lik20BKDD56VAXw4tjJ5F/i/5GruRHWqZnj4FnbtgiQ1+ol1Gyw2qJY7RONKmv2rXsZwDUXCaktY8sFlTCp0/3HdXRxTUWWVzjKBjTJMmU0SmQgn/764SozfmTxUIXW62Tn73VYgG3KPoElS/BmZ/6IQ3OE14t1xax/pexr86v/ZARPaB8mnupw0JzAWtFTd2WzJubg9HVjFexDD8eyX4AF1vP/pjalPir2o3x4l8nadMVHwILD77ekyDyIQhmgJ7n+8jwnZpt9DNnnXGjlKu4CmFK1YNleVrScJcS3D5tOAZwOZ9ZlYapnOq5PEPIyOHbmJFK1wtYHRdVVpjwMc1GlnZhk0m9ctsx7cGW+AlZibiBDgtsngvfzDxm0and7ePUlOABipwvoJqBxzsP8JXLDrkJr4tnSADM0KAML/43hYhDOv+c9Ov2Yua7vm7C6IapdZnW1XerMFUnNvNLbYzfcfdZeY/Sb2zbUHAvmw76G5+B2mY1SCiWYpUjKCV/+wIhYd+vU3+uqgrHf+LhOQVpTWmYqa4aJtrZ0pMuAfaQ2x6hnW+yw4AVBGFxjaBWC1wnPvz+4oUxDU0M+MWi0dxv6WjHChpa0YAVcwcVTYBnvyH90kXd6W5t5e8hId/jgBtucFr89XMP4ljUEQ+1zrd0Z5ZLsnQo43SEnd77a27V4hQnhhdJDyWH80o6/jDXZzw0fg2FM1AFGNw5qhILRBIizl6dFKX6oQUhHdbiOdMVYNxLHzMXQzQ6QqORT4nD1tfHKhax14RCblKwuJbEO3uRuIZK7oAdzez05BPQaKrvnAK1hZtUA6IvQhSqnRxdIryfoiT+cQiYYKlAqAqQofF9B9L4u/fgVK7W3yQpACf/gJxaiPNSw1buvLREAN0jJDhlgW5s43UWin6gs3k2EEABRbIF341RU2ZtT7BbUNTI19ZyqKti91fbLyBYKX/nuenN7tK33Qz8r9WWseN5TkATgxJ4YId3xfymxzxs6iov1vEWBBE0zMqyfQxV/9r2xPjcCpPuimjdlHTJ4iIRq9vljaVC7OejzQCADB3JHegMvx9uGv+ck9jaZHvxKpJwMeDb26fXLodjGNoVDsomAZI+ilxXFeZZiqp8D0d4O5qXf3hnuXTVPjtPFOJP5NJePl4NIjdvnAKH33s4vC56SpS62T8DDizknSUgiU8OPvBNkydEzu7ZIr/rE90THnqGzI939yW8hDKHtD5Z+NBT3gQB6z3ZiB/9qbGOGGl88fAB8eAH/JgMxVR5l2StEwh7FWkhszHlan9OQXd294jfvzn/Y4Y994aPZ+AtQh4KAP6W6Q5gJvmRkkE1YOLhIa3kjxzJDj0nw5VgT2/5aWwg6/QdNwnhqoZXdOlyaSifiRs7gwFu6hs4G3sDSgoF7jlpdfmHAG87rs93QJInkwGqXNaqMgBeMrM0TbISxjTREH3c1JsWVfqx5c6TJlfiwlHXnJiYozbWT+7oRNhQS0YN9YDAhJE+qEua65b9CuMvJehRYLMKQBTpTDxAAR1DGA21pURlJHNuGIdvnaBMNR9l3eJYBaPBpLKuITKTvs1aW6QUaeV3s+UDnU6ssp3XtL+UEGoWE9qoVHHiTJvSgj2qnoasW44gO3KoPPm5uy1rq9JidHp/Z3yPGVB2dIYIzLZs2eWtqmMJYqPQ1gZZtcliE9sIBR3RPUGUuvtQdRQwLtwM7y4fY+2jyjpG7NowPRZrucyotBofpohez9tKAsKW4/E8C5O8gn84CzYZ38EioYefAC1famxpnj,iv:BR4fYsPNg3UZVL+B9z5uU/qQyGKto3QdYWYmkFcwuY4=,tag:h/t8UI9FK/xfBjg5uobADQ==,type:str]' - client-key-data: 'ENC[AES256_GCM,data:80qnYm6iTimQywN8VltEY2Gk82z0QSGWE4Muop9JD3Jqa0J/J+VJAUpaMXrtH4w8H5fji1LED+iL2p7LUoU4Z908YjmpcbJtaE4qNlmK1H7iox/ipqRrGDozjIXrjkdPhz11cA6gjdCgyuVhmfMUmcf0HWAms+jH+Urt7kzSulyAjm8CkJ3+qNpcxkOFd1R/mV2PWGg2gHY1Tej9NPmHxyjKc3jRTUqbo6VDU5oZ/8qU3Z9T3qBXviLu2xDt1RgalnlKZhiGHbVhMzORwJtupihnRz3JjkDEgfrNk6dDq5xVy42odr1FiLec6IlDe5bFjurtLG5zncnIomvV+5PedEtU4MhlBG7tRVbv7GarZan5KncDFl9Ps2hkXQJI+Tbkv3kWh8Kf2ObG7iYR/+4XoemC3Rsw0CYEIbWeJBMq7MzlX/hjcYzBthfGuVNgALmIKfi06hY8GVYNcTYqBk9kDPR74ISC7yN/i3YUFgSet3MIZbxHS4HkqiECYs4W58GfbbAYhRmwpo+y9O4tomPyw6DolCfIHaKoVNO3c9kwhZPMAlgkWU3Ne/YO1KWJjbtgLtukRjSk14a14wep2rbtcsQQaRv8OXx2Plf+Ogk8enmlaOShWNyw8mnhT93hN6Z8Q4NzHLEcinKcfYfyIrQvox58cznSkOUX2L+rr7S2S/9pTuTaDk8Lk7c/BeOAO5re/zkANmgrAVbI4DwwJmLBZoAmnrfCUby7DuLl7Rk/9/NUiwJwltgI4xk6+y5q91+BpCzECiH7GVZ92TTNQd/Gdj7Zhhwxscivo9gcDeCGEoSSv5BXle09boQRXpFuY+EwdgUeHBZ2Jkm86e/0l5hf6XPZOb+BjmoxXWbhd1We7VBosFxZmMvqNlgSaJrGrGhtMlNsOPUdXp08cCi2DE9u6WL27nQQ5MOKo+9VbHrnDzH2RVlDKEek+H1HDZ0ShChj+7/U3VX1UZU766mH4PnP32M/VqKqkQQtPuZ4pMVyMWNNW0woAoAD5nwGUM0w3A6SXCpcVNxjdfcoPWump0s/JluE4Ipe7+G5pkDU+15EEDfdzvZbPd8Dnm6aUVF3nMrX6D7I/02iE7cF1/61eE/yh2Tx7YKquNA/ECj0nBifGa9czBtYU0bQP9HnXHeJUkQrT43ReDITz3NaJDWXODbb4LghVnbqLif1m4Js7pfNazj81Ztqk2IlJ9bvpuiJS7KnLEQh7Fofpw1f/SxFiVQwggZIEwE9+QZxwm6xw4pi52Y8t6rBLQFZUNCHHMUo+1JJcGlPp9XUMtswTGIQFRWX9Zq6ED0kEULKqVh2eHMDmV/GWAIWtYZRFBduIN9VLNgMW7RI8kx0c7+kGwrFJKrSkc0flkLQvdeXgg2CPEjgJftuOIXNAG8VyczKKK78DA5ZcggQ6QUwkfhcTqINeb7O9nHFN+QbjTZNHiE1nwnd8uxxHNA0et3y1+am7r2RCRGMTYzIgnCTRP/xSUI91YbygmXdAqX92Sw+a6Wk7tOp00WwiZqhKGZvIEBixQqf9dwdGJf2xIaITs2BjRRXrGy++wnlwpnq80w3R7HAROoe3C0bnGFTaj5P0Bg1Ds4aoH2n+pkZUxfj9sC+AiwmHApWlLyTC2eDs/CHJv1aR3i4YhszxdGYzQbHODIjzHorO3kYDMjihTqvlFMqBlShaHJQCrNfWPzbzdPto4LXthmGWG+t+oFitxIEb1fjzGrvuHNcmXqEZNLdH91okWbAdMaE47qBQX2qnlrJdoEPcB9epHKRevr+/hPfjD6redtyTnPlylSNEcaumprlHPE0gHLjvkDxfY0j0B7jFZZYwMA/l73C/TNleWnM77Idp5b83aBmOIaYESka8LywyFvJlmykNBP1vKtQ2IRdG+GqDGajcyjo1ImO1M5CQoxLWPrytzHwaNDbQKXFkG1gPUe0nzFtx5T23F8Y/kr1LjSrLCpEj7UQniNW73NYt96vvD757j5VXXXGAn267k2a6EpthJL/wJxhN8bs8Yqxt82E0GMPBRqovHUiyDpC6A4MR2PJ6c4te5Og0QB9a8vpTzXnA6svKJLZcl5c5+RuFQp97xY+0Wp4QahrF3PxhRcDu8vx0o9QcPWWNCftTlv5VvP0/n4uoKZkQGzs0efjsi6FgnyBHgP2psOFPWko7NYlLYcVaCb3t8ju+aEOgFBV1V+kXMksZAxEcT8QSG09+ZxzO70EzWrRNMaQ+JPjMUmUreJ2IIQnDlNSo/CLZmga3ejufjZJ+8xki2OAXNYMBJW7KbC/zs9OoAIRCWauVH6hSP9Na97uiD/PmrE83gSZGi+UIDPa4S+/rJAKrJ8XzEQeuFWbUlMLBVfK/X3wpuErzKfCW+z0ZUwdWvxpOiiLUxSab+i6qEYR8W+5zqG4t6BHJpDxSLcgbjG6pQzQku9dW8ebwnUD2royhU4nKnTorycWMxVFXrHk+daQn5JTbhnSWvTjsngQ4B2nQxz+Fzso5NGs3mfpUE2nB4I1isKpQ8/5cSO45mHB1FlWtZQFanA0juSgxqhgHu6o8fh9b/dNZqvgj9bfoGA7d2bwfFPGdyPB4v1DsGarGPDulxLhfn0WkCXJ+jgvYogZ5hbirp1ZR9KJd8B61oaS+nQ+uDwD7uyhni3FB7JV8p1SE3mVi3C/U95+txmgwjR1qeKycjdtTnovBHdSsA82yAZ2FQPWur/Dp/zqgBfjYAI8MI5qTUW5RrTQaCgKfqYtJ0BxhhPs7CP2BQ8sFDW5Z0bm04tVrvX0912EqrfuivhoP017Gbw8uhXHj3YciH8I7jNi0nW5beedjiucCWPQoiXW3xZmJc6NLLa96bxaIMFiOBltW7c18WElm5FLRZC89a+Hakm3yEcqxrdYiExZZ7mvp6CcmGEEMahnlikVC94VEjPASZfRam57S7xyr8ke0wKIvH4XbyFUG3Bq4npb8PQP8036QRUDil5pawhVcVMPbqukIRggD6PBBkSLhyM0EWnVWgujxh5Dwu/l5/znrGDHtLL4LlN+Bk9SPidYNfuxUQRy,iv:XdF88adYU6pEbsO4Hvg52nqOhSZtA2fYb56TCUFfjuE=,tag:MxAzvXkNkgQHWJs9fz1bZA==,type:str]' + name: