Browse Source

update secrets to align with airshipctl

* Align treasuremap virtual-airship-core site to recent changes of
airshipctl
* This PS takes care of only the "airship-core" type and all other
  sites will fail validate docs untill the secrets are aligned.
* So the validate_docs is invoked with parameter "virtual-airship-core"
  to run document validation just for virtual-airship-core

  reference airshipctl commit: e2c56108eef38dd83df52fcfd1fa6844e5376a56

Change-Id: I2e6149951beca570a3cadeecbc05366325c80286
changes/13/811213/17
Siraj Yasin 4 weeks ago
parent
commit
a06003c004
  1. 3
      manifests/site/virtual-airship-core/encrypted/encryption-keys/kustomization.yaml
  2. 3
      manifests/site/virtual-airship-core/encrypted/get/kustomization.yaml
  3. 12
      manifests/site/virtual-airship-core/encrypted/update/kustomization.yaml
  4. 15
      manifests/site/virtual-airship-core/encrypted/update/secrets.yaml
  5. 6
      manifests/site/virtual-airship-core/ephemeral/catalogues/encrypted/kustomization.yaml
  6. 91
      manifests/site/virtual-airship-core/ephemeral/catalogues/encrypted/secrets.yaml
  7. 6
      manifests/site/virtual-airship-core/ephemeral/catalogues/kustomization.yaml
  8. 92
      manifests/site/virtual-airship-core/ephemeral/catalogues/public-keys/example.pub
  9. 10
      manifests/site/virtual-airship-core/ephemeral/catalogues/public-keys/kustomization.yaml
  10. 6
      manifests/site/virtual-airship-core/ephemeral/catalogues/shareable/kustomization.yaml
  11. 0
      manifests/site/virtual-airship-core/ephemeral/catalogues/shareable/networking.yaml
  12. 3
      manifests/site/virtual-airship-core/kubeconfig/kustomization.yaml
  13. 24
      manifests/site/virtual-airship-core/kubeconfig/update-target.yaml
  14. 6
      manifests/site/virtual-airship-core/target/catalogues/encrypted/kustomization.yaml
  15. 73
      manifests/site/virtual-airship-core/target/catalogues/encrypted/secrets.yaml
  16. 10
      manifests/site/virtual-airship-core/target/catalogues/kustomization.yaml
  17. 51
      manifests/site/virtual-airship-core/target/catalogues/public-keys/example.pub
  18. 10
      manifests/site/virtual-airship-core/target/catalogues/public-keys/kustomization.yaml
  19. 0
      manifests/site/virtual-airship-core/target/catalogues/shareable/hosts.yaml
  20. 12
      manifests/site/virtual-airship-core/target/catalogues/shareable/kustomization.yaml
  21. 0
      manifests/site/virtual-airship-core/target/catalogues/shareable/networking-ha.yaml
  22. 0
      manifests/site/virtual-airship-core/target/catalogues/shareable/networking.yaml
  23. 0
      manifests/site/virtual-airship-core/target/catalogues/shareable/storage.yaml
  24. 0
      manifests/site/virtual-airship-core/target/catalogues/shareable/versions-airshipctl.yaml
  25. 4
      manifests/site/virtual-airship-core/target/encrypted/generator/kustomization.yaml
  26. 4
      manifests/site/virtual-airship-core/target/encrypted/importer/kustomization.yaml
  27. 4
      manifests/site/virtual-airship-core/target/encrypted/results/kustomization.yaml
  28. 2
      manifests/type/airship-core/phases/kustomization.yaml
  29. 2
      manifests/type/airship-core/shared/decrypt-secrets/cleanup/kustomization.yaml
  30. 12
      manifests/type/airship-core/shared/decrypt-secrets/cleanup/patch.yaml
  31. 11
      manifests/type/airship-core/shared/decrypt-secrets/configurable-decryption.yaml
  32. 0
      manifests/type/airship-core/shared/decrypt-secrets/kustomization.yaml
  33. 2
      manifests/type/airship-core/shared/encrypt-secrets/cleanup/kustomization.yaml
  34. 13
      manifests/type/airship-core/shared/encrypt-secrets/cleanup/patch.yaml
  35. 17
      manifests/type/airship-core/shared/encrypt-secrets/encrypt-ephemeral.yaml
  36. 17
      manifests/type/airship-core/shared/encrypt-secrets/encrypt-target.yaml
  37. 3
      manifests/type/airship-core/shared/encrypt-secrets/kustomization.yaml
  38. 25
      manifests/type/airship-core/shared/update-secrets/fileplacement/filepaths.yaml
  39. 2
      manifests/type/airship-core/shared/update-secrets/fileplacement/kustomization.yaml
  40. 2
      manifests/type/airship-core/shared/update-secrets/kustomization.yaml
  41. 140
      manifests/type/airship-core/shared/update-secrets/template.yaml
  42. 11
      manifests/type/airship-core/target/generator/fileplacement/filepaths.yaml
  43. 2
      manifests/type/airship-core/target/generator/fileplacement/kustomization.yaml
  44. 2
      manifests/type/airship-core/target/generator/kustomization.yaml
  45. 63
      manifests/type/airship-core/target/generator/secret-template.yaml
  46. 11
      manifests/type/airship-core/target/importer/fileplacement/filepaths.yaml
  47. 2
      manifests/type/airship-core/target/importer/fileplacement/kustomization.yaml
  48. 4
      playbooks/get-vm-config.yaml
  49. 34
      tools/deployment/common/23_generate_secrets.sh
  50. 2
      zuul.d/jobs.yaml
  51. 2
      zuul.d/projects.yaml

