e2c56108ee
1. Extending templater with kyaml functions and creating combined catalogue to be able to request/update the existing resources. This is based on 'everything is transformer' concept introduced in kustomize 4.x That includes gathering all secrets into 1 variable catalogue and special mechanism to regenerate/merge with manual secrets. 2. Implementing 'catalogue per cluster' approach for secrets. 3. Rearranging secrets so it's possible to use: pgp (each person may have his own key), age, Hachicorp Vault and etc and the list of people who can decrypt documents is set in a special file. Since in some cases there should be a separate list of people who can decrypt data - this list is set for each cluster (ephemeral and target) separatelly. Closes: #586 Change-Id: I038f84dd138d5ad4a35f4862c61ff2124c2fd530 |
||
|---|---|---|
| .. | ||
| replacements | ||
| kustomization.yaml | ||
| README.md | ||
| remote_direct_configuration.yaml | ||
| secret.yaml | ||
Function: ephemeral
This function defines the configuration for a bare metal ephemeral
bootstrapping image, which can be built via airshipctl image build
and delivered over the WAN to a remote
host via redfish using airshipctl baremetal remotedirect.
REQUIRED: a networking VariableCatalogue must be used to
override some Kubernetes networking configuration.
A base example for this catalogue can be found in the airshipctl-base-catalogues
function. If using the catalogue, apply the replacements/ entrypoint
at the site level, as a Kustomize transformer.
Alternately, the entire text payload of the ephemeral secret may be overridden via normal Kustomize patching.