Add reference multi-tenant site
This change adds a reference site for the multi-tenant type, adapted from the airship-core reference site. Signed-off-by: Drew Walters <andrew.walters@att.com> Change-Id: I7e1518f6fc960ba49d40af79e4bb052251ce749a
This commit is contained in:
parent
e046a3d5f1
commit
39e624fdfb
@ -0,0 +1,22 @@
|
|||||||
|
# This patches the node02 BMH to be suitable for ephemeral purposes
|
||||||
|
apiVersion: metal3.io/v1alpha1
|
||||||
|
kind: BareMetalHost
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
labels:
|
||||||
|
airshipit.org/ephemeral-node: "true"
|
||||||
|
airshipit.org/deploy-k8s: "false"
|
||||||
|
# NEWSITE_CHANGEME : ephemeral node name
|
||||||
|
name: stl3r01s02
|
||||||
|
spec:
|
||||||
|
online: true
|
||||||
|
bmc:
|
||||||
|
# NEWSITE_CHANGEME: ephemeral node redhish api endpoint
|
||||||
|
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
|
||||||
|
status:
|
||||||
|
provisioning:
|
||||||
|
# we need this status to make sure, that the host is not going to be
|
||||||
|
# reprovisioned by the ephemeral baremetal operator.
|
||||||
|
# when we have more flexible labeling system in place, we will not
|
||||||
|
# deliver this document to ephemeral cluster
|
||||||
|
state: externally provisioned
|
@ -0,0 +1,11 @@
|
|||||||
|
# Site-level, phase-specific lists of hosts to generate
|
||||||
|
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||||
|
# host-catalogue to just the hosts needed for a particular phase.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
hosts:
|
||||||
|
m3:
|
||||||
|
## NEWSITE_CHANGEME: The ephemeral node name
|
||||||
|
- stl3r01s02
|
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
|
||||||
|
- ../../catalogues/
|
||||||
|
- host-generation.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
|
||||||
|
- ../../../../../function/treasuremap-cleanup
|
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/bootstrap
|
||||||
|
- ../catalogues
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- hostgenerator
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- baremetalhost.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/bootstrap/replacements
|
4
manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md
Executable file
4
manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
# Catalogue Definitions for Target Cluster
|
||||||
|
|
||||||
|
This inherits Site-level catalogues from the neighboring target cluster's
|
||||||
|
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.
|
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../target/catalogues
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- networking.yaml
|
@ -0,0 +1,24 @@
|
|||||||
|
# This makes a couple small networking tweaks that are specific to the
|
||||||
|
# ephemeral cluster, on top of the target cluster networking definition.
|
||||||
|
# These values can be overridden at the site, type, etc levels as appropriate.
|
||||||
|
|
||||||
|
## NEWSITE_CHANGEME: update file with ephemeral node ips
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: NetworkCatalogue
|
||||||
|
metadata:
|
||||||
|
name: networking
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
serviceCidr: "10.96.0.0/12"
|
||||||
|
podCidr: "192.168.0.0/18"
|
||||||
|
controlPlaneEndpoint:
|
||||||
|
# NEWSITE_CHANGEME: Ephemeral node oam ip
|
||||||
|
host: "10.254.125.231"
|
||||||
|
port: 6443
|
||||||
|
# NEWSITE_CHANGEME: ephemeral node calico ip and pxe ip
|
||||||
|
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
|
||||||
|
ironic:
|
||||||
|
# NEWSITE_CHANGEME: Ephemeral node PXE network
|
||||||
|
provisioningInterface: "eno4"
|
||||||
|
provisioningIp: "172.63.0.12"
|
||||||
|
dhcpRange: "172.63.0.31,172.63.0.126"
|
@ -0,0 +1,11 @@
|
|||||||
|
# Site-level, phase-specific lists of hosts to generate
|
||||||
|
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||||
|
# host-catalogue to just the hosts needed for a particular phase.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
hosts:
|
||||||
|
m3:
|
||||||
|
## NEWSITE_CHANGEME: Target cluster first node
|
||||||
|
- stl3r01s01
|
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
|
||||||
|
- ../../catalogues/
|
||||||
|
- host-generation.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
|
||||||
|
- ../../../../../function/treasuremap-cleanup
|
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/controlplane
|
||||||
|
- ../../target/catalogues # NOTE: use target networking for this phase
|
||||||
|
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
|
||||||
|
# otherwise nodes will hang in 'registering' state for quite a long time
|
||||||
|
- nodes
|
||||||
|
transformers:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements
|
@ -0,0 +1,12 @@
|
|||||||
|
# Note: this weird extra layer between the .. and ../hostgenerator
|
||||||
|
# is purely to apply the label below to the generated hosts.
|
||||||
|
# When can come up with a better way to declare (e.g. via catalogue)
|
||||||
|
# that the host is a controlplane host, we should get rid of this.
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ../hostgenerator
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
airshipit.org/k8s-role: controlplane-host
|
@ -0,0 +1,2 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/airship-core/ephemeral/initinfra-networking
|
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/initinfra
|
||||||
|
- ../catalogues
|
||||||
|
transformers:
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/initinfra/replacements
|
@ -0,0 +1,18 @@
|
|||||||
|
# Site-level, phase-specific lists of hosts to generate
|
||||||
|
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||||
|
# host-catalogue to just the hosts needed for a particular phase.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
hosts:
|
||||||
|
m3:
|
||||||
|
# Note: this list should be kept up to date with
|
||||||
|
# the full list of hosts in the cluster
|
||||||
|
## NEWSITE_CHANGEME: list of all the hosts
|
||||||
|
- stl3r01s01
|
||||||
|
- stl3r01s02
|
||||||
|
- stl3r01s03
|
||||||
|
- stl3r01s04
|
||||||
|
- stl3r01s05
|
||||||
|
- stl3r01s06
|
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/
|
||||||
|
- ../../target/catalogues
|
||||||
|
- host-generation.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||||
|
- ../../../../function/treasuremap-cleanup
|
@ -0,0 +1,5 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- hostgenerator
|
@ -0,0 +1,40 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: KubeConfig
|
||||||
|
metadata:
|
||||||
|
name: default
|
||||||
|
labels:
|
||||||
|
airshipit.org/deploy-k8s: "false"
|
||||||
|
config:
|
||||||
|
apiVersion: v1
|
||||||
|
clusters:
|
||||||
|
- cluster:
|
||||||
|
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
|
||||||
|
## NEWSITE_CHANGEME: update ip with the vrrp k8s ip
|
||||||
|
server: https://10.254.125.239:6443
|
||||||
|
name: target-cluster
|
||||||
|
- cluster:
|
||||||
|
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||||
|
## NEWSITE_CHANGEME: update ip with the ephemeral node oam ip
|
||||||
|
server: https://10.254.125.231:6443
|
||||||
|
name: ephemeral-cluster
|
||||||
|
contexts:
|
||||||
|
- context:
|
||||||
|
cluster: target-cluster
|
||||||
|
user: target-cluster-admin
|
||||||
|
name: target-cluster
|
||||||
|
- context:
|
||||||
|
cluster: ephemeral-cluster
|
||||||
|
user: ephemeral-cluster-admin
|
||||||
|
name: ephemeral-cluster
|
||||||
|
current-context: ""
|
||||||
|
kind: Config
|
||||||
|
preferences: {}
|
||||||
|
users:
|
||||||
|
- name: ephemeral-cluster-admin
|
||||||
|
user:
|
||||||
|
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||||
|
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
|
||||||
|
- name: target-cluster-admin
|
||||||
|
user:
|
||||||
|
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||||
|
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
|
@ -0,0 +1,7 @@
|
|||||||
|
resources:
|
||||||
|
- kubeconfig.yaml
|
||||||
|
- ../target/catalogues
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- update-target.yaml
|
||||||
|
- ../../../function/treasuremap-cleanup
|
@ -0,0 +1,69 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: k8scontrol-cluster-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: quay.io/airshipit/replacement-transformer:v2.0.2
|
||||||
|
replacements:
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.targetKubeconfig.certificate-authority-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.targetKubeconfig.client-certificate-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.targetKubeconfig.client-key-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.ephemeralKubeconfig.client-key-data}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeConfig
|
||||||
|
name: default
|
||||||
|
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]
|
6
manifests/site/reference-multi-tenant/metadata.yaml
Normal file
6
manifests/site/reference-multi-tenant/metadata.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
phase:
|
||||||
|
docEntryPointPrefix: manifests/site/reference-multi-tenant
|
||||||
|
path: manifests/site/reference-multi-tenant/phases
|
||||||
|
|
||||||
|
inventory:
|
||||||
|
path: manifests/site/reference-multi-tenant/host-inventory
|
@ -0,0 +1,6 @@
|
|||||||
|
resources:
|
||||||
|
- ../kubeconfig
|
||||||
|
- ../../../type/multi-tenant/phases
|
||||||
|
## TODO Consider making a catalogue combined with variable substitution instead
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- phase-patch.yaml
|
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: BaremetalManager
|
||||||
|
metadata:
|
||||||
|
name: RemoteDirectEphemeral
|
||||||
|
spec:
|
||||||
|
hostSelector:
|
||||||
|
## NEWSITE_CHANGEME: ephemeral node
|
||||||
|
name: stl3r01s02
|
||||||
|
operationOptions:
|
||||||
|
remoteDirect:
|
||||||
|
## NEWSITE_CHANGEME: URL to the ephemeral node iso
|
||||||
|
isoURL: http://10.254.195.209/ephemeral.iso
|
5
manifests/site/reference-multi-tenant/target/catalogues/README.md
Executable file
5
manifests/site/reference-multi-tenant/target/catalogues/README.md
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
# Catalogue Definitions for Target Cluster
|
||||||
|
|
||||||
|
This inherits Type-level catalogues, and adds in Site-specific values.
|
||||||
|
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
|
||||||
|
customizations on top of this for ephemeral use.
|
@ -0,0 +1,96 @@
|
|||||||
|
# Site-level host catalogue. This info feeds the Templater
|
||||||
|
# kustomize plugin config in the hostgenerator-m3 function.
|
||||||
|
|
||||||
|
## NEWSITE_CHANGEME: update the whole file with the site specific host details
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-catalogue
|
||||||
|
labels:
|
||||||
|
airshipit.org/deploy-k8s: "false"
|
||||||
|
|
||||||
|
hosts:
|
||||||
|
# NEWSITE_CHANGEME: update with the site specific host details for all hosts
|
||||||
|
m3:
|
||||||
|
stl3r01s01:
|
||||||
|
bootMode: legacy
|
||||||
|
macAddress: E4:43:4B:EE:F4:CB
|
||||||
|
bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.230
|
||||||
|
pxe-ipv4: 172.63.0.11
|
||||||
|
storage-ipv4: 172.62.0.11
|
||||||
|
calico-ipv4: 172.64.0.11
|
||||||
|
hardwareProfile: default # defined in the hostgenerator-m3 function
|
||||||
|
stl3r01s02:
|
||||||
|
bootMode: legacy
|
||||||
|
macAddress: E4:43:4B:EE:B0:43
|
||||||
|
bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.231
|
||||||
|
pxe-ipv4: 172.63.0.12
|
||||||
|
storage-ipv4: 172.62.0.12
|
||||||
|
calico-ipv4: 172.64.0.12
|
||||||
|
hardwareProfile: example # defined in the hardwareprofile-example function
|
||||||
|
stl3r01s03:
|
||||||
|
bootMode: legacy
|
||||||
|
#macAddress: E4:43:4B:EE:D7:B8
|
||||||
|
macAddress: E4:43:4B:EE:D7:D9
|
||||||
|
bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.232
|
||||||
|
pxe-ipv4: 172.63.0.13
|
||||||
|
storage-ipv4: 172.62.0.13
|
||||||
|
calico-ipv4: 172.64.0.13
|
||||||
|
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||||
|
stl3r01s04:
|
||||||
|
bootMode: legacy
|
||||||
|
#macAddress: E4:43:4B:EE:D7:B8
|
||||||
|
macAddress: E4:43:4B:EE:DD:0F
|
||||||
|
bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.233
|
||||||
|
pxe-ipv4: 172.63.0.14
|
||||||
|
storage-ipv4: 172.62.0.14
|
||||||
|
calico-ipv4: 172.64.0.14
|
||||||
|
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||||
|
stl3r01s05:
|
||||||
|
bootMode: legacy
|
||||||
|
#macAddress: E4:43:4B:EE:D7:B8
|
||||||
|
macAddress: E4:43:4B:EE:D7:2F
|
||||||
|
bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.234
|
||||||
|
pxe-ipv4: 172.63.0.15
|
||||||
|
storage-ipv4: 172.62.0.15
|
||||||
|
calico-ipv4: 172.64.0.15
|
||||||
|
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||||
|
stl3r01s06:
|
||||||
|
bootMode: legacy
|
||||||
|
#macAddress: E4:43:4B:EE:D7:B8
|
||||||
|
macAddress: E4:43:4B:EE:F3:B7
|
||||||
|
bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1
|
||||||
|
bmcUsername: root
|
||||||
|
bmcPassword: WWTwwt1!