3
manifests/site/virtual-airship-core/encrypted/encryption-keys/kustomization.yaml

@ -0,0 +1,3 @@
resources:
- ../../ephemeral/catalogues/public-keys/
- ../../target/catalogues/public-keys/

3
manifests/site/virtual-airship-core/encrypted/get/kustomization.yaml

@ -0,0 +1,3 @@
resources:
- ../../ephemeral/catalogues/encrypted
- ../../target/catalogues/encrypted

12
manifests/site/virtual-airship-core/encrypted/update/kustomization.yaml

@ -0,0 +1,12 @@
resources:
- ../get/
- ../encryption-keys/
- secrets.yaml
- ../../../../../../airshipctl/manifests/function/templater-helpers/secret-generator/ # libs needed for generator
transformers:
- ../../../../type/airship-core/shared/update-secrets/
- ../../../../../../airshipctl/manifests/function/templater-helpers/cleanup/ # remove libs after using in all generators
- ../../../../type/airship-core/shared/update-secrets/fileplacement # update paths for imports
- ../../../../type/airship-core/shared/encrypt-secrets
- ../../../../type/airship-core/shared/encrypt-secrets/cleanup

15
manifests/site/virtual-airship-core/encrypted/update/secrets.yaml

@ -0,0 +1,15 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: combined-ephemeral-secrets-import
secretGroups: []
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: combined-target-secrets-import
secretGroups: []

6
manifests/site/virtual-airship-core/ephemeral/catalogues/encrypted/kustomization.yaml

@ -0,0 +1,6 @@
resources:
- secrets.yaml
transformers:
- ../../../../../type/airship-core/shared/decrypt-secrets/
- ../../../../../type/airship-core/shared/decrypt-secrets/cleanup/

91
manifests/site/virtual-airship-core/ephemeral/catalogues/encrypted/secrets.yaml