password-secret +passwordRandom1: 'ENC[AES256_GCM,data:o1xUrKiOPaucB+U2JSg=,iv:vJkmHG5B9/xiQA+qfRHyYwQFKIG1P0S0k8qwFCEyICk=,tag:MqLeMZ3BXhNKaUKvZoLStw==,type:str]' sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - lastmodified: '2021-01-23T07:22:50Z' - mac: 'ENC[AES256_GCM,data:a/ZiJCkyDVJftNWpBmvQvXCGIQk7prtjdtQODwes+i/puAQZcOM5wdeUIjiV7p/1KcdvBXblvCbf9g7ZXHF9gmin8Bfgf1MUw+WN99RP3O8Vg3aSGRi891L8qBCW2mTsKEpM1dkF/RydxGLb+hIL368fEhwGAupqHtaxljPPsP8=,iv:PerMCgTVV0gWv4O/bavBHmFkrCe5aIJG5gRLoaaGcIw=,tag:O6KQ9tGOaVtC2HK0tP0eXg==,type:str]' + lastmodified: '2021-01-14T11:23:10Z' + mac: 'ENC[AES256_GCM,data:7aMFeEfn5MXU9M7U+rQ7fIcWG6A6BZILsvgVyEl+esa8EhEsOL6dRfITq2x+1t6ft+H5nRqbO5GyXJ3mhu7n/x5FBVVqBcZrvydojrqBWizXA4HQAc3t8OS3D1I2WLLx+S7mI5AiKDERGZX4ImiahSebqL/bNfpYdDQP+gX8+vQ=,iv:zchumZaGhTpyEEsJMMlW/e1vieqjVKT32Kiv0LuLPlk=,tag:q0vWzGZ8D4HYHTvdRymG0g==,type:str]' pgp: - - created_at: '2021-01-23T07:22:50Z' + - created_at: '2021-01-14T11:23:10Z' enc: | -----BEGIN PGP MESSAGE----- - hQEMAyUpShfNkFB/AQf/TF8P0MFulYINP80R/XOnLvstkhLGX78d8W5/EpKFPoVu - KHxhCeahVgDZZQU2Nnf9iV7Bob1GszHeo7fOalHUDwY5g7DufUuX2LzKooohIZ7p - c2Sbcyk33PL5PSomb42IKrag/KbtM8Yp+3xQZXK8g5FH5MrUsqb4B0tAvXnni//E - WGgGlFsEyhNY5mTa19l8CIDIAk8tcD+v187AZ5AXrXsowr/Dj0mwZ6II5ZvN52xK - wnRx4/7ICQjkjBLUITZ2TUtpsZRChY4AdXEDpfLELoxQfMlRqEUK3cPXZFYNhlS6 - aN24VH6bHCq8yINKw7WcM8/dDz+7fdp1Q+EQjxaUn9JeASlKBcNzTmmBWXM0V1dj - SZ0Fj1yf+tGEfidqciTbMEpwnDBTsShARx4GElkpGfX4F3+gujLol2YqOjieYgoq - SKm92T1ofFd7y0G8oXC3/Tcj9KhAr0VX76zu0l4EJw== - =3apA + hQEMAyUpShfNkFB/AQf+IIXYumKkSmzMHCoJVXculVowkez4aUI/OpdNw2CPWNDd + 3Kzea6kTv64ef+kll9DhczP0gVlgUZ0p0MenBfmkI4qt3wr5fyRUVjUpfF/R8Gmc + 9GZf4myDD5T2wDJVCkNmO2wogbZ7IZaGdx0HV3DihvSGg0xcGBUaFp/zeR9vXTQs + a+CecTBm4+7uLnDvHf4Rathy3gnlLrLLdsJXRgEOJ2Fqp/JjoqFqsWOol9lFwALM + yRkxbWjeL7ePddXBZ8QmOB/AB0RKSRQ2Yd9RXpp1gSFKn5NOfWIZsaVgdds2zOw5 + R5syWHhfzVylAxNrKJYIgr9hLje48W/Y6GSezkGvG9JcAebQzVP53UtXkwJSIjda + 86WAFwpgpZ0sEG7zpSpxS8p4g3XsXjOdD2b0y/dwXGYK5oeOjb/wGYFf1EX0p0xk + BqGQ8JHxikqW8oEuyEgeg96uEMZb1Vy7u657zPw= + =VfIN -----END PGP MESSAGE----- fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 unencrypted_regex: ^(kind|apiVersion|group|metadata)$ diff --git a/manifests/site/test-site/target/generator/secret-template.yaml b/manifests/site/test-site/target/generator/secret-template.yaml new file mode 100644 index 000000000..53f0f2832 --- /dev/null +++ b/manifests/site/test-site/target/generator/secret-template.yaml @@ -0,0 +1,19 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Templater +metadata: + name: secret-template + annotations: + config.kubernetes.io/function: | + container: + image: quay.io/airshipit/templater:latest +values: +template: | + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + labels: + airshipit.org/deploy-k8s: "false" + name: password-secret + annotations: + config.kubernetes.io/path: secrets.yaml + passwordRandom1: {{ derivePassword 1 "long" (randAscii 10) "user" "example.com" }} diff --git a/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml index 78e7c70cd..6c6b85275 100644 --- a/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml +++ b/manifests/site/test-site/target/workers/hostgenerator/patchesstrategicmerge.yaml @@ -37,5 +37,5 @@ patches: |- apiVersion: airshipit.org/v1alpha1 kind: VariableCatalogue metadata: - name: generated-secrets + name: password-secret $patch: delete diff --git a/manifests/type/gating/target/generator/kustomization.yaml b/manifests/type/gating/target/generator/kustomization.yaml deleted file mode 100644 index 3ffd12cf5..000000000 --- a/manifests/type/gating/target/generator/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- secret-template.yaml diff --git a/manifests/type/gating/target/generator/secret-template.yaml b/manifests/type/gating/target/generator/secret-template.yaml deleted file mode 100644 index e1899b04d..000000000 --- a/manifests/type/gating/target/generator/secret-template.