|
||||||
|
disableCertificateVerification: true
|
||||||
|
ipAddresses:
|
||||||
|
oam-ipv4: 10.254.125.235
|
||||||
|
pxe-ipv4: 172.63.0.16
|
||||||
|
storage-ipv4: 172.62.0.16
|
||||||
|
calico-ipv4: 172.64.0.16
|
||||||
|
hardwareProfile: default # defined in the hardwareprofile-example function
|
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/shared/catalogues
|
||||||
|
- hosts.yaml
|
||||||
|
- ../generator/results
|
||||||
|
- storage.yaml
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- versions-airshipctl.yaml
|
||||||
|
- networking.yaml
|
||||||
|
- networking-ha.yaml
|
@ -0,0 +1,19 @@
|
|||||||
|
# This catalogue alone needs to be overriden at site level based on the
|
||||||
|
# networkign requirement like HA
|
||||||
|
|
||||||
|
## NEWSITE_CHANGEME: Update the file with the vrrp ips
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: networking-ha
|
||||||
|
labels:
|
||||||
|
airshipit.org/deploy-k8s: "false"
|
||||||
|
vrrp:
|
||||||
|
# NEWSITE_CHANGEME: Update kubernetes virtual ip and OAM interface
|
||||||
|
kubernetes:
|
||||||
|
interface: bond0.61
|
||||||
|
virtual_ipaddress: 10.254.125.239
|
||||||
|
# NEWSITE_CHANGEME: Update ingress virtual ip and OAM interface
|
||||||
|
ingress:
|
||||||
|
interface: bond0.61
|
||||||
|
virtual_ipaddress: 10.254.125.240
|
@ -0,0 +1,120 @@
|
|||||||
|
# This makes a couple small networking tweaks that are specific to the
|
||||||
|
# ephemeral cluster, on top of the target cluster networking definition.
|
||||||
|
# These values can be overridden at the site, type, etc levels as appropriate.
|
||||||
|
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: NetworkCatalogue
|
||||||
|
metadata:
|
||||||
|
name: networking
|
||||||
|
|
||||||
|
spec:
|
||||||
|
# The catalogue should be overridden as appropriate for different kubernetes
|
||||||
|
# clusters, e.g. ephemeral vs target vs tenant
|
||||||
|
kubernetes:
|
||||||
|
serviceCidr: "10.96.0.0/12"
|
||||||
|
podCidr: "192.168.0.0/18"
|
||||||
|
controlPlaneEndpoint:
|
||||||
|
# NEWSITE_CHANGEME: below is the vrrp kubernetes virtual ip
|
||||||
|
host: "10.254.125.239"
|
||||||
|
port: 6443
|
||||||
|
# NEWSITE_CHANGEME: first controller node calico ip and pxe ip
|
||||||
|
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
|
||||||
|
ironic:
|
||||||
|
# NEWSITE_CHANGEME: update the first controller node PXE network information
|
||||||
|
provisioningInterface: "eno4"
|
||||||
|
provisioningIp: "172.63.0.11"
|
||||||
|
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||||
|
commonHostNetworking:
|
||||||
|
links:
|
||||||
|
# NEWSITE_CHANGEME: PXE network, untagged
|
||||||
|
- id: eno4
|
||||||
|
name: eno4
|
||||||
|
type: phy
|
||||||
|
mtu: "1500"
|
||||||
|
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 1 port 2; the first NIC in the bonded interface
|
||||||
|
- id: enp94s0f1
|
||||||
|
name: enp94s0f1
|
||||||
|
type: phy
|
||||||
|
mtu: "9100"
|
||||||
|
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 2 port 1; the second NIC in the bonded interface
|
||||||
|
- id: enp134s0f0
|
||||||
|
name: enp134s0f0
|
||||||
|
type: phy
|
||||||
|
mtu: 9100
|
||||||
|
- id: bond0
|
||||||
|
name: bond0
|
||||||
|
type: bond
|
||||||
|
# NEWSITE_CHANGEME: update the bond link interface name
|
||||||
|
bond_links: ["enp94s0f1", "enp134s0f0"]
|
||||||
|
bond_mode: 802.3ad
|
||||||
|
bond_xmit_hash_policy: layer3+4
|
||||||
|
bond_miimon: 100
|
||||||
|
mtu: 9100
|
||||||
|
# NEWSITE_CHANGEME: OAM network
|
||||||
|
- id: bond0.61
|
||||||
|
name: bond0.61
|
||||||
|
type: vlan
|
||||||
|
vlan_link: bond0
|
||||||
|
vlan_id: 61
|
||||||
|
mtu: 9100
|
||||||
|
vlan_mac_address: null
|
||||||
|
# NEWSITE_CHANGEME: Storage network
|
||||||
|
- id: bond0.62
|
||||||
|
name: bond0.62
|
||||||
|
type: vlan
|
||||||
|
vlan_link: bond0
|
||||||
|
vlan_id: 62
|
||||||
|
mtu: 9100
|
||||||
|
vlan_mac_address: null
|
||||||
|
# NEWSITE_CHANGEME: Calico network
|
||||||
|
- id: bond0.64
|
||||||
|
name: bond0.64
|
||||||
|
type: vlan
|
||||||
|
vlan_link: bond0
|
||||||
|
vlan_id: 64
|
||||||
|
mtu: 9100
|
||||||
|
vlan_mac_address: null
|
||||||
|
# unused for now
|
||||||
|
- id: bond0.65
|
||||||
|
name: bond0.65
|
||||||
|
type: vlan
|
||||||
|
vlan_link: bond0
|
||||||
|
vlan_id: 65
|
||||||
|
mtu: 9100
|
||||||
|
vlan_mac_address: null
|
||||||
|
networks:
|
||||||
|
# NEWSITE_CHANGEME: OAM network
|
||||||
|
- id: oam-ipv4
|
||||||
|
type: ipv4
|
||||||
|
link: bond0.61
|
||||||
|
# ip_address: <from host-catalogue>
|
||||||
|
netmask: 255.255.255.224
|
||||||
|
routes:
|
||||||
|
- network: 0.0.0.0
|
||||||
|
netmask: 0.0.0.0
|
||||||
|
gateway: 10.254.125.225
|
||||||
|
# NEWSITE_CHANGEME: PXE network
|
||||||
|
- id: pxe-ipv4
|
||||||
|
type: ipv4
|
||||||
|
link: eno4
|
||||||
|
# ip_address: <from host-catalogue>
|
||||||
|
netmask: 255.255.255.128
|
||||||
|
# NEWSITE_CHANGEME: Storage network
|
||||||
|
- id: storage-ipv4
|
||||||
|
type: ipv4
|
||||||
|
link: bond0.62
|
||||||
|
# ip_address:
|
||||||
|
netmask: 255.255.255.128
|
||||||
|
# NEWSITE_CHANGEME: Calico network
|
||||||
|
- id: calico-ipv4
|
||||||
|
type: ipv4
|
||||||
|
link: bond0.64
|
||||||
|
# ip_address:
|
||||||
|
netmask: 255.255.255.128
|
||||||
|
services:
|
||||||
|
# NEWSITE_CHANGEME: DNS servers
|
||||||
|
- address: 8.8.8.8
|
||||||
|
type: dns
|
||||||
|
- address: 8.8.4.4
|
||||||
|
type: dns
|
||||||
|
|
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: storage
|
||||||
|
labels:
|
||||||
|
airshipit.org/deploy-k8s: "false"
|
||||||
|
spec:
|
||||||
|
storage:
|
||||||
|
useAllNodes: false # We define per node/per device configuration below
|
||||||
|
useAllDevices: false # We define per node/per device configuration below
|
||||||
|
nodes:
|
||||||
|
- name: stl3r01s05
|
||||||
|
deviceFilter: "^/dev/sd[bc]"
|
||||||
|
- name: stl3r01s06
|
||||||
|
deviceFilter: "^/dev/sd[bc]"
|
||||||
|
---
|
@ -0,0 +1,16 @@
|
|||||||
|
# Override default controlplane image location
|
||||||
|
|
||||||
|
## NEWSITE_CHANGEME: update the file with the ephemeral node pxe ip
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VersionsCatalogue
|
||||||
|
metadata:
|
||||||
|
name: versions-airshipctl
|
||||||
|
|
||||||
|
spec:
|
||||||
|
files:
|
||||||
|
k8scontrol:
|
||||||
|
# Host the image in a locally served location for CI
|
||||||
|
# NEWSITE_CHANGEME: update the url with the ephemeral node pxe ip
|
||||||
|
cluster_controlplane_image:
|
||||||
|
url: http://172.63.0.12/images/control-plane.qcow2
|
||||||
|
checksum: http://172.63.0.12/images/control-plane.qcow2.md5sum
|
@ -0,0 +1,13 @@
|
|||||||
|
# Site-level, phase-specific lists of hosts to generate
|
||||||
|
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||||
|
# host-catalogue to just the hosts needed for a particular phase.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
hosts:
|
||||||
|
m3:
|
||||||
|
## NEWSITE_CHANGEME: update with the list of controlplane hosts
|
||||||
|
- stl3r01s01
|
||||||
|
- stl3r01s04
|
||||||
|
- stl3r01s05
|
@ -0,0 +1,13 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
|
||||||
|
- ../../catalogues
|
||||||
|
- host-generation.yaml
|
||||||
|
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||||
|
- ../../../../../function/treasuremap-cleanup
|
@ -0,0 +1,41 @@
|
|||||||
|
apiVersion: builtin
|
||||||
|
kind: PatchStrategicMergeTransformer
|
||||||
|
metadata:
|
||||||
|
name: smp
|
||||||
|
patches: |-
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: hardwareprofile-example
|
||||||
|
$patch: delete
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-catalogue
|
||||||
|
$patch: delete
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
$patch: delete
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: networking
|
||||||
|
$patch: delete
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: env-vars-catalogue
|
||||||
|
$patch: delete
|
||||||
|
---
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: versions-airshipctl
|
||||||
|
$patch: delete
|
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
#- ../../../../../../airshipctl/manifests/function/k8scontrol
|
||||||
|
- ../../../../function/k8scontrol-ha
|
||||||
|
- ../catalogues
|
||||||
|
- metal3machinetemplate.yaml
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
#- versions-catalogue-patch.yaml
|
||||||
|
- patch_controlplane.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
#- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
|
||||||
|
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements
|
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
|
||||||
|
kind: Metal3MachineTemplate
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml
|
||||||
|
name: cluster-controlplane-2
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
hostSelector:
|
||||||
|
matchLabels:
|
||||||
|
airshipit.org/k8s-role: controlplane-host
|
||||||
|
image:
|
||||||
|
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ips
|
||||||
|
url: http://172.63.0.11/images/control-plane.qcow2
|
||||||
|
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum
|
||||||
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ../hostgenerator
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
airshipit.org/k8s-role: controlplane-host
|
@ -0,0 +1,11 @@
|
|||||||
|
kind: KubeadmControlPlane
|
||||||
|
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
|
||||||
|
metadata:
|
||||||
|
name: cluster-controlplane
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
infrastructureTemplate:
|
||||||
|
kind: Metal3MachineTemplate
|
||||||
|
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
|
||||||
|
name: cluster-controlplane-2
|
||||||
|
|
@ -0,0 +1,15 @@
|
|||||||
|
# Patch the versions catalogue to use the site-specific local image URL
|
||||||
|
# TODO: patch this in from a site-networking catalogue in the future
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: versions-airshipctl
|
||||||
|
spec:
|
||||||
|
files:
|
||||||
|
k8scontrol:
|
||||||
|
# Host the image in a locally served location for CI
|
||||||
|
cluster_controlplane_image:
|
||||||
|
## NEWSITE_CHANGEME: update with the first target node pxe ip
|
||||||
|
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||||
|
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
# Secrets generator/encrypter/decrypter
|
||||||
|
|
||||||
|
This directory contains an utility that helps generate, encrypt and decrypt
|
||||||
|
secrects. These secrects can be used anywhere in manifests.
