airshipctl/manifests/function/generate-secrets-example/secret-generation.yaml

apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
  name: secret-template
  annotations:
    config.kubernetes.io/function: |
      container:
        image: quay.io/airshipit/templater:v2      
values:
  clusterCa:
    cn: "Kubernetes API"
    validity: 3650
  password:
    len: 1
    cap: "long"
    masterKey: "test"
    siteKey: "user"
    sitePassword: "example.org"
template: |
  apiVersion: airshipit.org/v1alpha1
  kind: VariableCatalogue
  metadata:
    labels:
      airshipit.org/deploy-k8s: "false"
    name: password-secret
    annotations:
      config.kubernetes.io/path: secrets.yaml
  passkey: {{ derivePassword (.password.len|toUint32) .password.cap .password.masterKey .password.siteKey .password.sitePassword }}
  rand1: {{ randAlphaNum 4 }}
  rand2: {{ randAlpha 5 }}
  rand3: {{ randNumeric 12 }}
  rand4: {{ randAscii 10 }}
  regexkey: {{ regexGen "ed[0-9]*[xY]{3,7}" 7 }}
  {{- $ca := genCA .clusterCa.cn .clusterCa.validity }}
  {{- $cert := genSignedCert "foo.com" (list "10.0.0.1" "10.0.0.2") (list "bar.com" "bat.com") 365 $ca }}
  tls.key: {{ $ca.Key|b64enc|quote }}
  tls.crt: {{ $ca.Cert|b64enc|quote }}
  tlsCert.key: {{ $cert.Cert|b64enc|quote }}
  tlsCert.crt: {{ $cert.Key|b64enc|quote }}