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: airshipit.org/v1alpha1 -kind: Templater -metadata: - name: secret-template - annotations: - config.kubernetes.io/function: | - container: - image: quay.io/airshipit/templater:latest -values: - targetClusterCa: - cn: "Kubernetes API" - validity: 3650 -template: | - apiVersion: airshipit.org/v1alpha1 - kind: VariableCatalogue - metadata: - labels: - airshipit.org/deploy-k8s: "false" - name: generated-secrets - annotations: - config.kubernetes.io/path: secrets.yaml - {{- $targetClusterCa:=genCA .targetClusterCa.cn .targetClusterCa.validity }} - {{- $targetKubeconfigCert:= genSignedCert "Kubernetes API" nil nil 365 $targetClusterCa }} - targetClusterCa: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lVTi96S0R5dXBjV2I1U1hzNFpJRkRxNkptZlpZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakV3TVRJek1EUXdNelUwV2hjTgpNekV3TVRJeE1EUXdNelUwV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5rZHNFS29YNXVCNm5XZmZQUjlXY0U4NWxHRTUxM1AKeWJQU1VlWVVsWGMwSzBsNlNtSGNqWUdnTjZNMG8zTnIwSVdGZWFBZkpLN29wa3BkMUQ2clVzN3JFNDJyR0h0ZApLYUVKRXNRK0pHVEtaZmpTMktVdDc1a0RCaTRnNHBQSXFzSFlHMnIrQVZncUx2TGQvMUJ5NU90Nm1jV2FqTXJNCjdDckhiTzl1cVFmd21kMCtUdy9FY2JRTStLNU9WdmlvZDdnbWZZNWZJYXNka1BGdEJoeHY4QTl2SUpVQm00bUMKV3FmZ2FaQWNpQlpLejBNdld2Wno2SmFobkl5Y0hQeDdXLzA2QU11cG9SSUg4bWw3cWhGaGxEUHlscGF4bXhOWApnSCtHZ3hlVGdPb1BYUVlkK0szcnlRd01DMGQzSDdqY3VjRjdpOXp1MmJyVW5zaHVRNWlaSHdrQ0F3RUFBYU5UCk1GRXdIUVlEVlIwT0JCWUVGQytUbXppb0hLd2MxY3BLT1NERzQzYUNDdnJmTUI4R0ExVWRJd1FZTUJhQUZDK1QKbXppb0hLd2MxY3BLT1NERzQzYUNDdnJmTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJbER5eEhxa241Mjl0NHJ0VkQ1YTVnVThjakZTQ3NVb3QvODcrQXhWNTIxTHZ4TVFzV0JtSUhlClkvSldXNllIK2xWVzVhSERlZDBaTk51Rk1zTG11MzF4eHQ5bUlua05QSUVUcTVRTVZyNXBFazB5QmlOeWw1dlcKKzU0ZjcwaGNMSGdCSXhTQSs1OVlFQnM2YTQvM2Uzb0IxbXpBOEZNampUNDlwVXpoTTlpRkdOY3BLYlJxT2ZQagpFeHVnSXd2R0kvV0xtYllqR3dLR1dra1hYOW12MndrSjFvNjRJWmJ2N0pKYkhiUlpTTzRPZVFGVS9yanNIUjNjCmU1WVRWRzNTNlkwQVNZZjFvL3EvT29BUmNDSENrU0RvcEk5UlMyVVBnMjh0dmFLam5rT09sVFhndlNxK1hlQ1oKOC9zU1NoWW42b3RndFQrMjhaMGR3OVFOdXVxbDVhYz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - #{{ $targetClusterCa.Cert|b64enc|quote }} - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFpIYkJDcUYrYmdlcDEKbjN6MGZWbkJQT1pSaE9kZHo4bXowbEhtRkpWM05DdEpla3BoM0kyQm9EZWpOS056YTlDRmhYbWdIeVN1NktaSwpYZFErcTFMTzZ4T05xeGg3WFNtaENSTEVQaVJreW1YNDB0aWxMZStaQXdZdUlPS1R5S3JCMkJ0cS9nRllLaTd5CjNmOVFjdVRyZXBuRm1vekt6T3dxeDJ6dmJxa0g4Sm5kUGs4UHhIRzBEUGl1VGxiNHFIZTRKbjJPWHlHckhaRHgKYlFZY2IvQVBieUNWQVp1SmdscW40R21RSElnV1NzOURMMXIyYytpV29aeU1uQno4ZTF2OU9nRExxYUVTQi9KcAplNm9SWVpRejhwYVdzWnNUVjRCL2hvTVhrNERxRDEwR0hmaXQ2OGtNREF0SGR4KzQzTG5CZTR2Yzd0bTYxSjdJCmJrT1ltUjhKQWdNQkFBRUNnZ0VBUmFjNW9kamtlejR0bXJpazNNYk9JYWxJOW9RZHVjSHNvcXpwcTFlVkw5M2oKdVRuclhRUGx2ZDFKbkNsSitzQnU4RGNHOHZDcTB4WStLd041RVBYanBoQlNnSk9RVWh0c1BJWnRwOW1MMFc0QgpVdGRKdTR4R0hwK1N2dis3ME0rQ3dKZDFERmthMDA4Tktzcy9tbTZSdEYzcnNUSkkwdEwxUFRBbmFaVGwwMjZzCkhjRVpxbkRBRVlFT0t3eGN1TzYwK1JaQkxicTQ2Wm5TaUdDNVJHbERLQmlMOU1mQ0NsRVdEMi9lMUt4S0JTUjcKbXVWcXdpQ1AyUU9ZZHlDZ1Y5Y2JmOXJ5aVI3aUtQL3UrbEJpcVlrbDNlUXVEMEFjMjZoWUxpTVh3TGVBdVVZMwplb2VSVFpTWS8vM3lHblpkOGVuOXBVUlNtUzMvNGxTSURzelVVdEtXMFFLQmdRRC9WTUFUdlN2d2htNGFUR2p0CkdNNTkyZXFZTXJvNmluUVRXSjkzek1tdzB4Mm83V0QzMXc0L3BUdng2RzlCSFZQNUl5RXZoWmtHQ3RHdE42ZmQKemsvbG13U1l5VDNNTmlEMUx1UDNSWkRBUG9uckJmdURETFpwaHJFeDZLbExITndtclpVckFSRWFuTXBrdlpNaApQK2V5ZmhXUnFYOVROSWIzZXBUV2RTakZkUUtCZ1FEWnIwNjNSNXVncktPUGQvYjVZSDltYTJNcEJTV3VMVFRoCkxvcEFXOTRkblFZRElHM0xjMlNBNUg3ZFhkUDlDT0pmSmlyY1NsT0plK2V2TkU4bG5nWm9JMkFIbGtmK2dKVFEKVWlMeGQ0WVRJSXc4bityQTd4UVU2SXo0QWpuVjhWbnNPTGZPQTZ1UXdTbzVDUHBPd2VxWlVyMlBrZHBrcnYyTApBK2Z0S1RMOHhRS0JnQnozZFc4SDJCTktmUFU0MC9LS0RPc1VMTndsYlNFMUVlUWIrc054bFRRZFQxRVoxUlZvCjdYSGxBZjc0dXA1dGdGaFVWdkI0UEpzRjRUSEFqYWZKUHlFeVMvdzFZSEJwZDZXNU14MmJZOGVia0xQOEVzT1UKVHFGOEtXQWJJQkdvYllWcHpmRjZCb0c1WmZDMTNSbzVrTVNjTDBBK05YYXdEOXZGcVZzSElaLzlBb0dBR1p2MApLTCsxNFZzdUNzelVNMVpVNXBtdm1yM09Sd1Z1ZVNkZWdGL09hN0Z6YVo3QkMvUlJXSkNKRkVYYmtLTWc3b3l3CjhpV1VXbEpIV1dkUUFGN3M1Z2R6WHJFaFd5R0pZRkNwWjdybC9RNFJNWGlteDNmWTV2VE0wTWlDUVZjWmV4N1oKRU5XQnM0L21CYnUycHRsTlhpaEx3TDRwOFRwYy9hUEIvemFmbHZrQ2dZRUFpUUlLTTlUK1dpM2F0a2RqYWhrdQp6V3JuSGswQWNVazBTZWlHNHV4OENKeG8vZnVvSmtIUmxMaUNzSU1TWC91K1hYeWxEaVZwK29YR0x0bHgxYktjCnJNN2hOYlBJdGJaTkhueWdDNlAzY0h1MDJpaU1KZkZ3RkNzV2dzd0lPYlJrTkgxZ0JWZUE5bjV4MFlQSWhmbkkKQVV4d0RpZGwzdytuNlB0VDM2Q2R4MFE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - #{{ $targetClusterCa.Key|b64enc|quote }} - targetKubeconfig: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lVTi96S0R5dXBjV2I1U1hzNFpJRkRxNkptZlpZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakV3TVRJek1EUXdNelUwV2hjTgpNekV3TVRJeE1EUXdNelUwV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5rZHNFS29YNXVCNm5XZmZQUjlXY0U4NWxHRTUxM1AKeWJQU1VlWVVsWGMwSzBsNlNtSGNqWUdnTjZNMG8zTnIwSVdGZWFBZkpLN29wa3BkMUQ2clVzN3JFNDJyR0h0ZApLYUVKRXNRK0pHVEtaZmpTMktVdDc1a0RCaTRnNHBQSXFzSFlHMnIrQVZncUx2TGQvMUJ5NU90Nm1jV2FqTXJNCjdDckhiTzl1cVFmd21kMCtUdy9FY2JRTStLNU9WdmlvZDdnbWZZNWZJYXNka1BGdEJoeHY4QTl2SUpVQm00bUMKV3FmZ2FaQWNpQlpLejBNdld2Wno2SmFobkl5Y0hQeDdXLzA2QU11cG9SSUg4bWw3cWhGaGxEUHlscGF4bXhOWApnSCtHZ3hlVGdPb1BYUVlkK0szcnlRd01DMGQzSDdqY3VjRjdpOXp1MmJyVW5zaHVRNWlaSHdrQ0F3RUFBYU5UCk1GRXdIUVlEVlIwT0JCWUVGQytUbXppb0hLd2MxY3BLT1NERzQzYUNDdnJmTUI4R0ExVWRJd1FZTUJhQUZDK1QKbXppb0hLd2MxY3BLT1NERzQzYUNDdnJmTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJbER5eEhxa241Mjl0NHJ0VkQ1YTVnVThjakZTQ3NVb3QvODcrQXhWNTIxTHZ4TVFzV0JtSUhlClkvSldXNllIK2xWVzVhSERlZDBaTk51Rk1zTG11MzF4eHQ5bUlua05QSUVUcTVRTVZyNXBFazB5QmlOeWw1dlcKKzU0ZjcwaGNMSGdCSXhTQSs1OVlFQnM2YTQvM2Uzb0IxbXpBOEZNampUNDlwVXpoTTlpRkdOY3BLYlJxT2ZQagpFeHVnSXd2R0kvV0xtYllqR3dLR1dra1hYOW12MndrSjFvNjRJWmJ2N0pKYkhiUlpTTzRPZVFGVS9yanNIUjNjCmU1WVRWRzNTNlkwQVNZZjFvL3EvT29BUmNDSENrU0RvcEk5UlMyVVBnMjh0dmFLam5rT09sVFhndlNxK1hlQ1oKOC9zU1NoWW42b3RndFQrMjhaMGR3OVFOdXVxbDVhYz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - #{{ $targetClusterCa.Cert|b64enc|quote }} - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5VENDQWJFQ0ZIdWVIQndXSmtraXpIamJ6WEQ1ajZzaXdiRGlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Ca3gKRnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZ1FWQkpNQjRYRFRJeE1ERXlNekEzTVRjME1sb1hEVEl4TURFeQpPREEzTVRjME1sb3dLVEVPTUF3R0ExVUVBd3dGWVdSdGFXNHhGekFWQmdOVkJBb01Ebk41YzNSbGJUcHRZWE4wClpYSnpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTIxMVkzTHZMUzZLSE5lQWcKM3l1cFlYNWJRQjlDZlFvWU1tSENPUGppSTRwUVBmb3libks0WmFuenBvZFA2STJ2TFg0ODF1Mi9WcXRFQVVVVAp3a2ZSNkcxTmtjOVoycTlkUWZWNnM5dGNLcjd6d1lrc3hyWkQ0Tm52K2lNK2I4US9qeDNGb0hZSGFhWWNDd0VSCjBadlZoaFIwTldFMEpRYnVEYTFZZzFEUFRlZ2tML1BXOVFhRkY5elZIUDZLcFhlTFNTYUZid3U1cTQvOStlVWEKNmNyVDJQbksyWUdIZFpxeEU5cXhuMFpoOEM2dXBtbGtWR3BkTjI3TzZqSm1VSjBSYUUreklCSGdOMjhiWW53RApMVzZkck5iMUJGLzViMk1jRDFlRmwxMk5XcHF1bklHLzREbUo5dUpuQksvODRqdGpkQ2JlWjh6UnNOQXpDdnlICkRFT1JDUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3o1MFpsZTN4UjJ2QjVPSkk2eFc3WjQzQzIKUHVKNjViL2FOQjhGSVFBRnlCNkllTHMzcUxEdjBOV3YwQ0puMlNSZ2x2WXFtOFdMZUVwenR6YStGVUFvYzRMdgpKUGpZOVVpR0FaU1ArSThhM3Q4amR3T0dMNG1uSEN2dk9IREMxMzlpeTA3ZHkrQllnZEZiZkRReFJHdnZ6MnZlCnRJMjBHaHRQdzJmOHFBME9abXk1c1J2KzZwbHUyK2RyYlJLekVEZFFjVVFia2xRTEJWN2wybitzeXFaUjdZdzkKeFowQ01QT05TU05Jc0Y3Q0ZoSDdKZWtuTE4ySUxKQzNOZURBZEhXYmdRc01oK3NtTTNyY2d2RC9GSi9QenpLcApQL2d0eEtQRzhOVEJFaUVETElBdjZ6dVlJSXk1TTArbC9PRktxZlluY09MRFhBR0d4aUJaOHRmV3hMT2gKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - #{{ $targetKubeconfigCert.Cert|b64enc|quote }} - client-key-data: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGJYVmpjdTh0TG9vYzEKNENEZks2bGhmbHRBSDBKOUNoZ3lZY0k0K09JamlsQTkrakp1Y3JobHFmT21oMC9vamE4dGZqelc3YjlXcTBRQgpSUlBDUjlIb2JVMlJ6MW5hcjExQjlYcXoyMXdxdnZQQmlTekd0a1BnMmUvNkl6NXZ4RCtQSGNXZ2RnZHBwaHdMCkFSSFJtOVdHRkhRMVlUUWxCdTROclZpRFVNOU42Q1F2ODliMUJvVVgzTlVjL29xbGQ0dEpKb1Z2QzdtcmovMzUKNVJycHl0UFkrY3JaZ1lkMW1yRVQyckdmUm1Id0xxNm1hV1JVYWwwM2JzN3FNbVpRblJGb1Q3TWdFZUEzYnh0aQpmQU10YnAyczF2VUVYL2x2WXh3UFY0V1hYWTFhbXE2Y2diL2dPWW4yNG1jRXIvemlPMk4wSnQ1bnpOR3cwRE1LCi9JY01RNUVKQWdNQkFBRUNnZ0VCQU1HTjhmU0I5dlQ3cVZZT05yTHpzWGFHcVRsQTI4ZThlbkVwOU5lVU11U3QKQy9SRHFPL3ZaV2krdG0rL2dQQnU0NXkrZ0N3Y2h2R1FHR2NPYmtyRVdDQS9JV3lBaW9YOHFjcWpNT3MxcUhOSApIWWtzNGtkTFYwVTB4eHZzc1JDcEZuUFBEeXR3T1VZcy9SMXdpaXBxMTlLQWhiRDczYWkySHFJT3k4VENMc2hMClkycVdPSlE5TGtpb3E3a1ZKdWJreE01RHY5akxpYVhkM01UMll1VGp6eWJENVlOSDVTNTEycGpTWjR1OUZOUWoKRjNEYmxCNHV4a3JsYndFOXNoakZNd25mUVc3MlNUWi94KzlIazJwQ0VSbUQxOGtPTTRFWGtRN0J2M012L3Fkdwp6QkFQaUVlaFduNHNwc3dxZVVqZCtWWWt6dGFQejN4Wm5ybzJFdUY1YzZrQ2dZRUEvSGdNTWZEaVZ1U3pUb2RwCkJJeGdoaWQvV25mSFNlWWI4NWs3RExmSDNSc1p6KzhucmJ6M2Zodmw5bUh2alU2UzNvbTkrQWl2ODUzVkZkRnkKRHVYUG9oaHYyM205a0VtRDhVNU50eHI0dGowNXF6am1iOERRNWNiTVBDbWxGcW5qdkwvbWpnZXp2WjJLL00zZQpMMGE5eFQxa3hxZi8yZWtxOUV0ZVNWeDliaDhDZ1lFQTNtN0ZiVkFNaStMbEp2eTJuS0d4ZEpkOWkwTGQ1UTVWCmZhd3o2QVQ4TUxMTE1yNldhU3B0S3BreHgzVXJzTStVYWFrdU1jbmxWZGJJcXcwUGpibjZ1WUZKdi90TGhPK0kKMWs0VzBsMGN1Qk8yaU5kYmFkejlHNFpUSkVwSHBRL2RIZ0UyQ05pUFI4M3lEcUhPdE9YNzR0bkoranQyczZNNwplai9IUkNrM1M5Y0NnWUVBNSsyc1hsQ0l6UVJweURGVEEwK2wrSGZlWVpCNWJtVEt0cnpFWjBtSmZKQkI1U2d4ClRrU3pJNUdqYnZUSEtRdk9sa3I1VGh0RThFckZEcmNLemE3R1VJV2NkSVhnNCtUMUpiOG1XNWlXZEd2SVI0Z04KQVFxam5RSkVhdHhqQVcvdWUxM2JBZzBIVEtDbXB0akVUSy95ODNnVDFQOU9aYlB5dHR0cDhZRGE1VWNDZ1lBSgp6R2xvQ2xtekk5aWlZZ21OVnRZaFk3Y0ZGbm45NkNhOTlZTUgyb2hkZ05MUXRuS2J5V0dydWJubXBuTzVRenV2CmQrTndFQXZKUHoveHdRNkpXTU1CdnY5SHRNTTc1TzFyTzE5bi92QVA3OVpmcXRUOUVkNFlnMDlRVHZGZkJSYmgKaG40aDM2QllNbXRTVjdCcWFhTXgrQlFjc05mbXkrOEgwSjF2bEQwNld3S0JnUUR3MDZtZjBPbjBBZkIwTGlOSwpmVmxSQkhldy9FdlJNdmxpSDlDcmErNDRZbHZ4akQ5YlRxdzBvUWVqaTU1MzlkK1FSdERTSkxaNG8xQkx3M0JrCml5TzRvMDgxYm1mc1lIUjJvekhucncvZUJKZU90a1g5cmxla2dQNXJyaGN4THY4V0pucmgxQmJyQ1JHSEtUMjAKMnhTdmNLaCs2TnNxMjFCVy9qZmlTNUlCNVE9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== - #{{ $targetKubeconfigCert.Key|b64enc|quote }} - isoImage: - passwords: - root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org" }} - deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org" }} diff --git a/playbooks/airshipctl-gate-runner.yaml b/playbooks/airshipctl-gate-runner.yaml index ec6574bb0..552d67639 100644 --- a/playbooks/airshipctl-gate-runner.yaml +++ b/playbooks/airshipctl-gate-runner.yaml @@ -15,7 +15,6 @@ - vars/test-config.yaml environment: SOPS_IMPORT_PGP: "{{ airship_config_pgp }}" - SOPS_PGP_FP: "{{ airship_config_pgp_fp }}" tasks: - name: "set default gate scripts" set_fact: @@ -24,7 +23,6 @@ - ./tools/deployment/21_systemwide_executable.sh - ./tools/deployment/22_test_configs.sh - ./tools/deployment/23_pull_documents.sh - - ./tools/deployment/23_generate_secrets.sh - ./tools/deployment/24_build_images.sh - ./tools/deployment/25_deploy_ephemeral_node.sh - ./tools/deployment/26_deploy_metal3_capi_ephemeral_node.sh diff --git a/playbooks/vars/test-config.yaml b/playbooks/vars/test-config.yaml index 7496ba98b..6485f25e3 100644 --- a/playbooks/vars/test-config.yaml +++ b/playbooks/vars/test-config.yaml @@ -20,7 +20,6 @@ airship_config_site_path: manifests/site/test-site airship_config_ca_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= airship_config_client_cert_data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K airship_config_client_key_data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K -airship_config_pgp_fp: "FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4" airship_config_pgp: |- -----BEGIN PGP PRIVATE KEY BLOCK----- diff --git a/tools/deployment/22_test_configs.sh b/tools/deployment/22_test_configs.sh index 5f432275d..30d2fdf8c 100755 --- a/tools/deployment/22_test_configs.sh +++ b/tools/deployment/22_test_configs.sh @@ -38,11 +38,24 @@ export AIRSHIP_CONFIG_PHASE_REPO_BRANCH=${BRANCH:-"master"} export AIRSHIP_CONFIG_PHASE_REPO_URL=${AIRSHIP_CONFIG_PHASE_REPO_URL:-"https://review.opendev.org/airship/airshipctl"} export AIRSHIP_CONFIG_PHASE_REPO_NAME=${AIRSHIP_CONFIG_PHASE_REPO_NAME:-"airshipctl"} export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/airship"} +export EPHEMERAL_CONFIG_CA_DATA=$(cat tools/deployment/certificates/ephemeral_config_ca_data| base64 -w0) +export EPHEMERAL_IP=${EPHEMERAL_IP:-"10.23.25.101"} +export EPHEMERAL_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/ephemeral_config_client_cert_data| base64 -w0) +export EPHEMERAL_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/ephemeral_config_client_key_data| base64 -w0) +export TARGET_IP=${TARGET_IP:-"10.23.25.102"} +export TARGET_CONFIG_CA_DATA=$(cat tools/deployment/certificates/target_config_ca_data| base64 -w0) +export TARGET_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/target_config_client_cert_data| base64 -w0) +export TARGET_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/target_config_client_key_data| base64 -w0) export SITE=${SITE:-"test-site"} +export EXTERNAL_KUBECONFIG=${EXTERNAL_KUBECONFIG:-""} # Remove the contents of the .airship folder, preserving the kustomize plugin directory rm -rf $HOME/.airship/config mkdir -p $HOME/.airship -echo "Generate ~/.airship/config" +echo "Generate ~/.airship/config and ~/.airship/kubeconfig" envsubst <"${AIRSHIPCTL_WS}/tools/deployment/templates/airshipconfig_template" > ~/.airship/config + +if [[ -z "$EXTERNAL_KUBECONFIG" ]]; then + envsubst <"${AIRSHIPCTL_WS}/tools/deployment/templates/kubeconfig_template" > ~/.airship/kubeconfig +fi diff --git a/tools/deployment/23_generate_secrets.sh b/tools/deployment/23_generate_secrets.sh deleted file mode 100755 index 6b0cb34ac..000000000 --- a/tools/deployment/23_generate_secrets.