|
||||||
|
|
||||||
|
For example we can use PGP key from SOPS example.
|
||||||
|
To get the key we need to run:
|
||||||
|
`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
|
||||||
|
|
||||||
|
and import this key as environment variable:
|
||||||
|
`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
|
||||||
|
|
||||||
|
## Generator
|
||||||
|
|
||||||
|
To generate secrets we use [template](secret-template.yaml) that will be passed
|
||||||
|
to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate`
|
||||||
|
execution.
|
||||||
|
|
||||||
|
## Encrypter
|
||||||
|
|
||||||
|
To encrypt the secrets that have been generated we use generic container executor.
|
||||||
|
To start the secrets generate phase we need to execute following phase:
|
||||||
|
`airshipctl phase run secret-generate`
|
||||||
|
The executor run SOPS container and pass the pre-generated secrets to this container.
|
||||||
|
This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated).
|
||||||
|
|
||||||
|
## Decrypter
|
||||||
|
|
||||||
|
To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml).
|
||||||
|
It will run the decrypt sops function when we run
|
||||||
|
`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
|
||||||
|
manifests/site/test-site/target/catalogues/`
|
@ -0,0 +1,2 @@
|
|||||||
|
generators:
|
||||||
|
- override
|
@ -0,0 +1,2 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../../type/multi-tenant/target/generator/
|
@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: Templater
|
||||||
|
metadata:
|
||||||
|
name: secret-template
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
container:
|
||||||
|
image: quay.io/airshipit/templater:v2.0.2
|
||||||
|
envs:
|
||||||
|
- TOLERATE_DECRYPTION_FAILURES
|
||||||
|
template: |
|
||||||
|
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: my-config2
|
||||||
|
annotations:
|
||||||
|
config.k8s.io/function: |
|
||||||
|
container:
|
||||||
|
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
|
||||||
|
envs:
|
||||||
|
- SOPS_IMPORT_PGP
|
||||||
|
data:
|
||||||
|
ignore-mac: true
|
||||||
|
cmd: decrypt
|
||||||
|
{{- if eq $tolerate "true" }}
|
||||||
|
cmd-tolerate-failures: true
|
||||||
|
{{- end }}
|
@ -0,0 +1,2 @@
|
|||||||
|
generators:
|
||||||
|
- configurable-decryption.yaml
|
@ -0,0 +1,49 @@
|
|||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
ephemeralClusterCa:
|
||||||
|
crt: 'ENC[AES256_GCM,data:6uQzsPDu52M507lC9AWv/j70+JefIZ1N/R5ZKTtKMYxwQWVTFn6vXJrT1Sn62gqS3BrtXD6ZXOH3g5ISETgVNHfG5c8VuXlx3cg5MVDPJl8aGWD2MnoG3mcfAiotoKMF1cPTIJFVw8C1GFOINTM9AmVYzxURs5CHsi4pkSSYShLivy5OEm1dSMyV5X+uAndEyAChMQoBp2fq0cuMu16o80s0SpRo0KB3CfVCKjaaajLZtKadpGt90UgpTUdTRIofQyNucaEmqLQbEZw/SwN1jK88ulC/vtHoKZuxDZtk4clITqiTqTAiepjHlmyTpo6PK+HvM2K+ZIWRCzKy3NTtS4iOEL1kVfWtbE5Zemqwh6hDuHH/IuvjIxcx6twZFOEy7+iqsAhxYZYMXqaUHPIMbAw0jguqMc0Li5pjlwGR8pIxT+VdZ/oQV6E4t/enpEVJ/8vrIJ5fu/1rbV8s2vHgxFHO/r740Do1UVNjbq9CMxEAqi4sTUaNNYBxRIqfXGsjOsosolIMy1YmTfoDJ7iqf5do1eVOId6gWeBJQYwQR3YLzk2j+MzN+GRZUMXYAspE/FmAbytaKnk8AVHL5AqklsbDHmDimc4hee3VmNSQBiNDUbIj6vD9R9PuyPDO7IDs4cZxcyFwfgq/z6LT5GwEh/pmT8bIIb96fTAeWkkLA/XvaTuT3xqzrT7NBl8trlLLGsqct5/07o4QdbGBRtFc4wL6LDyq8MF5pHU/PRcgOl41E+2KECSdrJBJltRvOE73sd78nkkCq2O/dMSRKpb2sPW9K3IQYlCurpShYGP1a+p2H50O7/GGz7+E+4rymzJ933IWA4T0YNFWZ4EFDsGccDxDC3r71iX/9xd19xvZZWU1JowQ1OcPzTdpa1YhDIuqgKeIekatKEtLDhXHsaIbA5CXKg4Ew6BOx2lBLMgx1RnlReIAzzWnYyYb03awHJIKpfM+mKDSN1kQ6Oc5iLmKshFqCB270+KMna+r2hdvnXqhtTkM/pZge5QCIrtGkPc0jqHXF+0UutVuTVk5dejhqdeT3ITYP6eZj+/CPBm1a1Ms/haPJc9SA6r9yJUWKthJQCGReey7glzVzHs8FtbcZqr/xDDMYCDT84GNIo4RlsCqm4EXR8cpumkP8YVMQOzCSuWmS6NYDk7JrSRYiO5cdl99PDrSGNyVj6LSEJuDkkfuiFHR1SbqLhwNDtSoheHMtBJ6rmqPsGRe6UhkOETU5RkNiPAubJfqAGGl4OgWNcKIM+Wea5d+MYJPpXPbLCvN8eWIo3VyhO+lhnwUxle2Vp0sR3XoPNsnU013O6GmsmNvTnqa/CHGjDinL7hQioBZpzx14+IeHPMoHLjoL7bStJqoSYoC4sPnI1F7Zo7KEXaybwqW2A7oIoCOsLkqO3PP+LaR8aZBtWmQZ/buchWVOT1D6vwowAjbrfYmGuU0VZiY74TuX53JS3KCJ+sn04CwHZBpoHoAAmy9Yo1bfuzOlI0XGxWP8jGBwzQtJddoBEV5ziussvfYSHDDLF6CL1IRWwjj9YHz2w+8IzA232aMO2eRR4+TbbmOzI57WzlVsd7nBN63lPfPtne6MBtxiQuq2pALqHP897a0DocuuAI0xfaO5YYrLQ215lb4DxIR8764T6bNMdcHBo7/TgZfs+QS4B72WM1p19jCHRxAan0cJ+knKUERE5koJyshdbl8cRJ4kL2amk5mT27Q5Ek5mNHnwE6nrrHQXK4VrDG3v4IfgRQ6wP6525RUsjrWGvxCj8Am8JXtO13JfwMpEcWTZK86cMDAYXXLiu1KOlx295qnrWaJzknRzY+Nb2DYsoDe92zs7fgy3A7d4JRGZkjsCV45EYxXdUpSlRaMCj16urJ/BrdmbJ6ccw/PKDqxnWY7JQ4NFAoEC/BrgHpSKBT53xku2Nxmz8ktt4AvTb59rjjfAEkMDjCaLmGz+RKIBQ==,iv:aKqk4ruA0/QtbBFnr6mBidCrnEY2uQ64swqO+SysFkc=,tag:Uzt+Eu7l1mf8DzJr4E+KWw==,type:str]'
|
||||||
|
key: 'ENC[AES256_GCM,data:U0U76Jf7YNIqMRoWrlYcOpi74tYKflDwE6wh85Mj85f/bBMrY2WdmOFmqiL61v02SBahXnBCHrQw1wSBxmqAdP26W4kSLL94NYBFUvwJIQwbKU/Cz7sQpiEYFWRuc2De0N4ibzS6//vINSMV+yi/G1aSbpOlxzfSH2upFcH2yGa36erkLgdY7AsoW/YOOUMYWLWsgsXUkXnkzu0+44nLyGOJwnuLW5gb6/Ci+RWKklKfI69pe1Wkb8Av6zNhI29CnzwFclkVX6I1PWkvouayLusrzo7nwy7mHxbI8j4Xfq9YNb8jSg9nS2ibK9LtQ5BzcPAa7BlP6NGavCu0OJauQ0sgw124kaWsG77QmpxFiT0TdvqnTVu3vEI3f/XZG2c/sWXVA8FGZ31F38mM68KsDMlusXs3hUOJf7QaUw+0MeK8lmz8t3vI0UANXRMSt2fEVBaho4JoTsbgZSvTD/RZ6YwI2a1uoPdNKPh7F8i0rLOaCNgPLVoKAcV3M2mEhodJNZAI0ifa7sdQuWNQ0fbPwGh+dXLKQ8PNjdXMgn9JINLYRKDRD+eRFWPV/WuwepSjtD88LGJmQ66GjnCqXAOFo5RcHmPEIYM5o0x5wqf/ibmgheuUUBJVnNvgH2ZVqMH8oNyr3OfGxfgEItvA7LgQ6ao1ympnCnXZvpu0m04UqNmebsuEnqH2EB/MIBk/5UjyMHTt4X52S0RpmXU8CDZKj9Xk9VFDCcmWnEowMHl9i2CjRwMb0g0b8fC9A4N6P9SbzKX7usUJsa1tSkra+Dn3C7vprOunvE1fQiQM++K2KixP0OjeP7TbAyMkHTszrfxdvJT7V6Rb90behJaaDb1pZAva1SMQ0vudV844t+NLi96VsqpNptx7AKhzSsRrzz2kuhdVf1dr1JinR4h4cVSwQCjZCcxLDt8do/d6BgHuvHWQBBGOM4AqMOyIKGm3G0ZiW6j3WiCPmiWou/6cRFu2AqgVWgRludtcgZaTs/p5k5gVFVzNtkocfg4hluP0zk/zJeOdU2zZ/XuxDuNeA4MBHTZ4qzzKgMLVMiMWsQ927d7J2h9w6kvmoXKrKZH/oB0R4a2pDYiBpag8DOm8P76uLeaKlgj9EQH2eK1KO2998mZwDGS91HWl4O58SjSENBZFr/thgzqFk+2C80/abMjofziXrsefuJOYP8L5LXTGyV11qsjV0HDRZhlcvsIW2q66t91lW7WNzYoxDBNQJPq1nSEewF3tvDT4BhtDAjioO5fVVyUyI7bAxRcCZ+E3wjDF7uw7yngbyHP4spYU6xi4kJhQEXvBOqFt1N/aY7etlfCn4daMNQK6u385XIcSAq/HgC0D3jqJTil7HyxF21fwQCorK/G24ELzjW0SfYUFDHAeUKj1VkU2GqAO0uCGklcx3wpcH6QvSQMGid8yRbEketsXw+H0CBloWAptdLOZj9LhwR0lXlvooYuDGTEoQ4SXx37kscRDcpWggW6NA21wIwQM5aX4kuhvvsdEpOEd4lUdH4LGdnRTHCdldFK0NxTuGuf8swEDYbVUjUHwMHIzmtNG5SmKahPMwEzg2YIV1BU8z+nXbT2XaOUD7hXfpWdGx0BkQIeIZL6bNJMDuvmjtaoDq5CywmyOIkrQqSEGDNyCQJLGBGPD1QjfkRbtmtB2gVyyQTuPqI3hjOuSZ8ZBiTExkXYQvK3eNrij7B9n6q43pOjJ9zaoHjHx6sMcBMF8qcSNo7xoD5Xd0Owv6USL+tz+n5zcnu4PKnYg1ZdfzxcQbwKUZ21SEVGW+ZU8KpNtHjWB7oQ8MTD5wjpqsUzgYdkBypNcRWBgmzCsZwcxR0LU3qRGDGe9eSHyk9JRgzDuWfmlFsOb4UHZQW3SRY16xokFaXcpcu002GX0n/puS60fLsUr5/raEBF9vCPC4miucCQ7wJ7cCzsRc2fBx2osiMiTCDPmVK9QpxmQ/4fMnOZo4ocAF7cSesqZvPsOo086K2OeU3vr0kQhtFTYojFGM04zhd+d87V9GiYUR8ABwAqaqg4Xk1gh/oputa7e/y7NsByv0DCKOQxw4uKDNBf02WvmUnGK0w6ka6ZQmT5+GndTY/DdUvxXTUZqoGZf0TPZS7PrJFWmkUn9hwqIlSTNtY1WwkwWSbvKTswe1sgfL4Zs6u0tecPiIebRIYopNlDSMbk0LnKLo68Xg2zxV0bKU1iyMzyobh8/mhLIVAo7NS1za6ksH2km9dG1IUjVJIxtHjZqQ2BgOcbLEqEA1+J2tuKxc/lHqR39OxwDObei4bpXJqfWPEG4mHVGFMNWkj7H11cnBmX+GWEbEBXarQCZezRh++WROFmmylfdy+QlzD+bwxT4A37a/djWY0n27XdRwVA2nVGdBzi8aBSFws/lOaaGHJnpotFw9xjUuXI8uiN1eGhaWCzU2VBWYNutjKBJOefLYf7ahpjphUv6W7uYX+15leuWK5RuCwL1G/PmjdLNMzynhxgNmW+xvmNI7WrqLrfGciOqkxPirUq2tzvXdCAHDanS7Ckui04tEswwuxyaY0PMf11ku9XzVX7rn/OhxjYjck7D7O9S5SYWI+5u20Vjrv+gIYPI/YSLPNxacmk4GYWUGkafSRgDg180JUtKDmquaz/rZVUBC7wVnJV/Tv2aTs+iZbWhiGqY/4wepo19Lxzd6wBQNPfrN+d+BjTDVmPaCy88lloXWJBsTIuWz7mmANV/LMkNYSA5poCL7rRlbvgaOsaxBQ1yslmJ25G9oaLU0mj6SEfoK9/aZchAmBB8u9s7DzQLaW9HmfgHcLuU1XyWRm1nIeFFqrbBnS0fdEOTkExXI92+vRlM4DbqdMOtpZcZsUMiXvKKFRGhuZRxbY8HujqLHD+298Fk6y+GjcH8+Yfm5euDLp97/tImUqjUb2Fqdw/7aJKrR7zzWHPp/rbJtDUKoW1lvHaK37+eT9MF23Dl4Dteu6ouPGjaY3z/EUINU2J8E7HuwNjdQiw=,iv:x2TJ7k9fVfblb/WZrUP6lgc4xWg4Fop2T6oNfI6G7rY=,tag:MTLldXBFI16om6D5cDNcuA==,type:str]'
