e2c56108ee
1. Extending templater with kyaml functions and creating combined catalogue to be able to request/update the existing resources. This is based on 'everything is transformer' concept introduced in kustomize 4.x That includes gathering all secrets into 1 variable catalogue and special mechanism to regenerate/merge with manual secrets. 2. Implementing 'catalogue per cluster' approach for secrets. 3. Rearranging secrets so it's possible to use: pgp (each person may have his own key), age, Hachicorp Vault and etc and the list of people who can decrypt documents is set in a special file. Since in some cases there should be a separate list of people who can decrypt data - this list is set for each cluster (ephemeral and target) separatelly. Closes: #586 Change-Id: I038f84dd138d5ad4a35f4862c61ff2124c2fd530
48 lines
2.0 KiB
YAML
48 lines
2.0 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- hosts: primary
|
|
vars_files:
|
|
- vars/test-config.yaml
|
|
name: airshipctl_gate_runner
|
|
environment:
|
|
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
|
|
AZURE_SUBSCRIPTION_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc3Vic2NyaXB0aW9uIGlkIGhlcmUK"
|
|
AZURE_TENANT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgdGVuYW50IGlkIGhlcmUK"
|
|
AZURE_CLIENT_ID_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgaWQgaGVyZQo="
|
|
AZURE_CLIENT_SECRET_B64: "UGxlYXNlLCBwcm92aWRlIHlvdXIgQXp1cmUgc2VydmljZSBwcmluY2lwYWwgc2VjcmV0IGhlcmUK"
|
|
AZURE_ENVIRONMENT: "AzurePublicCloud"
|
|
GCP_CONTROL_PLANE_MACHINE_TYPE: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_NODE_MACHINE_TYPE: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_PROJECT: "bjEtc3RhbmRhcmQtNA=="
|
|
GCP_REGION: "dXMtd2VzdDE="
|
|
GCP_NETWORK_NAME: "ZGVmYXVsdA=="
|
|
GCP_B64ENCODED_CREDENTIALS: "bjEtc3RhbmRhcmQtNA=="
|
|
AIRSHIPCTL_REF: "{{ zuul.ref | default('master') }}"
|
|
tasks:
|
|
- name: "set_default_gate_scripts"
|
|
set_fact:
|
|
gate_scripts_default:
|
|
- ./tools/deployment/21_systemwide_executable.sh
|
|
- ./tools/deployment/22_test_configs.sh
|
|
- ./tools/deployment/23_pull_documents.sh
|
|
- ./tools/deployment/23_generate_secrets.sh
|
|
- ./tools/deployment/24_build_images.sh
|
|
- ./tools/deployment/25_deploy_gating.sh
|
|
|
|
- name: "Run gate scripts"
|
|
include_role:
|
|
name: airshipctl-run-script
|
|
vars:
|
|
gate_script_path: "{{ item }}"
|
|
with_items: "{{ gate_scripts | default(gate_scripts_default) }}"
|