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -xe - -echo "Generating secrets using airshipctl" -airshipctl phase run secret-generate - -export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/airship"} -export AIRSHIP_CONFIG_PHASE_REPO_URL=${AIRSHIP_CONFIG_PHASE_REPO_URL:-"https://review.opendev.org/airship/airshipctl"} -export EXTERNAL_KUBECONFIG=${EXTERNAL_KUBECONFIG:-""} - -echo "Generating ~/.airship/kubeconfig" -if [[ -z "$EXTERNAL_KUBECONFIG" ]]; then - # TODO: use airshipctl cluster get-kubeconfig command when it's implemented - KUSTOMIZE_PLUGIN_HOME=./ kustomize build --enable_alpha_plugins "${AIRSHIP_CONFIG_MANIFEST_DIRECTORY}/$(basename ${AIRSHIP_CONFIG_PHASE_REPO_URL})/manifests/site/test-site/kubeconfig/" | yq '.config' --yaml-output > ~/.airship/kubeconfig -fi diff --git a/tools/deployment/certificates/ephemeral_config_ca_data b/tools/deployment/certificates/ephemeral_config_ca_data new file mode 100644 index 000000000..154d71f88 --- /dev/null +++ b/tools/deployment/certificates/ephemeral_config_ca_data @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl +cm5ldGVzMB4XDTE5MTIyNjA4MjgyNFoXDTI5MTIyMzA4MjgyNFowFTETMBEGA1UE +AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1R +S4wygj3iSBAf9BGBTKZyU1pbgChd6Y7IzKZedhjC6+y5dBiZo5eLzgkDsh38/XCS +zqOKeypNQp3yAYKvbJHx786qHVY685d5XT3Z8srUTsT4yZcsdp3WyGt34yv36/AI +1+SePQ+uNIzczo3DuhWGFhB97V6pF+EQ0eUcynM9shd/p0YQsX4ufXqhCD5ZsfvT +pdku/Mi2ZuFRWTQKMxjjs5wgdAZpl6st/fdnfpwT9p/VN4nirg0K19DSHQILukSc +oMwmsAx2kflHMhOk89Kqi0Ih/g2s4Ea4oYDYzktcbQgn0wIjggfvus3zQlG37ipa +8qTsKefTgdR8gfBC5FMCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIzOA/M1ZdFPIswehZ1nzbtTSTDn +Ds2VxRWEgrQEc3RbewkSdm9AKs0TdtdwDnpD/kQbCrKlDxQwEh74VMHVXbAZt7lW +BJotOmqux1a8JbICE9cGAGG1oKH9GocXDYcBs907rLHu+iW1g/LUtna7WRjjjfpK +qFzQf8gIPvH3OAgpuEUgqLyAO2kEgzVpN6pARqJvUFK6MD4c1f2yqXlp5xk7gEJr +S48ZazwDfYEfWrkvWuagogS6JKon5DgFudxH5s6JyzGyOVvtxmScao8sqh+7Qy2n +2/1UqNY+He7LxwN+bHpbB15KH159dsnKpQn4NDmcI6kVrw05I1H9ddAlato= +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/ephemeral_config_client_cert_data b/tools/deployment/certificates/ephemeral_config_client_cert_data new file mode 100644 index 000000000..b428286c2 --- /dev/null +++ b/tools/deployment/certificates/ephemeral_config_client_cert_data @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0DCCArgCFEtPoxFXJ5kTSVMt49YjppP/xBbyMA0GCSqGSIb3DQEBCwUAMBUx +EzARBgNVBAMTCmt1YmVybmV0ZXMwHhcNMjAwMTI0MTkxNTEwWhcNMjkxMjAyMTkx +NTEwWjA0MRkwFwYDVQQDDBBrdWJlcm5ldGVzLWFkbWluMRcwFQYDVQQKDA5zeXN0 +ZW06bWFzdGVyczCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMbhXTRk +V6bewlR0afZAu0Fael9tmE8ZHQ/hkZHxnN76l6TPYmpboh4oF3F0Qjo4NKZ95TnZ +49chWn4xRbeYOSnDp0iWD3wJWRVyiQoUAra9MpuO6EESQilUF5sqsEWQWU20DM+A +Gq+Y4gg7x2uCHSvMFRi+4L9EiWGlgD2/oXWRnMXK04LPj6OoudofbwdfOrzu0OVE +S4txknKPBcPTSv11eZYXckBDV3OlLD4Fwu0w570rw370+hJXvVqwvcodcf6D/PWY +0jigwjiyBnggWam8QQcwSnwz4wNlWxJ9S2YBEoZmulURQZYY9etApJAtS3N9T6T6 +Z/JRQtGad2fNWSbLDrNjuMNLhAadLBxIPzA5vVZNZjRdtC0Sni2QT15iHZxwTqr4 +jDPCJXEu7++qqjPVWTiFK+rjqSaKZjUfUiJGBBVrnQfBD4smFsdN0yroma6Nc4L5 +JKmQWSGvguhm3mnlb1QiTYjurdRPDSfvl+CCGnp5BI/gZp2AuHs/5JJU2esVo/Ll +EOtwR9wWwwWq0/f8WKtxmTk1529JvtPFAt0ymBV8Plvebupbbjyni/lVm2Nbezue +x+e0JMlkVZqfbDRKn7J6YJrGYmBPUtBWhIY3oZIU1DQr8IIHnGfbVhZTy0MH2ABA +uvUPqKRVO4Pi1E1x8A6yeOyTCrpx/JAk5rGdAgMBAAEwDQYJKoZIhvcNAQELBQAD +ggEBAIcE3PqdvCMPH2rs1rDJODHv7Ai8KMOUvOF/tF9jGa/HPInHwFUE4ImnWPx6 +UGA2Q5n1lD1FBU4OC8xIYsuoKUPTy5OKzISL4Fg/IDpnxI9kMyf5+LGN7ho+nRfk +BfJInUXoKDEmgxvsIaFwXzlkRL2s/YJaFQG15R+5c1rrBfwgI8P9NGzhC5qxgJj/ +m8+xO0hWRbHbIkCmMzDbojBIhZ/M+ouXGWhz/SjJhuxYMPgzNLfAFs/O15ZJ7waw +gvhHg7/a9S4oP+Dc+Okuk2Eu1Fc/A9XzV379ihMYnnotP2WVxVwoFYAH45GPp6lP +BBl26y1sbLn9zhfXQBH1ZE7A0eQ= +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/ephemeral_config_client_key_data b/tools/deployment/certificates/ephemeral_config_client_key_data new file mode 100644 index 000000000..2940608b1 --- /dev/null +++ b/tools/deployment/certificates/ephemeral_config_client_key_data @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAxuFdNGRXpt7CVHRp9kC7QVp6X22YTxkdD+GRkfGc3vqXpM9i +aluiHigXcXRCOjg0pn3lOdnj1yFafjFFt5g5KcOnSJYPfAlZFXKJChQCtr0ym47o +QRJCKVQXmyqwRZBZTbQMz4Aar5jiCDvHa4IdK8wVGL7gv0SJYaWAPb+hdZGcxcrT +gs+Po6i52h9vB186vO7Q5URLi3GSco8Fw9NK/XV5lhdyQENXc6UsPgXC7TDnvSvD +fvT6Ele9WrC9yh1x/oP89ZjSOKDCOLIGeCBZqbxBBzBKfDPjA2VbEn1LZgEShma6 +VRFBlhj160CkkC1Lc31PpPpn8lFC0Zp3Z81ZJssOs2O4w0uEBp0sHEg/MDm9Vk1m +NF20LRKeLZBPXmIdnHBOqviMM8IlcS7v76qqM9VZOIUr6uOpJopmNR9SIkYEFWud +B8EPiyYWx03TKuiZro1zgvkkqZBZIa+C6GbeaeVvVCJNiO6t1E8NJ++X4IIaenkE +j+BmnYC4ez/kklTZ6xWj8uUQ63BH3BbDBarT9/xYq3GZOTXnb0m+08UC3TKYFXw+ +W95u6ltuPKeL+VWbY1t7O57H57QkyWRVmp9sNEqfsnpgmsZiYE9S0FaEhjehkhTU +NCvwggecZ9tWFlPLQwfYAEC69Q+opFU7g+LUTXHwDrJ47JMKunH8kCTmsZ0CAwEA +AQKCAgABvSSweZQenGH8lQv8IDLC7oSVYwLq5iBP7Dv2l7M0a+J5iWql3Wk8dENI +NakCk006i20+pT4NunftFIc0hLszN0e2JcG65uYFfvvdv7EKYfsYSxaSwxMbA2Y1 +cBkccpelS0a1ZbxV/rMzOTqUIQ4aPO2OStTyNyowVV8aqxtBSOWjARP6V9A8sRP2 +6UFyQg3kav4ekwtKC9Mo90EopidIsgc/HbNdBnm0RCRv4mMC6eOMzt4ltQSetm+s +ZFE0fC9r90F18EEeR6GLF1thH39JMaEr6+sqzNVWSUOTlM7c9HNyA2HrrnvxUQSN +awJFVHANcXIJ0jqobrdz17LlkHEQFs3Kv4ep4wDBJ2Qtz+1uAocRhWvRibqXD7Lx +VjOtdrOXwdT1cfk+6QsTLYAJGzmt7lcS6B3gc2GZcIXl25YjMD5eXikWDsxXZkuP ++os3ThqxfHKnHNlmbORIZC1ovCSdI4VeZsjY41K9+GMiwWJMdzKiFJw6TvnTRRWS +Lhwa3Q9AVc/LH4H/OmOjX74A3YIl+D1UPwwW0/2l8KpM3EVgmWjRLWVHFpMLbMJW +eVJwwJRawmfKtvzmOJDyaMrInXjL3/HMDikpSraG1rNw5IJ39rYtAHQD5/UnfTdH +K5ucjEnq7Ot32GZ3proE55daAcHPnKn8jXgVJMD29hypFo/fQQKCAQEA+An4hH1E +oF+qeqioatw7g0iWPP3BzIq8FVmklFVAaQySo0Sd1XPrna+GDEAWtpylV1yfFdGj +Hw8au96zTftn5fBFD1XmMNCYy7+3owWp++SpaC/1637WooyKF0cTSoqa3dEnEKRK +xLavkIEQ279tA4UT+GU+zSoCOPPM4MIKzhGACs6ujtrK1Mqzp+BabWsFPn7bum+U +DGHR+4+ZokA/T67inbTqeL0W2B64LrATDzY/v86TFmmZjYDhtJGRHYVT9OWIttEY +6vmP3tkWNMktGl8m1bCAGCRepkrqHqYsLXnFCfYHQm9sihh/3rEV6u1F1d+tSrE2 +kSVU8xUX50lqMQKCAQEAzUN6ZKIQ6WdOOEGvr0LQ/XUs24mG37yF28IP2DqaAYes +rsklSv7eIOSeew1mBDuBFIvnFoq5lFP7qxVpB2Z3MHiC1SZrVRf9PN7B4asrcr0+ +t0vKCWXQHi5PAxnqwXoa67D5ny0vyoWIUQp2dFLvB0Bjtos/j2EhzIfNV2mT9myn +VAvNXGmfw8IRB/Wb0i3Cw4Z+roYuu2dDz6QL3PUo7XKKycg4uS55zK/qfOsOebnf +zlwvjllMJ+fTQG73+BzH4NHXk6jFYC58ypkuwtrbfbMiJFNY8rWZm/MMwUCZVCCy +yIqCqGAPzoi2SNsHKZNRj7vYCwPAWzO1bv1Fp/a3LQKCAQEAxm3Ll8pTNW1zB8+X +dG2dWqieMErdWFIAp5/gTx5oeeGqCd1h2xpyeuKpfXFj+lEU4O/jAOSF99nwjC1c +Cl2+v6/Yv6z7iz/FjPJh6ZQlabODZys/NFdzQ/TkoDynDTIXNK8W7nRQsFBp4VOv +de0NPAyhbk0o0Z7yyjcYRxJU7IgJhBvWf8g/Db7fvMR58yDzwAxioiKTMNis0PAP +e0Kko42IE5xhG5hCB0GEHS2VAc1ncH3FI9/1DMP3TKpLim9YPAnItmBO6+Qcma3X +2wC6CWfnvHoH78hgw+4Yn85Wd0b8P7zID/jtvwhce331x8xr2u6nRqLAwZs4+4J7 +bfdIcQKCAQAC/be73ay3afz2zuY7fJLFDr8Pl+pyOjINKL/IW9pAqXR3u5CijiI4 +gnxYuLJC34cbAIrmhjD8G1kwfghgxjp4Z1kot/2aaNYU2/4hRrhEXMOcMiuIhYZJ +2kzmc6s7FIdt5c9NZYAryFRbMfbV7Rt0lJifYVoUwcqXS2dPncc9MQojLGTasuNU +G/DZl9ekcWxEIyKXcncd3fxb+zz9BEmLZD7nf9ZrxGSb+fhFx7sXRQEg5bD/twdo +EXW/m55bbDfxa71jdnMh2quQ3DiVOFE4fLLDqr9CEilh32HRMxrI4g0Y5QPQZk30 +qYNWfnKVRYNLv+X/CxfzfEZpjqFEOFElAoIBAQCKzGbFvlzwPZRhxs7vUv19yHQp +C1fGx0oKiD1R5fpYPkOEQAentAJDsraTl7/kH69WOUmD5Ox1mjrDPtkS8ZxWbRWx +Fb2K+rqc4mpaZpdNWONNK3+tMfk+oAQqe2IMIWnw5HfmZc4MPcKtnFPbRSNAtjKp +D6hoh/pW2gcDP4qZMYVoEm81VXdFCPhNb+Mbu/Sx2hPxSGWa5Fi73xKpYjy3pHJT +XZ2ciG7EMCsJeoGKaQvcBcY/4iRDahWHVrilIXIArPuwfUB2o6BdTtjYGyNlgcfx +qXKxipShA6VSbzugGzdtGMxE2zDGTI19qRC/z9CDDC5e2SAFjlBTWD2PrcqN +-----END RSA PRIVATE KEY----- diff --git a/tools/deployment/certificates/target_config_ca_data b/tools/deployment/certificates/target_config_ca_data new file mode 100644 index 000000000..056f5d149 --- /dev/null +++ b/tools/deployment/certificates/target_config_ca_data @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIUMCpsOoExrG7gE5L9RRjggOMT8nwwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOS3ViZXJuZXRlcyBBUEkwHhcNMjAwOTE1MDEwNDM3WhcN +MzAwOTEzMDEwNDM3WjAZMRcwFQYDVQQDDA5LdWJlcm5ldGVzIEFQSTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAdZ4QbGfiKLLiMsGpRJKwyfDFYR9SC +lkUoxeMMAePdySMSJZM9E0PNh39MKSV3Rd4HekuxgG+rxzo7Zg+eMZcXr4Y7zKP3 +5Im/hDd2mSa8l0I1e4pWptgnof7oEbiIuHSf1Bda1N0ZmDQGmrLrBqNdQ7sPUzsV +YOz6UPVejcHxAc1po1flAv+YSYz5Wko0ETgMvXDkqOHkXW5ZxOppUn+39ZoY6L+x +Ve0PqPtyfIVu3wmrvE4gxJlmXI7uLfw6N4zpKdn+I4+TIEayhMD1dQzspC4L3B+p +XpqO1cV3fJ2Prq/f5MxJr1Y5GQ6eBVrLehwVVLHD31weaigu3y+r3tUCAwEAAaOB +kzCBkDAdBgNVHQ4EFgQUOWya3EwbysnTS/Yj1VLKc0hxh4owVAYDVR0jBE0wS4AU +OWya3EwbysnTS/Yj1VLKc0hxh4qhHaQbMBkxFzAVBgNVBAMMDkt1YmVybmV0ZXMg +QVBJghQwKmw6gTGsbuATkv1FGOCA4xPyfDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMZuSkIm7PvP81nGJ9X9VE8UYMWCINF0A +b+uQDEhtFsGqvvEdxPqDTYJpvQuIBe9WtriVG8t0CH/SggH6NRhwL2bBp2nVhAUW +a+xY/TiNc3PIyDsExF7TuD4bsimAABSgfmmtqWWjj4r9+hu/ogOc/42bOIOBVlsd +/U70bGwYB59Ax//gHYRfT9w/ztTpockstHaJ6lT7yHYjaI3iNDZvMJqQIcq0N/LC +qPcZ0VApLQ6QPti1jUK0F3UedAzMW7dQx6EwB7yPz85gYKvIugri+ksf0lc2xuCG +WLh6b1MZOBsSY6JiTzRQJXusBEGZLcyVDIHE7cD85hNBfit0/z1ffQ== +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/target_config_client_cert_data b/tools/deployment/certificates/target_config_client_cert_data new file mode 100644 index 000000000..b17fbcd26 --- /dev/null +++ b/tools/deployment/certificates/target_config_client_cert_data @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIIfgHwEugUbEcwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AwwOS3ViZXJuZXRlcyBBUEkwHhcNMjAwOTE1MDEwNDM3WhcNMjEwOTE1MDEyMjQ2 +WjA0MRcwFQYDVQQKEw5zeXN0ZW06bWFzdGVyczEZMBcGA1UEAxMQa3ViZXJuZXRl +cy1hZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8z7Ixk/2US +BPQv3Riiin7ToYOA8PfYyy4WLHw10p1V0dl6tSezDygyerwGLyrOLwUEXCoh2Ugm +/Kc4RL5eYeBD1lRdzlcYN+uUmVYIR0JyCBmB22qeC8cdHezq20m1C4Q2DlR6pPmY +/ReHcUVZBuU6thfG4X/NJDDXR5+mO0qYdZGpbpGyMH9A19AuqLQ7EGUT0CSGL+w9 +cPOr98Yr4FEAWIdEdl21kzC91ofkyegunR7gHpmBCqkHT+9fzT2gjUvY/UoTy4gs +Co0huZstlPouZHdCmiQgfW8C36saNrYoGz48dL83miVv/FTmcq1T1n95R9kH24WN +tSEqCASWMUMCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG +AQUFBwMCMB8GA1UdIwQYMBaAFDlsmtxMG8rJ00v2I9VSynNIcYeKMA0GCSqGSIb3 +DQEBCwUAA4IBAQCYMR+q7PNS4jYra/uDyOBMUNcppi/s6OxZCTU3tWUkXUIu4Vf0 +UnIkokXtr7xxCaUR61vqgP8veCUfN1NLD/plQWcxH4YRhN4dbdCpGkypNCHESjNT +ExVtLy2qFhGjzvcAVnM8JhEzHRlLBHYmUiOfT8KyGtv2OiiG5m4XNUFclaRXKlkv +Sht4XagdtWIQOPaoBolcr0/IY8iWRBqJetNxl/g+0LjpBGVtBgDit9sOCEVXilHR +9HlfMBWHZX8mFTY70kzTT5BNuiMtk8cJGWBO2m+vLoJAYoky6y/hGBgb6L3xLc2d +p8vuH/HCzH0nMlnl1M89YjN/EQFNXCzcyNdp +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/target_config_client_key_data b/tools/deployment/certificates/target_config_client_key_data new file mode 100644 index 000000000..5beb75c0a --- /dev/null +++ b/tools/deployment/certificates/target_config_client_key_data @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzzPsjGT/ZRIE9C/dGKKKftOhg4Dw99jLLhYsfDXSnVXR2Xq1 +J7MPKDJ6vAYvKs4vBQRcKiHZSCb8pzhEvl5h4EPWVF3OVxg365SZVghHQnIIGYHb +ap4Lxx0d7OrbSbULhDYOVHqk+Zj9F4dxRVkG5Tq2F8bhf80kMNdHn6Y7Sph1kalu +kbIwf0DX0C6otDsQZRPQJIYv7D1w86v3xivgUQBYh0R2XbWTML3Wh+TJ6C6dHuAe +mYEKqQdP71/NPaCNS9j9ShPLiCwKjSG5my2U+i5kd0KaJCB9bwLfqxo2tigbPjx0 +vzeaJW/8VOZyrVPWf3lH2QfbhY21ISoIBJYxQwIDAQABAoIBACXM3zatpjoWE3lI +0hkQbhu9GBYZi9xrXIXH3c27M/UoFuSKEkpvzDAVJXbv2eMBQmqz5Ox6yFz1X9pR +1Zi1Nz3mok853c7dyDXeIisjz3w7uWaN3i2RL6zfjvoNznuf37367ppS1Y4Dbwi/ +2NZB65QeJeIokjLyhcuzOonRlbeBzMeCDFgwyIA7hxIwig6VxnE8oll9Fh/l7HFt +Sp+xvYpZjhBxFeRBLt6OBG3OgvGYdMhH6mqOG0s7B/ker97lUyD9eWqAlhcPF1vJ +o43AVbo/IU147paoGbWQoukIlnfxc+DowWjGaTy5ScQjsfB5RGM3LM9C52qUOZPl +T29ye4ECgYEA6Gp8ENlTVjainxQADZDzIxV34uxE3XT8fleHfZqNby3R0b59HcXT +45RendM0xHd7RvzdeshBV110UihQgdHj86yiklITfa6KaiJRb0NGwhOAlw0VdM3h +2JfGlUISXXn9/BhFO0WiA4fdtx3pe/JbuB1kuXgu0SJWDRdvRFXeYDMCgYEA5Dp5 +FN86850Q1S0S2dm2paUwymbGFXa9IQtyak30qZO95C7NjGGZ2Loog7yW/wOvLKnq +8YhEHUxLlBXiTvvw+RG1z0MoHhEFGNyIMH2srjBROiyMTHyOoXcA11mf+A6EJBC2 +KyOZJHdRjaRUG7n1XAn1YUaPaYKScHNFWy0tmrECgYBpJSuFr9ws58DAeRrhCE+G +8sJvDfbFvZQxUEYCw/Xyc2c2HZia7JHEpq37dr6rl2ZVIjbMwmYVMTlbpdNuN9eJ +uPM/gRRCSsFh7K6syGHtkUcejxPC6RWgmGGFywNl+Le34f8IJqN6N3BN1KF5qpZm +AB4+bim4AXGusIhtAO/+0wKBgGDX0wMhSiGPV1Itwx7/u/oD43UvMQRwkwZPlig3 +lgbS8zO9DGlyDNci/wgPYT8qsA1SuKfuu4B3HGbk9levnmwBsNUW2RIRBMms4nk5 +CqoLRJxbxNi7zcYD+i5nEHMwra+kC7i4bUZE/y0MOshdGxkH/MBfMYGC72KZ9yce +P4ixAoGBANAvbb/xxT8o9maSAZWc/nSVtL9rAb0kGBPSKrtAmpbGq2+C69Ny5A1E +uob7gsv2w42HPrg/0TLISIFaWi/R/WQddF1jrQj55z7EiXQUCR4sCqDdOSaYv01V +u6ylCjfUIFeUPoxHC9bO7igMObBmpHGSDKg15qjxnUi8Zqj4Z+n2 +-----END RSA PRIVATE KEY----- diff --git a/tools/deployment/templates/kubeconfig_template b/tools/deployment/templates/kubeconfig_template new file mode 100644 index 000000000..91377e898 --- /dev/null +++ b/tools/deployment/templates/kubeconfig_template @@ -0,0 +1,31 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: ${EPHEMERAL_CONFIG_CA_DATA} + server: https://${EPHEMERAL_IP}:6443 + name: ephemeral-cluster_ephemeral +- cluster: + certificate-authority-data: ${TARGET_CONFIG_CA_DATA} + server: https://${TARGET_IP}:6443 + name: target-cluster_target +contexts: +- context: + cluster: ephemeral-cluster_ephemeral + user: ephemeral-cluster-admin + name: ephemeral-cluster +- context: + cluster: target-cluster_target + user: target-cluster-admin + name: target-cluster +current-context: ephemeral-cluster +kind: Config +preferences: {} +users: +- name: ephemeral-cluster-admin + user: + client-certificate-data: ${EPHEMERAL_CONFIG_CLIENT_CERT_DATA} + client-key-data: ${EPHEMERAL_CONFIG_CLIENT_KEY_DATA} +- name: target-cluster-admin + user: + client-certificate-data: ${TARGET_CONFIG_CLIENT_CERT_DATA} + client-key-data: ${TARGET_CONFIG_CLIENT_KEY_DATA} diff --git a/tools/gate/00_setup.sh b/tools/gate/00_setup.sh index 2349bf245..ce8c036f0 100755 --- a/tools/gate/00_setup.sh +++ b/tools/gate/00_setup.sh @@ -36,11 +36,11 @@ sudo apt update sudo DEBIAN_FRONTEND=noninteractive apt -y install software-properties-common python3-pip sudo DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install docker.io make -PACKAGES="yq ansible netaddr" +ANSIBLE_PACKAGES="ansible netaddr" if [[ -z "${http_proxy}" ]]; then - sudo pip3 install $PACKAGES + sudo pip3 install $ANSIBLE_PACKAGES else - sudo pip3 --proxy "${http_proxy}" install $PACKAGES + sudo pip3 --proxy "${http_proxy}" install $ANSIBLE_PACKAGES fi echo "primary ansible_host=localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3" > "$ANSIBLE_HOSTS" diff --git a/tools/gate/config_template.yaml b/tools/gate/config_template.yaml index d7ece4002..171d01cfb 100644 --- a/tools/gate/config_template.yaml +++ b/tools/gate/config_template.yaml @@ -28,7 +28,6 @@ proxy: http: "$HTTP_PROXY" https: "$HTTPS_PROXY" noproxy: "$NO_PROXY" -airship_config_pgp_fp: "FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4" airship_config_pgp: |- -----BEGIN PGP PRIVATE KEY BLOCK-----