|
||||||
|
ephemeralKubeconfig:
|
||||||
|
certificate-authority-data: 'ENC[AES256_GCM,data:Mx3R3AOO/a51bRTZ0lrp2KoSsQHaiVByXi8OuRkL+Ka2h0dt0PuJ+0XmvJNPUjc8Iw2DQ5MsvZ4AhbrNcaTV63ZH7HpeR1V/bFbqj2T0QzHVCzuZlpjW2GFkzMaDBFSCFmeLhB7KsK0chTkvIccd9VhSrwA4wukgY2Wy9r9WSBeZghV6yteVwIANz5qLTL2qalq73IYFbMGkQhhsc0sKw1X6CLSfz/1Cm5r5MNWtGnrnZTAVLQeF7ZcryqloMwRlDUBblWoM4oDIiA1UmpLmzCzOgNxAkNF2p3ci0WXxYtCDyX21lcYhDFOk83lYmIzUl/ufjJYdEWCfEoUk0Tsz8LusCsjm03vn3pPCpwaBfboFw4DisAkfh/nmvKd1rO7nrcWK0yrSjaNuqoGxW7I+GpFoeXtiyYKMk8konHy8r+U91kLW419lQ8iWxiQ1RyK2tgNj/3mzx6EZ6VnKbz7D0IA5+1KVXPOtF4TGQJD7VHb/xZhkTAy+XxoDgbMMS1EqfgFVS+/Rqp+V19VUjOiQg4WMleQoWT59xh78oBZFKXElK2neDmym2YLASeLs8nKprjWAVdlUAb4zX/AqRdky/+am402ifzzWDXe6IOh9Q6l0ZUPM+S2D99yG+JVlTtvtcmtmGu1ZneS8DgpEMMh70kGv0nr24YbhL0eJMmkZbIayiWMjsNkMk4JGzkZi0a4OpopUkrO4R5l+smVkNHtWxhxUy/8sUqzqNyGtzS6b8ygB6NEd1uTf52CqltyV1+ZOZdl/Qkb8a4BtwYdbb/kOteO9SFUv6kaUabaFyUCAo/EoxqraIREnmuJCFnIp8h1TzWN8om8UdBsZdPKlg1nv71WqxL1ZnZ8LgRClD/6dtSCcq8caECH0l2sP5dmctx6IPQJd/YUDW4RbLX9NQqCRlx6LR0jv5lN5I5Qr//07k5KDieNku6+uBnS3LMzgKKbN6swMjT1TMje4XEuolaiDjKAcsMb/tEJFwDYfSROcs5vylLJDwZ/DIo5m/c46i9hJJgzKHs1PpNXX0bbWR/M3Pk7fARF+hirdk7971FoILWcRTQZo2UMF8QJPh3MQRs3dOKIPMugDNTan6ftnjA0+hzwr94TknYGCEv+XH4Y61nWGZiTcv2tCt9JCGdXNARZLc3RtporxCtiAE8fMol9oso7x5sMqmuALl+iLfjpqzUHoXNJ9slipLH1RWDisGJXSQkEgrQ9h6bhUaOzuUeauYxnZBETfBZBmSoah2NDOOGcywGDDo03sRleaRVguxSZvftWtUb6RhHSj96qDbh+urbdW1PhfKs6M//XBMmLw5zlulYXqMaDvHeBRL4mSf+ZKNCFFCC/RJxGuT6hcuWOBwe0ZdCugvkVaJgqx32Fyd/YpHDPlFZEQb8/T0wP9M55jLg5Vm3voDzA02+UIZZFkSqbT5ZrmP+ScXE7HCFXLFBA3TBh8N1f5obuH0rbENvYFkBlEtIaAU2FkhPCpHJworrrIdpq/byQB9Jj8X+yhBh4y2vdSGT9faUDUB0S0v1fiD92IXJKzPKlpId3a4/bXXGl9tTVSQ01lPGSJf9/s2WyrRf6lhPuKY+bapWcs8ydNWGYhCccmZ4OHaOPbwGwks7l9RLTjDJzTr3ntnDI2DnbVENKdhuAEkavoElmgGSMscA/8sseX9FeuZLBvI4fKyNE4F9ZzAhUWe8JYulnw+oimizCLCAC+t9Inixda+dLZWJLbUEg17zvB5dS/aMZhO3dFUjn1/jGO2zbZo/SxjaHyi/WQFr5mZcLvwU+Zdyt+TRAbcV9sOy2tWUDp/xlRYAYqdeRBMly0lAoItUfa+jftUtR17l23i7UcMLs68hZ1NyuoEhKKDteRW8epgsbjmPfq8a04SPBW1XBZ8ujubf+UxMhTlvXdXKCQ5lIvlZE81Ezk3PuRfKXiK2ckCHjzyxE09pWkZXESAmdqKg==,iv:1WkqcxzVLVfrmBMCTZ48q9JLRpEkBgioGatSU3j+WQ4=,tag:VmKsG18InwFczeME1PUlZw==,type:str]'
|
||||||
|
client-certificate-data: 'ENC[AES256_GCM,data:85hKBjZyixCRv4c7zptdAeh0p8a4F+yYXssxGUfhYNwfYAY4DTHAxoLsYeNcy2ZdNUDoIBrQu8BuqYxRnMkY4RcT+SzWwGEKN2yQe+Wm9pGRcXAB9xz9A1nPHgxRO0ogVcDR93bJYEfsIhx2ws0pSTw+Zn7LGFoDwMRve7xXmMoxyYKHj7L00dDb+fp0a2rghC4Mcsy/0rijSWcvnm1mC084oMl/J5dj6tHIR2zEpgWtX8wRH34vxxkh8nyghuDQfOElheZ2q1Mho3deHtDxJJ4Kk9nscCULYU0HRjBghsexvWvGEWn+kDUCFAvSe9o/nkWxYiTt3+dM1ifDusj0+NzjBbLJvZ24ZkLjqgW6jIxVVCiD8Ky4kTAOfvlFMoRsLiezGvGbkPj5eTtcJOR+ukhMLpabKqpK6GDxohQfpD+SNYmKEmS3Z94K7oJ3d0OAPCE/qgac1AZTbDv1/buqWexT+zus9CjsWbgmIeJppWtWPHsUoqVmM5teB8zs3Qfd7IJj8ZtHZj1l3zLf1lIE7GBgToCwVPjc3opSX2lmekOt6gMmAfXYKNwOypvRhe2Fm7BAjrck3GZYj08rEffDHdO2/2qFq9qknKHmS7mJZgm3aZZh/+eDr6HVSLYztTXMjHKdzIthnsSvtX94Mr6nkjJMnMnOuFGnC0b5VKrw7ZHktLiaqorerVaYsCXr+TdQrIYkEguKlzQbnmpztGjCxN9JiaJ45Qxzzijxdy5ahlNmpQbrgBWBgZjjqdOuBJrBKNkzKyWikFk+jBsfKZkiHHT2Rw2+uu3Xz/LTc51vNLfFvwKr0XTa1i/hQnxtI0YlsRm4SVornTsSdQjmadCrz/NvuPwJ2lyFZirxeZsajBHUJ/Obk7ssevFXY0Sel2kajkS9lNu/CfMBz18PNb/+1T7wCP7RJzfFnnuLYrRLbCw9ihKNtRqkfBZA4X5Hf6ZKjmM8ifYqg17YWDk5SFUDJvVt59Hyfr1uazdHIWlovr5bju9TfGXH9ylWm8Ms+AB6935fBNnwsnN1tu4yOO9voD2dc3X97xqlqcr0fOhTIkFXlyAlILRAb0wywFAqDX8yrpIdtXzlY+iobSj/phXcHCb5mdvgrcKCrkOmRMhIhHmXZ8g+fBh52gpxVjkEwcmI5/vls63UbwC7NF/fnDUZeW8sq7aExFL7a53ApVoeXTRC+eDrLecI87Ehfz7aGGKIHa9CU81eM/W9BOsM/ZFLsx4fK3Tgp6ZVHYXvGc2geJskovhJuEyk41OYtGVYXZ/OPECrHFaj7za5zFxS2/GeEHkI8qau37d8gtMJCn/SuEP3hBJPkMt9S0OIYgl6jnKx66+TY808GtlDaOGr8U94oGhsnzw6zzTMWYSMKyoK7yIQwOvZKsoS/G7nI8wa9gm2EG0+Mn6Q+2pZL81EucvbTufDqUwnrV7KJeEF5wR1cM56BvZefi9Y67FeF8NNJV1RClzcZwg520qXKUU35PdYyivuKe4UqfkaKfltOUmLoEPp1fTad+2HoeeZFQr/b+6zAI/If9Z5j50IlncnaBOuGMsm1qxUrtpNR99gCswM5VJm7G0Rq7/ykB9cCcgdPJ1Yem5Ktu3+nRQNi2LviY49h8xrM8bPd3YvpVIpIks7d8dX6vV2jHF6CpIqfLvqWePiNeplLJ/C9kB01E3LxDgi0n7Vm1zQoBNzFjZMtHIYJX6abZAQUPwtN5qmJ56FFL7TZTNk0Oskw3khDj9NVphb85nDHGCt1LL5r45uVhsEXU+OaIB5tZZIZRs3kLpt3GLRHomOJKbxpExdjw1e1GqK4JFN6v7Rr8BmSZi+4nCGrg6rdFE0iopmsEla4R309mS2XYrMn2UJEcUDnnsmZD/UVeS27xQl1f3EK4fruRobbEQszWkDSYQ8RuJIOihyjCpIfMuW4N4G+znepub8kEMNg/eLgFw5X9uEoVJg8RW2Q6nJE+coMt/sKPILVlfnSFLy,iv:X/ONxuQJ3EVMe2RZLlR+mwu2cKtP2JFGztWNjOklP/I=,tag:9a6KFR/WldtUasiA1iBmuA==,type:str]'
|
||||||
|
client-key-data: 'ENC[AES256_GCM,data:hPeSh6qEUcnok6HgHm0eVB98kOqwjVYDM571D/kAvttm4XFX52/eNez/Mc8zyvOwv6P7QCOmJQTH1BQwyaJS5rD8CeuFWP+igCF4KLIo+8rqhLu6FWZzRblSKWnZhb/LHeyEl6EDZz7aA5njbEdXrlC8UkiJMu2xAuAE7a65YVag53AWcvF4K50BqRxNtGnSCMA88vLSXEagCGbyZeMRgJmA8neJTzsFCNXCMpGGEiGIKCsotm2xyBqGClZxcI1+sqCZag4s61rlttBYlrlKm+F0eF8vhoM9vWlHu2HRshFYEy3x/e/CMnULByGfFWqwrqstkIVjT4nX/txQdp6SaYrG/K71pPATEAIGbAERFh+APmfhVa1fmg4XSn4P4RzPThH7O771GRsrXkskbVs9icwKPxwpBSzepn89kUYj+/dq1AWo8lMrRI+T+s3vBif3BBGd/sNBZAyxSY9PJFtrAgaE+wYCJG5Gezg/L6Bu0GyormxwtRCAKHTuvcIQiwXWigJpL4oobKONOiYIfrooOeRGIogmCMdFLoNj3A+NQn8g9yN7ybe38/X4b6iF6a1mjWBhKJHDVPsFBXRsPp5DzIreVJL7+cw7OlwTSaZ4oNpGXM25a3NbMjfjYz/QylC9fKvE+HEpbKhWG21aTLbwtSm7wDRlx7lEofhpzR0/oEHsXtEk9qLupG3jTj029DaprStvKd4V1uQV+jjiuQWH8WXJO5ZrIY5IvT/4i9LWI74Bmdfm1uxFO0rX54xlrmLt8TVO6JnSijNM+miWLZMrhezT6DJutuugVx7DuS7CXUo3QMfu9NRQB2Al8DQS9DBrej2DXJ0cnCZu752vS4j/rRnC2SHYtLRUEzJuIkGWsMQIq9nnmSSMWpD/cdWEufLeOzRU6OibJQ9lcu+gaGWHBHd2MRyBoh74YHVOIH7HYop4CUqZfpnxc3oN0d4Y6B6Y0/qO+94wsAgp9b/CXbjrxxsVJwJQlAlHN+xFHNb5HLCXlXGTDBoseHARjbWaqPsv6+HWFkhzwnxtsSJCdcCrOpKJFlonO/ujWvDM99Uve8NGkZkgoII+FraeSVdBQIogUnRVtUTi3Aeqi6tn4Tt5K6gNqVX4O+jQtMrNZaDdD3AM+7zwZdgwHfgNYrFn10HUlgcqISuj0cJGBT5DGFxavGD1Shx/uBcVqOHzv4IKGfjpqjqPwHlqOuXGosZtgpbmLd8RnacLAb/WJRbGoZhM7r4AZEV8815JktZsD6fY+iH0Gq1+OubnfqWmzinNiifnuhirzPFLDOmFw0sK0s21Xr45pTQX0Kj4T+kcOwjNX1D6BJo4s11Uk8D4rfe2eBfFIoGnE9OEEWvvj8MLA0A0i7nUPhxxq0lKu5faCYNNw8w12+T1F6corMECtgqtphDvu6PleLf9b/aFTp5vYefRz/eifx6h/NIn7Z8qq3vI6zWmGv9zRZiKtDedNwYyOIC34KCYL7X/UsjsbhrpXsT605MnyzxyKOMLuxmaYPc4nj2M4xm1GJCBqxjxVkW295vO/e4WCxTyyjNHzNI3Cjqzy+dhyV/tq9Q6C57iawAoOroSVl1RPAzTqxf8slt4b4tdRzO4d9XoZgxTM0qiG83qD96QDhzi7wxY81ztDaAv9KFez6yIx5B5QLCZXoVapf3wPR8DLv7RzcKmdCKpinfSwhvgC2GpUnEDyQCIJTz9WY5AckbsLbsDmefMuLAda7K18kzR4MIrk3Vvv0MhM1CfeOndxG7EdIyDmUqjKc/A6KQM5L3u+qoQozuKRCWlveQPaG/ByBnf4uN9LXkrJkND1MtDvXssQJHRTgzTe+3mfmhq2aWy7l1tojTSUr06X4XV0ay4PSScxzdTVTf936nigmiU8L4qgk8NJmd64XJprH+mmxpU0tOdslsXSOxk2TP1+7R9Wbyx9Z/1SIhdyWjsFCfOgDOFL0y8zn4jaGehXVqt9FL3VDodI8hd2QFb6ckGTn5iW+zMMk1ZkCOizmhxC5oCLP4MlVtIEgqLwqclqevsAYVpSIxCLeAHr/2IoPawAgxUgOHgtA6LHJbv3oN+XPo6+nd8sPkXJZ8VlY5GouBwzf67JtLQjd8Y2VL+RjVozUkOcLTBBLWHBMxWjwp4+hsRc0lP1Z4/pK4CXuANacYPkmXOMozJpTJYYoaNv6WylLLFKCyj49yW+gl1HAkeyb8PSNY9LgjqEIZB+RZ9Xn7Utt66Mhqap0o6pCdAUuLK9uv2CR9rCGEeR8j8dsBQ9KJisxwBUjz9b6cBMT8XuOIUkWv1ESZhFmKJ1sCXhVKFOzOq5CgjU+QRMGOu+LIw4bUh3ZOB1DsA2P7LcZiWSVvtcQ11K20qkNK0Kkl9tZh5Y7qpRgh+SmIQE+X0QvZmWC7K1gWrlFEbtv3mw/9IBazy2GjA5ULKYz3ZzfNOwNrd4++rH6YHrwYn/o7slG18bb8oHElCzENwQC1nst5cmbTfHpeX/YET3tycL+EOHL16Kfg1DKzi8hbNZhAI3PWcV8rsuFcyMbtVXa3MI6y8dfLVfBETUlgPULJ5w/HFarKwXpRmU0v5YKpg0gy4JafVyqFO6bhmYAMvqKvZzt4WQUAEqJdPDEhyWj8ZQLAYwgAW1w+Lr5oIful4omz4AmDg4jA2aAB+/o9S42rM5nLLfgDZVBMeCU4QgUE9kM6S7lPWXdkaZUgoiUrD8OWyKy8KiAsMt+nkbuY5G5X57IoOApCd+smXT405+UatpL9VxQAHUaPqqX1raqDVmJHlJb2TB7rB8TL9q+S3AdOSQOMEfB/FxFYlIO7MyIayIyr7+7ZLBvJEnCMae9kjgbuHRCkelA7Qn2WCLzHRuPftgfs+cKExDVEmTsGkGEUy7erO00muI1Kt47HzIt0emR/RXG0arl31aYP8nBSt+cmkA3inWK9PaB9/Vc9gZul5Scqus1GCZ6CvjxhCMgUx91YrGYuVFGybcmUocXFVnWfoJ65E7n8=,iv:Um9mAPVzbSdF7D7IzmztYODkyCtgVwAexya0uYyxRFY=,tag:OYU+Wm0fBpQ/GPQpNC/hvQ==,type:str]'
|
||||||
|
isoImage:
|
||||||
|
passwords:
|
||||||
|
deployer: 'ENC[AES256_GCM,data:5gHuzx1UgSmscTZVHCw=,iv:aaONFJ1W6FlQWWYwl+th7yDCRB71qhRDtpeP3verayI=,tag:wXdqB/VZYpeIDw7cxTYYBw==,type:str]'
|
||||||
|
root: 'ENC[AES256_GCM,data:0ViR7nN7r2HXAJ9Pxxw=,iv:bzqgGxK00NAkCJQlIt4x3V56tv3kiKipiUremZyOvf8=,tag:fC9RVyo8nObI26ERKFlj6Q==,type:str]'
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
airshipit.org/deploy-k8s: 'false'
|
||||||
|
name: generated-secrets
|
||||||
|
targetClusterCa:
|
||||||
|
tls.crt: 'ENC[AES256_GCM,data:WsmzwpV2WvfLHUb88aMI0cBFhOUvmywUtzLNQ9vpEyA+a/hzOkCt2hH6IGDg6rOg/DLCExMrRk8edXV8SropAl1jfa183igRPNKVYnswgtXZVOsjrXeoumDA4GeYsxh+J5y2V3uWoAzfepShTRyJZLLWOTiubgffLmY2c4hFoPjkvp5IdiLh19VYDLnLUhxPdJDneey5QwN1wdZ5RjKOD7tB0boDiENHxfzhUzWRHIok3TC1kScUqKbKNtqoQnl5R2ghTFVGyMtDCaBThdUfGWItnbO/F1ICvMKDkWCHEkh1XhVRi9WCVZxZHBzkbcRh+WTSgfjKnRAJmz78qgVo38F0cE4irqjoV9gDoCubQsplRyqOqmR5FY49g4599y5cRCyN/Pg2KZ4Qow2BO65EAQuDarjado7eB6LdBPCFKRFvJPJf3LxCt88esv6MTdJUTBuWWNDha0EqdMgPe76/xIoMNv2LxVHSzBArRz2jWayREV5FrE3xECnO80BUZGa4P+E2VgqkmijfQANm4fxAlomh0Hgy5V3LFa2NAfHnK70pXz05nwl6+q33lEGgQ9UGWG92o0ZK66bQDKSGA7AuS786fr9WiFhydGW0Ot0pE7Db51OL2Ln1S/SJCSyUi8QP7FViSreanwtz9dbXbXjnZUjQysAcQufuwSnX9Iott07PadiCCooumT4nBOGru8xi01SKiusOEk6qjscoTfpdfElpAHFQrWLgwGuS399cBFPcfu9YbGqzB6t+xRq48KBxvLGf04uVppNdcf3V4opy3LGDeNETcMfKea0fsNkSKMYOah0jqBoUcA3Qpo2uTo7qJ5wnO0lXYpn5RwxYgTKHIgomiFPOn7BptVAMz49EtcxJQpdpOf+LzjZLRHvZIqDlbrBrdSpQOZqsi2MXpkTG4b+ZEyP4+8helKe2kgOAgKzKQkgOjGWN2fbGsDqcLqVCaz08kvtqjyzO5bF+IwezaKl1abUAm0YEH2A34IZr2lkTvhIPN9YKjjWGZk3GCofNOFwMKLZ/Z4c/dGrjW8BtszQKAnpl33wyXunCTxjZiO3mpWgI7ffmXABSHzNLc6nElVn7Na3lwvxlSIGY+dVIekWSV2Rf0SdU5mBRh72UQ+rXwEq7C/ZvgP4mAyxzGZE0kd458Tnjzt0oqNMPPaZnAv/dZW0CYFQIyQuTFKKxbW0IgjN2lf+Q5RpbgfoGLhNEqN0gg2D3YIjOdOE0y3dDWx7iTQ4p574VIhxeCdoxkUIhuhh3P1cIqyjCdCsjmsEVG5QBFo/XIPjoffk8IN8DklVCp8AwIz8CFrMySRzgOOoK91XhhXo6BsZsIkP6Xk9zWvN4op4VR4zM3eqlcc5stBg4KepxxUvQTp2OpDokc5JsKxhUp3qM/uHjYWsDlflfaZukJ2xLcaRRniPLDaRbDH/9L86so/9ztCaCRB3OEtogEjgPFb4KOFiPG7TqUtvrisygwXno10DnI8Q2VR916hO1Gfyc3hdTpHzQK95rx3n/CVclyxibnwpH9S8DlU4QHT0X2NQXrO7t4aKCIg4NXbYMifN1Sp0lEHr1EapqkuL7lqc0PSOTonNt8OhBZ4NPvHsgndQ/+r4aFizZ/56k4n4Fs7Ki9Qvrgkk2ZJuX0amp+cdWwMQmDWC9OIOHRruHjtquX7gcZuQf3ibEU94K14XZB0mSbwmuTQajkBIKxFmtPbe3aCchvBhfaA5Tg3qm0nQS1dpMSzKYH7+kBwuGKKW4l+FTpW1OakPFM22r5oCH+5IY+Eh830Xvzxm/3zZdVD+S/3Dk0S9CSG8moPpDxxjwZ4DPcc5j0fEUweML8SpjeoHdVqyaU3spvuFryzu9poYukFMthvdh6xGzCHzM3889RZhOcG7bUfFlZxYQ015ZSXlYek8TGlaG6oAlrOIjrxRn+guqHUsAOlt1FnRe51WCBh6zMwxKWhVC+Q==,iv:VnSbM6xsMFMeMFf0PkflNnA2SK5cJsQ/HNmN3duawEM=,tag:pMk/noJNqGwTFalvR+Ar2Q==,type:str]'
|
||||||
|
tls.key: 'ENC[AES256_GCM,data:kvyc7MnG165YbHWCltMw4EPzZ3iC4nGOFeQ1z37s5/92f5Sc0pKnoi1tyC9YvgQrN2hbCMJH4H4thQ1RDEO8QNgAPilblNLW8m9qbSQ4SW4dbXILhokKb/eEN2dRfbEzLr+b2SBMDFi4KSWkO/u7JjCeFNTN9JifFddnqHlnaHkRFPRH7uXDf2ZziXcVbLD9y6JP3ZexTAGGy8W8kZhA/xLAdWGsLpyAC6qLbS3Ggv77JeRFTUTjLp9waoDootSA2BDBmC/KhoQKZIvxEDxdafe1qYqwtgl4L5X9xo6afiZXH1y3oBiNrASfZhE/yDe9oxVJBgQJRBj6zshTJ3ueoS66BdJY0gc508gEkEvOv1i7ZEqmhSTVaw9PJuABROHVhwTcpMYcOhhngdEh8/TqmPOzl8T5wRARgzN1jPECrh5ZcSrV6Guntc6SJBR9olVtt88QpNu5SwLJCTj9Xf5UgW3/cBUmsLpPylXY88B//5RSDiAtw4XIcEKMkk3g8czouAEWwU4APa5C8WtuF75C8VDQdFqmoVVHxshRhB1Y1j2laAhKAwq1I2jWUc24MLvCk2SA+o3SMukE0GcRSIx5rwh6bDaLbutgUXFtju3rYrbo9riFPhDBZ05wPB6lrST6+ZBcPwwvmMx0ty1WeFXwX5ddEBWnMLCHfDbTsi3hjNVOBG7OSmINe47YOC0+8Vf09LcL+C4NCiXFO8V06tmz1nbSIUmPBZRAvCaXTKHTE35dVtkkkmQy1wPk7dR69ALTFWhnceSi+LMxcQOKpafIU9KlgbrjhbjGR3gMYL33yeaMMR6OB/ghXROaopww8uoANxUmyf13VMYJBaJ4OVVd7M8b/vT6RfMw8fytIQBPB3I9xVvYMSoC1dpZ/N53LEIo0vq9suLoVYnFMhILVhxy1U/JChKR1tRv4lFKYYVKcZKoze9I5rl6FXyzld/ql+2EM0lJSAXe55mnmdbYPnQlUHPj5wq5AfqXW6ADnIqWHqdbEBo5UEvu9S6ElkMViNv9gD+iX5dD6DTk5Bx7R+lBmsvtySHopjSqslHJURCEmYDpKdKjFxKZR9uqaF81388ov3wnbQRFMLFzZZMwMTKVwL9oAeeJugQ6Hd97fwbXp6X/0mYbh8syaFfA7vTtjm/8oc1fPFrlUBTSXERqlyVgzq9j1IrfZeHc9t3e2WbNXmmlDTV5C7VMeLhBjvEVVNTaFVWfP7YQsrSbzrtirzHB3WFIUifdTCF7v3SlfE/VAmVfuI6w0Zi92g5DZl/2v/bfwLay3JETz2LIYb9GSNbfLX0dssUROgGUsS9F6WV0r1KT/27SsOi9EDygqqOxoFgD+YRckf2oDZ94wrT4vTVHlm9bQQEsKsogwofMxR2GnJwsozIJj5unbY1oiHWBdJfsPPtisESZK3SHxIVcF6iu8g8yvhkHKn/xMeUqDOZN28MoELStSFTkQGpOml5gXdXDdK2BEzIKbeDOV0bVIgN6WYZpEeOKgmoHRa1obDrcgUvC6CB9rPL+40CvFwroRQjoOMLHDZfBkxJxDYDo5abhLXiyd4kCG70nMhamlikVEJOQ+Y7PWIdB4ez/emEqG3S7Z7it/NRukfgFJ9xbnt8WkzJiKmbpnojjJTc/8UVSYSZ1y+UA4R3SKcTlr5/qyWn8V2nXrHZsH8wpmScmLQ3NZx3J2RnSrWLveXaksOcbFBebJPXnIvmqVZ33wDQNWJROXjQfCqtZAhXgOW2vHNyQEoi5IjyNtyGIvLEffX2jsHTgD/QOypA3e38EBgLkZ+0ybLa37GvYCH2GPzGf07TcvwXXlv9p1bwByCOCoUxumJ98gptfbQG7OUXPeDkZIs78xIP8mV2irDqawWn+4dqJBgDZAWudY8scn5gWo8L5sE51kGGsDE0MrPPxcmLBNFoTXYrdCuFFQXdxuQ7mSzX04gGabL+d1+SdETPdJLaqVe2WbI7huEd+jFuo0zd/WkYbJwCxs0mOB1xjm1EwIC43hhl2dLLIGYZVu8feoB2H4sEQeke6R1iGKDOpzL5CeY3L0/EA2cPVC9t3H7wjidFG4w/yfmQQZiN1ivoiLGoWTFN+ztGH0FyGS8M6Nk3d8nP/MkPjCodRIUnsppTRYSJgbxa2o0R2b2wftBdDU7oQqWy4XK/H4zVltACaZE06Og1Y+Rvb10NeYUiDxJupat+Z1gh6u/2ISDgZQwIsRQRYdhm1JgxxzUSeNTtGQPkRcNCoWlaT4oiuebSG8fsGPFaqv3KF+lWlORpKTjMC9mlBXPjH7NWeZOiqNI5pZaf1tl9FnOvUwzNdcGLR6Bqoe08+asKoOuh+NbKSEAlALnPnznFRBapHj5C9ppABMYKfqNigM1tflctJFiiqNnpH6Y+qXFzudrkq9VqhaMoccgkqgYcFEEIwJ8goByA2ZBSV4mA7sDtY0fCEirP98j4OOcUpkHLgaRbRW3DhvfGNOJDE0YJjb38kZEZ+KdDcu9CbrXBgNVet04j45VjIonlum+DWFsHD4tdu1CPJiii9retvUWn3uYN0zSKrj1jEL8cO7Ujgmm4A7Szgz6gP2ShvReaT9BtYf5W9I6HXnedjFL0HOT6SdrG6kXPMns6lOkO3CcxrTM2w3vtms6HYMTFSXDr1k9WJQFIPqF16MrahYaEbHC0Hn2f1euhxiwY6Pd/fWa8SOwx6It22sq3RX/Ra1dbRlQ8UkwvPKV12pR7Lcq3WoQr3/blMZBiK1nXgKREndxY2/oUeI8bpw/qgbAViujfyRVPcmfhPBgMPZceUbVLGlxdYzPIKAqYgttBVHDZNdvI4JEkK4FJnL55WrSiOPEEuiGrzOSKQvZ2b2/AiHceAax/Rr0zSxWKZ7numzZKYBrPBgxeMtJABz/alfsRhtKxIH/Tf3YUaMeS7nmYaOgO7nDTuLqSyWpyIqXQHvf9TCeZt3o+0hBx4R6wLlByifj/QOqY2ZbUrqLqp5xa1d8/SD58=,iv:zCKTZ259WSSteALG13EAZaPvEO+FkqwTvaFv6VQ3PRQ=,tag:wtL/ti1jBKK/zjzNR6E/PQ==,type:str]'
|
||||||
|
targetKubeconfig:
|
||||||
|
certificate-authority-data: 'ENC[AES256_GCM,data:XQGGPJC6gnZKfIVTEpIFrnu80oB3BrrpGCiI33aKpSPzH7mJn/QLx/Ub22Q8pL4Y/AM7LRTNQ5dkLar6bns3ePLCes7QY0WtB5cp5QFFtlIDHvXWcX6o2yjrWP64cS3UY2Ct9vije4cZLlDHjOerOyI5yCXCbWNKP631EXq8KxmuTRQNJROtvnG37RYgp7nsHu9uXVcrCxf2UH8WH4LhO91yW83rJSThSSZMPBwUfZdvTxdFg1AU9ZzHxQr+FDw8rDIsw7nXbfhlQxvsbp7Sor1rPnu2/pO2wVMGrnrAiFn2qwuxWRCAC4gNZr43LXz1aYgxzwcTVV7Vn56C0G+cXgS9uceOlknYwE9ViupOeqmUJ9OaLldFmoEFmTVE//qamT78/jjBWjb2ZJi8ztjTCFkw9ce2RKAd4RILwzZ9bUMjJKuO397efe5VZ/Tm+94ZDRnrOpNT8NuFlhcyZ1ezYhSEJYG8H3cr+ep7j5wmhse1ThK7IiBaUKlEkBoZEcjd1TI5KGf/1VH5VXdW5FbGH/gfDUeUYH2JuMSKnGuozRlCacjK6lu3kVZpQTXHFtpHKFiEbLgCFcmM9HnPt0KLKlYX+XSgbElQPMHvyK9DrErCrj5KZ91KNOupgzqUJ7Y2GYYSWEGIyXQLO7V+LjDhE4K5PAQzEJ6D7dxK0b/4ze9uQiFtQLPa7qQ1tD8m9JoAUZSPWEzFgsOYJF8Meoff4Kp4vZU+p5+LlK+jOt/MGFF+1Yi7tuOdWY2Ulbzxm5TAt1Z3+HmgzidX01cDxb9zT7iDa5aObDI4BEFlPw8s0dZyvwLNXRL5yq90m9PWMZHmlkwpPXXOqCumbNC+FW1E3hQ1+drIiLcX0uRd1jHW+4RcS3ePYMQzZmt7aLQhRVfLNiJ7kW62XNNHAs6cc0Z2hJudloH5AQpWNwNsUPUzgaFnTPu1PyGhTywy+3C+zsLpfzQFCD4bSyhJrDj9XJKahNAWk435ehGNGCgr8bkj+9fZa/pTX/bmwSFMh/hvULGQB8jhQkCoO1RWCQnLK3iHIc/W0ED19GHxgWT/SOReLeL0TGsqN9FiesCo7pDkVGsbEzPtXjt2w+jaZovTBp2tBuhm9l3eB6qK17PqI3gi1YVQtaDvsDNwq0J0dhez+XwbVu4usrciyQYzJJoF0xHPlGhnyZWN83bp/HWZq7Oau0D/Gzv0eSZNG4TIXxAiXgTNA3EN3bp4uGzszYhzarKRiLo3+Shu85b7oa//UXp4FFUp+lRIqr6HDyhLv/17WaopfaNF/f7h0jym7+gvYj5SVKBLgawAkEfGwx+HWoEYrQxaXkFOPDhuNkCY5w5xaSCfWGHO/zfczvLwPXeqVLTmgt1UpdyOmrVL+WzegnsrPuIOL15VwJpxdjV8cnKMdp0fWRur9FTnDUSE3yQQDIUr/dHKP9wGcwxRoaa099zHkjpJVJk91sbxf8l6MCe8K9H2M7W48ED3DRhpzIbJthHjpZF6a+8E3a/+H45T7JevgZob2DfENYub7c0fiQqMyLU3OEXu90fpPB3450zFF/M6+TB+ezKK3VSxcAJFT9jPX7OfjgZJf0E4q8v0CYHYeOxqvAmoapyaO3Z2+tuP4rPriblu2KsH+5JyP7kVX0e4WvixCN+W/AuSO2O3CqXZTh22F5UxRLSc+p4WDx8DvgGSSsFtKE9ASkGgjpGEV2GBdDu5Ja2rC3qqooCSDtLEuas3zmmcbwVog/ZhHw+us1yyAqDpkllxZ+Hoq8rHdg0Jwep1JUJ7B+/4du60GleqvPbiiM8xnbPFOxrp/lEb23ura4AqH6ZxxBHol8d5WHCh0VxQXPychIsx2Pl/404t0mY0ne4bIudaLsGADwM5WBRczgKroe5ah+7KmujhavPoNQztnSgVTfa6hxjG5EeO1/hYBybXA3gjM1rKaRLUTdGGfcL3TmOf825xM4BLvQ==,iv:lrxOZvtDP49iLxzYfTW2B/ex0vtgmCj154j2xOnJEWM=,tag:ODHDg+Nh1ZF7oAloIlpnZQ==,type:str]'
|
||||||
|
client-certificate-data: 'ENC[AES256_GCM,data:wPc4wl2y3CkIciqXl7e3c6XPx9jQz86CBu/hSfIQUc3IkpBeEajlxlbxHnLDvG+/hyXJtqfLFrP1v5JcZCCiUk9lrZPmDT1yWUOMizV1/WLhC/nDuGitVErRWAeHDtxE7f96H5MKQpv43zmxrg3F1+mvYVt1WAc1SBWgcxY1bEmLtV2/RciaIUX90aoE/3zcvCRq4A4nsPGXqT2NCsDcSTngQPTGttYMCz1bNOUSk27kmd9d5RV5twRKtl5X/pcR6Hem0pqlkhnCIqElzMWnKLIOaxi3/KzS/SMIqRHJZhX1fzl0Szc183v+ew1Y63kGabvEJwG83JpGfKSRpLdH85rUydenxTWnGj+2qpZlgTUa/lIGfXR/X6RWNPKzrZbZc6Hq/s3n1Rk+OBSMjepygp+5huj5QII5gdI/YoW/4+nEav+IWvoXmtw7DNDuzPgicsZxZx4QmgkZJk3s+HX+f1TG8eceR20vuaWaSOkq2JR3Uc6+9ebzvuLsXqX34SryRvI6Mrd0bJwrNu8Dbzv4DKqHrUnT1tVoRRkCE33dHyRhWjG6vs4HaDgZuzfQGJMPQ4c7a2RJKVB2e0HYp8xjFmbQCPDfdVQ0y2/E8GNUZjTQhME1B6Nz8egtZjgIAbug++cgErT0PybCeMCHmz+596xlHYjoL1dIONCvzm//Dc7okuxs9D8LCZ5f7r7IjYRFQt6U3i0PLdv1pTds4yvG47VJimZi6SXeq7Z2LPqSVclZCfPlDC643bC9hqpIsDRKDJLFeMoTr62g5Z0W+c5dmMH/6BQrySgr99L0u9JJzaR2Pzfr2QxlsUZibYniNyuu5cEdMxiVbMFAcDaGWyTOjpvay04fkYky/A9AKwAxPStxx/YFZ1su/8SWIwsAUfj4xKEccjxOcfmL6BjdYdj47ElNYQXqIVKl/j3X7rXzDSu0eyVPVTcOwuGtXrV/VfadmisX9cKCSwLozj6GxqM9JN6QZ6GYAxHzU7V1UR7RTtnPN6s7JOhql80KmsN7XnRddmWPZpOmtnwunKSrvK7rBygXkNpX1TE24dfTpWzBOeVE6BFxUuiYGCoxuuxfEo6K2deBj/7jZZ3PLprQyqgIDipKjgeC6R3qx1UBHOleY67Y4ZvUCQSjz07+wo+B3OjNfbCSN0vHJJ9NhvyY4CdOtrgbzOchZPhobhxurH8iMf4UDBgugefpXRwpAFhyjkm0VvDE+UfKJFbsKcsPehzbBOxXJKBbyDze+Ov/oTAhY3JjGiUe3h6Hyac9ctnrUxaGFpLhsjZCDiewSBo+AP6J7dQ2bcg9XMmw3ckOD/hVaT/sOi2qWsrG4Qnr7ZmCXMy+yWQc21TL6JvT3yI56MAlE9TMrG4PWkktmTbw6eAyTOmL3lzBqpXKgdJoWLR/Zv0xUkk8+zZsVchja1kLPJAL6ALkRzL7PE+UEH57K5/vim8BaHzKO4Q/4fb1HjbBX6GA+/4nW0CYw3vKsa8Gpt2Av4XwOpAHRGrezm3w2o9fSxabCTMroJ8dsaR4uJiCpn7jq9O6a24PL54gP+9dLnvnjK07DXvIJI2mA5iDv4CJAgz0rNPz+6yAgGtuUkZvqslBOm5zhKy1TVlRuQT315YeYjHPp1JqmQ96j4RHCCGFFlHsYnzaazY8izu+r59JNxUVRipJs2UmUktJXETWn2zKe0LDs8LkPvObvzM4LLGOamVlaOjNKSQRsiUv2Qd0+ERY6sYJHwh40ObGF6Z8u+91wWglcylkY1+bjhCwh9Zs4Gw7JenOkMsJe0BtpJYCwkDIA4L/+PHtaUpgQmaFCGYAuWysAv8OGkv8gmIaSiLwTfiUxg+dqgicEcKAGoYj2pFduWKldP6dg2HyzCYVcMbMJXNf5KIFLcAnJ4IOYf2bBDR35Gbtq9gKUALudgR2O/xxVkI4+DwY2Tc2EdFnnkh/btYaz+seoCQL1cB9+IrxfldR7CLXUlDt+7DUirSEvNLpWA31wA==,iv:d8/OlgrzqF3u7162nMzKfWtqeeLogcwq2Z4FTxRfxjY=,tag:wI5cko+kBoFUXEJOO1CtOQ==,type:str]'
|
||||||
|
client-key-data: 'ENC[AES256_GCM,data:DIz0rFlKFLIEQaSlyqSgAiY2KK+a1CRDtAXtu5LKgS8kCr/XqRHq41wVVK44v8V1ih8Ca/i0Lie1pheHgdHQicilcturE8Mxfl8T4Eb/6fVy/soo4M+cdAHaZDa1NMW+0ZYrXB67oQbSnE5y8/Q/PQxg02VzWIm0G4OQkkTXjb2OC4+1pJl2tWezyMhdiudc04dO1z0uK3Z3oSX6huedu5lXEP2u9IlFrEDfdEg9Fpw8+HIPMF8hGblVffZkYob78AzuImW3vzTJV/6TDkNdlKbEnHiPAvqRu07jUa9w0rKGfvPeoRi8KUhCmqI+948lsmV1ZGUFXfTzYu4Ln+cQ+x9JT1cX/g/6DqmWUXiMY3Bh2xPyfW+qm66QypFH+wNTjfbUpPK/Fbjfrbt3Eu5XV0beOh9RQIMVQcV4OgOydwREbxxCfUtCRddtDcRuWp0uju9v6c3m48626LXPyO8iKoFVldpMxEAbYdROOar0FXBNner9t2LRX6oWeZijh3bRB11Tmi6y0H3fWfS7datRO+3ben18xWJJTYNIst3e7dUgjgnTriqKcGIzqsxO0rBH2+oT0gHAgDCKzsp53AOEl8LdJWXB5ua6WQFz9o+p3kkDLC+PLwXg1zY3nkVMYrs8a00JqTphRc5X8R6E/4wpYS0Eka6rXKIyAq6a74nCXjOWUy0sBCpwI/8bdckMF3u9uw8GjMmtQINzJv0Pm7Kx6T7wf7ysdhs0I/kup/l1SeckPoSBm14MSoVT5Co+0xyK72SpyAW5f8QFEv2SRp6c3xke1qOEaPAD7ITXlLt61y74yRcKXaiWkAG4tqxcudehRjnOATrC1y8KmkV+V1ZSP9wm1AVvYkYGldkBNTVaDGSZdaw+u9KFK+tfNbMajMrAEMPylINa9ELh5YGKzj7cHeaPVh3C3bgDNZHUD6osrGXvHYaWVqwAaslZVEauSFXvUAVxajcbaTf7RrdoDU24BP4IrQkmkDoSzsFvXiox+xEYXQMZuJP/Vp47e46eobCUxADxM6zpjyaNTwhSV0aofjMsbTjzlvniYzw4coM5mhfwJ029Fcrk8XlKqS/Mad/pFInjwZE4i0NQRwj5ZxI59mbUIQZUEXdXBtIVr02nE2TsHYQ0iYOeUTKALeZztwY8LKoIyIdCOoS3a89LEIjJgHnyesylxVBj46fDkVCkWcRpo6jwgqEQTzvRBjCJQMvb451kQUk6tBp6iW5G+6gViEbATrkHRWpFjbYiGYH74RTalyTxQA9Z6C0FmTTUxnr/4CP41nO/Wj653LrRL+BuJBi91KbfHQjKCltcFdbrZeEkmCNJk5G+5N7puxYldSLD+XJRTssK1+2qk9xM12LUzQB8pqTulKsbpMn+cnWzFwLmRCBsWdn2xattvqgdFoNXM7svCSroRogGx4pK9k4OgiOtM+Q1sOdTOsntLhSGyW6R723vnZ4OfzNbO/zkdqAT9ZmPl5V6g4sKopM4wibuGsHx7G7QEBz0YbYFxkKtUSH8VmNJH6s+liLCGvc9WtneT1S0HbcQjWYkFbWt0tX0N61NbVYEzTpycgXMnz2VbrkSiGkp0llWXMKAys4YimjKjquPxjXV4Dy19W82UBGo5wYG+WBKqwvwrU174Mb981JfZfhZiKHAreH8hy834pLcMGeJKR7BYeEUPG33gn2Ds/O9P3Hrh/ew2Itxw6LNUzvLb5hSwPGbgYkIjUufFKksiSUBpbpyPMXvTUKBL1eje6JYu3uqkUcmWKGVhfyAldlOoFGpUXiulR90KPXVTR3bwpwTyIYp9O5IhFHUlKb3kjBBXQe7z7yxrzPudJSbHljGPPZfyVgTdgYjiN+v35oppJseN6J3fsiSZIMJX7QanNTqwvsoZU3SGA958Le1154Sti5WlD/jMTovUmFVHNfIo+E3gdB64BEfPKf0R5cuWB05aiaeJJPH61I2W/0mK+zlK0gdNKjrzPDTutgkem5/zxYYu/mcnCk/fbBlOiHlAsgwkwSCs7nVUrJ/1aCAtMH0IVYjatslJMMy9p9q7L1YNjiyzRUgbIRa4g2dn+HkxEcZ/iwm4zWXpRYLZ8PdSl812/y8DG98yVxgjj2CeWxEdrviVlYKxivj6Fx2YvWV7H0GPeGLdvFw2C4OLBjrgTEriLFpwYhwE3jqpUh3Ceknoas+p76QYoqa+vJhYS1TeGzuZcsToBZ+Tie1C83MrIcJfp5DRXT0vffhP217YkD17/mQ8f2WBTEDckb1PeT/Tbspk+AAK3p33+yTqRUKppkRN7SU6ZAT2sRPlSA20fdC8ucBlTJWpsZsrnmnDLc/oacV8LGyxaEquDfKzYlunj3MAKLVibCnKxbtoLATOcRcb5XwGMqVrcrnr0KFNWFivV6IGeTGVOyEf3fgyfl6ahn3q7EoSM/QKTjp61+CMWzFsJvsJsVPXYWqy+QRZhiD6lJbezjRcfRVaeu9ZGMGPsgfbHCqUS0u+66QI/uXvUwfG+MZZaxBEpaSyHWSYtP9UGTeB8l1t1sK3qrLp1WMV3EwIevPJtpedDKxcfNBRrtW9G4b2HHqDsOTCPAH6A2FJTtDXqJtJx77IvBTV+z6DMoEJ/H9+F39pDIhKO7QlfQbCr4bL7cW/JeYSXeOPi4Z4y+uLfcC6glyl+ILRK+0u/bDVRk3W5B7uWXHyCwIUmxfEqrYJNKqz5O0LPp8jFzuSnRMLMtGk2vjxYctFLlprajjPuLk6VPZlLhbYV0bqDIPWuQ3XjKwQjfKWiOm0u3KCZSyhe68ImT07mddMgIHtwB39hbXOlhfPKppEnmc/qmr4F4EQMvztvwox8TuHrRip47ChkpOjcC7YlZOccZYR/8rorv/3Jl5V2ozmg/Gb7jV0YY/B4/kabpDQuXCnT0SFA4jQZys3CSBqO6AQOxZ4amZIFm9zbMnc3VLzJGBylsX9BbenLV1ffltLhI3eLpv8l19Yb660fNVu4R5Sw==,iv:d0V7thVsBXSYoEVaC/saH6WpX242EjiJjUpO6gpabxg=,tag:GNKcO01sISM3J/0Hjzkntw==,type:str]'
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
lastmodified: '2021-04-06T15:20:22Z'
|
||||||
|
mac: 'ENC[AES256_GCM,data:xR6t/C0I8eyJqi9HbodbjYWP/5dunzylUx77/aHqAqU3/zDfznH4jpN4oBE5+HD2AEtqWLavIJ5QjVilHIIp3q9FbDp28JnVWc4tcShceIJzn/E3EkGJohzbVkCVsEUnZ7U70sEfS/15IaJzfDnlZdxRnCLYdTYjCjaXXVaeOr8=,iv:2ksNc3zAY+OfMxgeEghCmy3u+ITiI4OqDVm9pbxzSFA=,tag:h7q+iyfTrtkZ3oiZNqATPQ==,type:str]'
|
||||||
|
pgp:
|
||||||
|
- created_at: '2021-04-06T15:20:22Z'
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQEMAyUpShfNkFB/AQf/ekiqVj5BDD2h1DEiKX0kz3sSU2Bem9EblObv+mEkIVzj
|
||||||
|
5aAMmcFF5W5f+5yNDeb9sN0eWMIl99IeY8Z4GZ/JgkLd1Hf2eDpyYhD522tTewOJ
|
||||||
|
IgJT21Tv29w+GE1S4erz1ncF2C8b1r5qzHLVKWomX+rj5/Ix29he42+6bXFO0f43
|
||||||
|
/GX43VWeuRenJ8p2UxeWaANzEdI354UCYCOuOx6vXytsljQ5Qd2tidaI/rmCfiIE
|
||||||
|
PjZvnbHmwPy4R2jtwtC+yEOs4EFzFB1DFZXl0vvQTcu9ztOTEgibziJZs2EYNcCm
|
||||||
|
RALZu8lSjLRbSbjGs28mTSCFEAeZkCcldOXWf1fljdJeAUmA87yTpVyFqdh4QYDz
|
||||||
|
h9OLOgO3YBaKfq/7+YT7wUMh4zXC/BCOKNRCYeAFzKk1GMCgwS2h/1j98Lo8KviR
|
||||||
|
AoiwcnomoTATIRs/7715GhroBvjHdrdDPQg0FwMB5g==
|
||||||
|
=3Y4v
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
|
||||||
|
unencrypted_regex: ^(kind|apiVersion|group|metadata)$
|
||||||
|
version: 3.6.1
|
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- generated/secrets.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- decrypt-secrets
|
@ -0,0 +1,2 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/airship-core/target/initinfra-networking
|
@ -0,0 +1,7 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/airship-core/target/initinfra
|
||||||
|
- ../catalogues
|
||||||
|
transformers:
|
||||||
|
- ../../../../type/airship-core/target/initinfra/replacements
|
||||||
|
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
|
||||||
|
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
|
@ -0,0 +1,4 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../function/lma-configs
|
||||||
|
|
||||||
|
namespace: lma-infra
|
@ -0,0 +1,9 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../composite/lma-infra
|
||||||
|
- ../catalogues
|
||||||
|
- lma-infra-object-store.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../composite/lma-infra/replacements
|
||||||
|
|
||||||
|
namespace: lma-infra
|
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: lma-infra-object-store
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
fluentd-accesskey: admin
|
||||||
|
fluentd-secretkey: changeme
|
||||||
|
thanos-config.yaml: |
|
||||||
|
type: s3
|
||||||
|
config:
|
||||||
|
insecure: true
|
||||||
|
endpoint: minio.lma-infra.svc.cluster.local:9000
|
||||||
|
bucket: metrics
|
||||||
|
region: lma-infra
|
||||||
|
access_key: admin
|
||||||
|
secret_key: changeme
|
@ -0,0 +1,14 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../composite/monitoring-stack
|
||||||
|
- ../../../../function/minio
|
||||||
|
- ../catalogues
|
||||||
|
- minio-admin-secret.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../composite/monitoring-stack/replacements
|
||||||
|
- ../../../../function/minio/replacements
|
||||||
|
|
||||||
|
namespace: lma-infra
|
||||||
|
|
||||||
|
patches:
|
||||||
|
- path: patches/minio.yaml
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: minio-admin-secret
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
accesskey: admin
|
||||||
|
secretkey: changeme
|
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: minio
|
||||||
|
spec:
|
||||||
|
values:
|
||||||
|
replicas: 1
|
||||||
|
persistence:
|
||||||
|
enabled: false
|
||||||
|
existingSecret: minio-admin-secret
|
||||||
|
buckets:
|
||||||
|
- name: logs
|
||||||
|
policy: none
|
||||||
|
purge: false
|
||||||
|
- name: metrics
|
||||||
|
policy: none
|
||||||
|
purge: false
|
@ -0,0 +1,19 @@
|
|||||||
|
# Network Policy in calico
|
||||||
|
|
||||||
|
Restricting traffic between hosts and the outside world can be achieved
|
||||||
|
using the following Calico features:
|
||||||
|
|
||||||
|
* HostEndpoint resource
|
||||||
|
* GlobalNetworkPolicy
|
||||||
|
* FelixConfiguration resource with parameters:
|
||||||
|
-FailsafeInboundHostPorts
|
||||||
|
-FailsafeOutboundHostPorts
|
||||||
|
Generally a cluster-wide policy is applied to every host.
|
||||||
|
|
||||||
|
This site based manifest is designed to override the default global
|
||||||
|
FelixConfiguration based in function directory.
|
||||||
|
|
||||||
|
For more information on failsafe rules please refer below.
|
||||||
|
|
||||||
|
[Host Protection in Calico](https://docs.projectcalico.org/security/protect-hosts)
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
apiVersion: projectcalico.org/v3
|
||||||
|
kind: FelixConfiguration
|
||||||
|
metadata:
|
||||||
|
name: default
|
||||||
|
spec:
|
||||||
|
failsafeInboundHostPorts:
|
||||||
|
- protocol: tcp
|
||||||
|
port: 22
|
||||||
|
- protocol: udp
|
||||||
|
port: 68
|
||||||
|
- protocol: tcp
|
||||||
|
port: 179
|
||||||
|
- protocol: tcp
|
||||||
|
port: 2379
|
||||||
|
- protocol: tcp
|
||||||
|
port: 2380
|
||||||
|
- protocol: tcp
|
||||||
|
port: 5473
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6443
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6666
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6667
|
||||||
|
failsafeOutboundHostPorts:
|
||||||
|
- protocol: udp
|
||||||
|
port: 53
|
||||||
|
- protocol: udp
|
||||||
|
port: 67
|
||||||
|
- protocol: tcp
|
||||||
|
port: 179
|
||||||
|
- protocol: tcp
|
||||||
|
port: 2379
|
||||||
|
- protocol: tcp
|
||||||
|
port: 2380
|
||||||
|
- protocol: tcp
|
||||||
|
port: 5473
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6443
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6666
|
||||||
|
- protocol: tcp
|
||||||
|
port: 6667
|
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/network-policies
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- calico_failsafe_rules_patch.yaml
|
@ -0,0 +1,12 @@
|
|||||||
|
# Site-level, phase-specific lists of hosts to generate
|
||||||
|
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||||
|
# host-catalogue to just the hosts needed for a particular phase.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: VariableCatalogue
|
||||||
|
metadata:
|
||||||
|
name: host-generation-catalogue
|
||||||
|
hosts:
|
||||||
|
m3:
|
||||||
|
## NEWSITE_CHANGEME: update with the worker hosts
|
||||||
|
- stl3r01s06
|
||||||
|
- stl3r01s02
|
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||||
|
- ../../catalogues/
|
||||||
|
- host-generation.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||||
|
- ../../../../../function/treasuremap-cleanup
|
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- nodes
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ../hostgenerator
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
airshipit.org/k8s-role: worker
|
@ -0,0 +1,31 @@
|
|||||||
|
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
metadata:
|
||||||
|
name: worker-1
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
joinConfiguration:
|
||||||
|
nodeRegistration:
|
||||||
|
name: '{{ ds.meta_data.name }}'
|
||||||
|
kubeletExtraArgs:
|
||||||
|
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
|
||||||
|
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||||
|
feature-gates: "IPv6DualStack=true"
|
||||||
|
files:
|
||||||
|
- path: "/etc/systemd/system/docker.service.d/http-proxy.conf"
|
||||||
|
content: |
|
||||||
|
[Service]
|
||||||
|
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
|
||||||
|
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
|
||||||
|
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
|
||||||
|
preKubeadmCommands:
|
||||||
|
# Restart docker to apply any proxy settings
|
||||||
|
- export HOME=/root
|
||||||
|
- systemctl daemon-reload
|
||||||
|
- systemctl restart docker
|
||||||
|
users:
|
||||||
|
- name: deployer
|
||||||
|
sshAuthorizedKeys:
|
||||||
|
- REPLACE_HOST_SSH_KEY
|
||||||
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../catalogues
|
||||||
|
- kubeadmconfigtemplate.yaml
|
||||||
|
- metal3machinetemplate.yaml
|
||||||
|
- machinedeployment.yaml
|
||||||
|
|
||||||
|
transformers:
|
||||||
|
- ../replacements
|
@ -0,0 +1,30 @@
|
|||||||
|
apiVersion: cluster.x-k8s.io/v1alpha3
|
||||||
|
kind: MachineDeployment
|
||||||
|
metadata:
|
||||||
|
name: worker-1
|
||||||
|
labels:
|
||||||
|
cluster.x-k8s.io/cluster-name: target-cluster
|
||||||
|
spec:
|
||||||
|
clusterName: target-cluster
|
||||||
|
## NEWSITE_CHANGEME: update the below with the total number of worker nodes
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
cluster.x-k8s.io/cluster-name: target-cluster
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
cluster.x-k8s.io/cluster-name: target-cluster
|
||||||
|
spec:
|
||||||
|
clusterName: target-cluster
|
||||||
|
version: v1.18.3
|
||||||
|
bootstrap:
|
||||||
|
configRef:
|
||||||
|
name: worker-1
|
||||||
|
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
infrastructureRef:
|
||||||
|
name: worker-1
|
||||||
|
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||||
|
kind: Metal3MachineTemplate
|
||||||
|
---
|
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
|
||||||
|
kind: Metal3MachineTemplate
|
||||||
|
metadata:
|
||||||
|
name: worker-1
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
hostSelector:
|
||||||
|
matchLabels:
|
||||||
|
airshipit.org/k8s-role: worker
|
||||||
|
image:
|
||||||
|
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ip
|
||||||
|
url: http://172.63.0.11/images/control-plane.qcow2
|
||||||
|
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum
|
||||||
|
|
||||||
|
|
@ -0,0 +1,20 @@
|
|||||||
|
# These rules inject env vars into the workers.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: workers-generated-secret-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: quay.io/airshipit/replacement-transformer:v2.0.2
|
||||||
|
replacements:
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.sshKeys.publicKey}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
name: worker-1
|
||||||
|
fieldrefs:
|
||||||
|
- "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"
|
@ -0,0 +1,5 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- workers-env-vars.yaml
|
||||||
|
- generated-secrets.yaml
|
@ -0,0 +1,41 @@
|
|||||||
|
# These rules inject env vars into the workers.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: workers-env-vars-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: quay.io/airshipit/replacement-transformer:v2.0.2
|
||||||
|
replacements:
|
||||||
|
# Replace the proxy vars
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
name: env-vars-catalogue
|
||||||
|
fieldref: env.HTTP_PROXY
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
name: worker-1
|
||||||
|
fieldrefs:
|
||||||
|
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTP_PROXY%"
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
name: env-vars-catalogue
|
||||||
|
fieldref: env.HTTPS_PROXY
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
name: worker-1
|
||||||
|
fieldrefs:
|
||||||
|
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTPS_PROXY%"
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
name: env-vars-catalogue
|
||||||
|
fieldref: env.NO_PROXY
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: KubeadmConfigTemplate
|
||||||
|
name: worker-1
|
||||||
|
fieldrefs:
|
||||||
|
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_NO_PROXY%"
|
@ -0,0 +1,8 @@
|
|||||||
|
resources:
|
||||||
|
- ../../../../type/multi-tenant/target/workload
|
||||||
|
- ../catalogues
|
||||||
|
transformers:
|
||||||
|
- ../../../../function/ingress/replacements
|
||||||
|
- ../../../../function/sip/replacements
|
||||||
|
- ../../../../function/synclabeller/replacements
|
||||||
|
- ../../../../function/vino/replacements
|
Loading…
Reference in New Issue
Block a user