@ -0,0 +1,91 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: combined-ephemeral-secrets
secretGroups:
- name: isoImageSecrets
updated: '2021-08-10T20:00:40Z'
values:
- data: 'ENC[AES256_GCM,data:TYMniBOXUzUWROJBIIM=,iv:2rnni6xgiooCBArUCrypA1jYuWbUofqli37SVMlaAwc=,tag:ipRCGuGwYbnibougLr8MvA==,type:str]'
name: rootPasswd
- data: 'ENC[AES256_GCM,data:duXgFUM9nTWEwx+nJrA=,iv:5ZfOPqnqGkfx+ibJwWUYmoQlETjU7EZbhRbzIuRQnXM=,tag:J3gzhybmEGPZxYC+ZvO0VQ==,type:str]'
name: deployerPasswd
- name: ephemeralK8sSecrets
updated: '2021-08-10T20:00:40Z'
values:
- data: 'ENC[AES256_GCM,data:MsAZOpDilAgx4mFIV769NMEQUSBSgK0Mz/+ChIcdtBZvTMAXf2Z2Dp2dhjdokwKLnNOv3jdbfwjGFDsxvwXHyqa5p2zbhXDLcvw8gShs/tpc8OkdVl6CpdObhwV9ayrzRFtewWswLr6IukoryP1b3EE9z2GXUO7/+bNOW0pMBXzeV9UO9n/DqxnbPsAOfuofUmY2NPQdhErJaMNhHMQeVa5U1B5qyy4H15rNPkSGZbjcRgzHopRP+qduig7zRdJOGqP+vRXlkrdLLFuyZbGD3i+2QUWoek1i+5znAoHASYsvBKOlnNgYVm/7WM4uckHbblzL4dromo99HPdsL/ugS0FVZQOTwBCRtSW2pOYNMXf3dQnxt91MC/v1mHNpgoju5Yyd+5GSmc/Czr+kva77RE109CFf9eUl9ReDpSqV1c1P8Sltq48wGUmNKl6KAN0OBkeALJIf/4izkEXUbUw2mTrtZuNjvFHk3Hkl7SZ65TVkA5ei0m7ejhpi5ugX5XWq1potAEKWlqVawXTP5qVwaN7RTCZgHvA7GjubQb/X2BCpUeZIQXbeXOyS46ZsWxPT5ZlH7d1l+ltRv7xcrj+ROpMgr4xrJlkx8Xfn86FWf7qMAXFeB8hNtY1XIQZ4ZKyXp19E3hvBMIOmdm9zGFWV1/7RdKmyfIs2+GJ/ATmeoDLlCVAin3oX+s52N5FfTh2ivmHfWnpFpHfj7K+BOjm+BwoBIzq2KC+H6WGo+GSrOhotygcq8i0XESqh/S+hN+WHNLFE/jsuCNtPOM9TXJwgSYJ3jU4ufvlSsA4sA8cJAjlBRsHcGGjPe6g+gdn6lZCzBe/CU0dlob7JNmpOapv1jUY81fTy0jq5hte4Zalj5JRRsGdc/kzY5h90ZT0VlRiq36NL3cFlahSaSIhVL8NH72MPep98SR2HSGTqcJDfrsmXQaIpJmZu5TE1pPgjBO7JXtWWHxdV9WWwxlZ/j0/oQSyunC2WO+zZbiHKoNBP3XKn9WY2Hje1YJ07H3dzOK1+bYykegePau3LSPuoRxP6tgFFpxlI7xtMi+38C7nGZI6XwPz2i8w99cxpvIxc5JS6eRR7GEZMSQQc/KtxRd7/W3sZJ8ylfQ7XXXrOGISv2Uki8p+n7XpYHdNJU02DfCAFTIa6e1cYBN4Ke8/IbB9Z8lqv4ZcHos2ceXE3rOwS23A6deShWg/lzUYzjQQN7BBasH1Bbxr6HYv/uAfiMzfOqHYUdd/i4aAsgDU8gZACHmEFR4kU/OGlk0AFmmqFZij75glJS2Pb1O9/lH6ZkRMg8M86QfBwwE+bt9xDfTUfq99wey54IxkZe7Rg1ESPc2R104E9lwm5CQ+XpdMCjaf1s3m12b5/ZTyjAEs2k2hCmxo1NsidbQhv/oFQDgdhsid70FTLhLD46WSoKG0NSplQ5tZr82HF9ycoEDVubtYO8mibjS3xcndDBnq2MwCJxCCCSjqWrBgaMyzp/YAhOyUtUNWAsZxBiMVDnmtmKf74mhYQGH41/om2RoJgvsjo0Qxbt/DjrtASHeGPm9DlITA0xi8cMKnLi0P9t31KkNA94DIPXOnK8TU32jLcOxjuasMIJVIpmaw4XWYRSSVs8WB3jhOJ83dr3kTfId3lKQi5zQOY6NNajHjD/lxIkdc8Q7cHCyV2fu80WeMPYGA5PcstfEpLhbJbIpJ9r98FeUrcjPJcuhg4sku5T9ojaltckOdeUib8D0o8f8Ta3z+3GgQtDa8CiYGTvEQigmZclHFmOMe1MsZu2Uvs6k/jCQrmk+9Xk0uNXr4YlQyeYH5DQ4WyvjZGSrVUMC/EzV6hT9+CDcjjhwOYKq6onjv66DbsfHcsUbRzwqv9nh+4BvkHz+zZhJm6CVy1oopP6CbGkPa5QcUbHyrQgYJ1c3H9ZICUynlvATft8FJ5wo3jbZDimEkRUxMD/+IaEEIqTBdvYQNs3NnegfoxoR043udiGpaRT2By9y2cXdP2ThftrZrVMBV9JNu45tgGltUzldAQkcaQkYA=,iv:21tSh1/+sShGLWR5TxB/2nHfMW4YzKOf1D6yE0jitho=,tag:6k0Rbfk+rf3wIIe1FhW2rA==,type:str]'
name: caCrt
- data: 'ENC[AES256_GCM,data:9l+dw1cEhgzFoD1Tsiaj2FY98869x5U1I4tN0I/vQ8q5wpx6vfo41/zxIDDV1d/mxq68Lzq3FYiLT03l/ZcmCIBv862iMW0jdcYAJAB1V4qq1vzDLNsXYtcRLl7wQ62mUnOJ41gpGaySKMf/Up6IZxiDRRfAuPm6xRtzS/0S3xeKTUwAbMIncz5hRcJ4zsVaX6ycqDe/vLwqHhnT3vuMsvCVk3caDtnfZjJ9OJXpS6AWl4f+09flMX8HBdoV1TJyJAyxOg/XHm0yzDGm45CRe0AaUo7I5jRvSpSVZT6Wb2Lf4Tf6b7Abf808Rj3AyQYzsCzr/xtTwxwlbsZSlxv+oFNXGITS5dun+NDjJYTBRvFaB1wTW6UERl1zk9iGOJD7U4tk5C5Dddattm2pVHL7/WzvPHWPzj1V0DEXlQDB5K6roA5tJtko1/rechviqq3VtumPCvC39liSuLHDya3eUK3QCqKvlRs2NRPnN1kNElDleIKgx4IPL00WWham0cOb25MmR8z3o+fUhysIwc4TXf20tWitkDQh1dA6g+7Go6ClOyFUlYzmhUm7z3tmlFe3IFXkshMuqinND2GXicFO+5jwDRyTBhBz59ls7pDUZC5+50hzDiCeRMwHRPsQToUbN3KjtZ932OZC+94rw7iDCwaswZ1Yrw9+cg2yxIL++6r4zHfQPAneWilXKH+Hl70H7pJtPYik8tFzeszdtJmE3cv6tWHx8Z7BnV/RtyY+dxDVkhJOPx6zIA7Mhbu+PsyuZHH1/7X4NrSoOmPXCFyhaMBUENN9fF8RfV+g08doOBZgEAhzMAeHkT7wSGw2UaeZ290W9iuJ/hqTri59cifTfokBnRZsb98AB4SZ5w2MKjmfvCE8IeUrz7zIpvrnTGKKF0bh5pNPYkPQ7YKfc8iib3RhO3MTceUPNuU3CadArOpK1YCh5GmmFttBhH037zXcZgKR/m5rWZJGCzQsVyvGcuO2iHAsNPLGD31te4ZHgPbwdT8+JU69+SE1qIgczhlCFh680lSiEkmVDSf0OcUoCWkMfW3i+P67eqzD6qFAaSYuDsJeY172Ez5hJFWXUFX6auLeN0ulQJCxs5SeDk/Yrqki8msmF0Zse+UcpFbG5jAurR2Zr/LcitAqR1RvBgMN7jWAa9Vy7Gt9Y5XhiNbawFzwG8vSFZ/TE7v5kpXOR53er6o8ZyaafINowMUd/KgVPFB766xITfRUf/fgqE3IFfbeABR0V8dM4EFIO1ytBD68xvr4cTEusfERfXNj178h7ufBCQw4I5qaZe58FyHrzbcF7cq/vTJ/jnkwIHWCGktem4bYZrIybXyaiwgdw7DPXZ0d0snOWGaFXjrvm3hMtVCuQSo+BhknGGOWt1fkIN33SEW+KWsceSqvhnN4k9lfQZ+NebpouGF6Lb0MIXj/e1zZHYKZXzfYnM5Bb69fJl3ivsUL8GNn4+89fgUxmDbIHcW78t7CgwgSeV/TR6apR3u9Bv8bj8WZog9uiGPzlx99V5BnTuDIyx96hElh758uiupxw19RE8S8pwFx3zhfvm+HHoEEBMEhL/N7tkmhzJ3ZIK/B7LiKGzplmnaBK7B5U0VA+zNqxEaSA7AsN20EzwXjM1YFHFqyP5+9n4s7KfUHLrJjbHzJXnEd9M4pqg4pyzCoYJqu7f7KB2AoOPbzxDAMI/xuZNgpHSazw+XULejGSSE0MqXcxs25iYMhlpqgkb/hi5U3iM8l2OWutH+skfaVLMt5jgfeQk3OlzCkH1HFHGjzDJWAk/uU6mRiN4dvbOq7jQ+PCQu0W07zmGcdHdF4gvgAOzTrpuZBPEtK8ARwN2/7h0P9UsdEcs2LzlVC4NXr2tMeXpuoDYGZfDE/o/+WEIZF4NEz0a6FpWpRiPHg7rxxAwe0JCap+UaC/wv3VDA78yw5uYx8Xepy0qCg4LK2nuNIG2ymaclAq4ia1+T7/A4DqBgP92dUuVI/JQnzJvdkCD1Dth7isHOzFOvRDMVusUNVZ+TtasijAvQYfc51TkQAMc0zOCvULPFvQhguriKk7e4odgk94In/jVmsr/8eF51dS52L5LRZzTWwjNnU2ukuI8Ogq37U9Qau/Zw+D7+arEByD3C+h61kQDXt9GRgVDEjyAAB18o9wofxJ3/A7yRvImEcON7OR1ZcJh6XuLEAAqa1Wgtj+FhD1ClvLkKTNIQvpNNyC84zz1pl851lBt1DBHQeFUenz3PAj177qN5Gwo88+18DSdTbFgYdBAFm5w09Af40usgw/jbJocZSRlwRcFxPyKvN6RPqLjCfz3czGUbgSNgjsYvAVEfrVlAbaJ9GFVLcraqgdljG9SSCRO+Kux1KJRmQCZcQsR5DNHzoIxXQfqUIQ7jQI28JanXjR8Y193jCK23oCUSTVsZo1vv10S4+4ZjU7aGm4s8QE+3v5DW7Cy/BtnU+nugdZgdRpkLWqE/vYF+oY7YBvUIAWp/uFBu/9XYz/QaXxluEtZMKsCpyUq98zSbTonHMHHV0eqRWaM7cIb8CJnTmn4qX/rhUT+sAyK5diZIIkPFRXZ7dd7oBkSJqkAiFSDMvoEm7bKCEdBo/dFrA10kQA7v6V8bVj2pbSqwZZiwZar3Eo8RxuskkB6CKrXR11YnZccyMyjOWnoqQ4iobgbXhm6tVGvcEp6hZ4JBnlOnXF59IUF++8PzcgJK0oG5HMnQNTAEiwxBoiWtQQEQ53dnLNKXq0AK5JmbMKKbVSSvFbObduwOrGTZnHsNhiP+nVyyM+Opqqtt5vFNdIA+ZGQQyQ+DnbOmQRyMxfnda7O+gZiuB09rYt1IwMkUdRx5tCpz/uum6OKApZ0gYhbaXEj1P4kR+4xc42vAQ5kavwaAHwqLyVxDTRshXmFCvMWPCd4kINBmQBpTmgiKzLJ1LGmnWyXdXFqxpsvlXj5n5JcoYsstlhkfvD0+EPQKXNo7sLV5HKbfA65ndfpUh5K0OWyYbhmU=,iv:DYwZlqxHUmFnhIy9S9OadGO2h3z67p8F+QmHVQQnuqE=,tag:I5W61XpWE4sWv7EEgLQnPw==,type:str]'
name: caKey
- data: 'ENC[AES256_GCM,data:huVN1pfbkZ9huFebvRbjN5A7pC1wulEJMJnrYO4/Ku+b8+x3NPzwh5a2DZyogI9cWy7zWRW7Esds3oE77KSjNAXjTOJ++nWqxQI35X+nJsiiow11LO4OdRZ98QSqcGGIcikQszExeu/w2BalhB8X+qTvq8oNtjJEydfO74DX3U4pbSyKceiVYxzLF6185jkIZzIvjMSGKr0OzLc+d5GyRhC493WEv7nOMIMsdm190GwmXqxYTrrvzBxzoaxaQFP444MMIM42fXAmH+OMYhk3qS7ghxxefP/NLzYSSCqB5uGTQU/vdNrrUjPDRM8otAxPiV5GIL8eB6np6vV/lYNyW+KcpQ9cw7VrM+jpXOakqFJGX92Z1PX0J5cflIxiDddZCaRv/gLfe4J9yuWgbAwzTtRiHBLm1/JTua9YX/yf9S/CGbtp7STVgMFayrP/qSaoRrjzuYR7mlHT5TmCUBzq2c7nTBoUDCA5ikDO3IcHmjm8E9G00pOUUIzU7PSuVFmrkMmoG7Z5OmpbNV7ae3dVnSkIed+AY076id/o1brUyUsDPE2RKAt7Ss0UTsS46jKKeigDnEe0WrI386FVn7wobU31b+x8ZcCCoGDaNeSQFHR/UZi1O8loIcBDVIzlx3ny2nRe5lU6GLvJ8CKVB8bbHTaXv8Gu9zW7+jZFQmjXwo5Bhu9PD6JUzG3ik+Y4ijodDQLwpYfLPmdBMfABNEix45qlYzFFN9/XndUY1cv8BJmJulNm1CrnIWevv5htAWG3lckpcFDMWL+pn5qGHJan2xWNf+FZVaOs3khSqui4jNj6BDe7CnnEiE9xjfvzXhEnq3tQHK1F8mPo+OEDyTISqIpH1jibepUEhhQnM4Qv0LJiScIA/QB4PX02e+l/SQKb+Ca01fjRA1qvFtzUfqON0+xAgFQNpXR/+wFYFFJEqBuyjy7PVPSnHyl0c/dxyruiwy9L8HljC6jn5wnj1RhOd+uDmMCZxbyeiuV0dYue02aIeD/1VSsV5EPtBCVzIJTGi9V0XqwIrsO0hopJbh64GRUMPMx2G85U9L7yQdXxBMNuN7c03msBLRmqTfujNPvhP1Kacgmshm4ULlrQADxaQN/AR6E7+AoBkiaR55qMYVldqbwbR2+pgdSBPN1bkuiDsetIOl+h5d+qjEAO3lNcrRRLHXRCfcoEccwdfHMXrfb/TwmC8rafD5eYKkmAU3j2wQcIzL3E8ufoIWKciXOxtkRVC6C6UG5QGcSwFfSUk0gcbXLqmdUIyD8b3VQLibMw/1brEfcPUk6vCE3rkWR7KwV1lhwN1iakuaBs2FSfsipos2pPQ4Wdvm5uYdVVJyigyxbD5KimtXn7uRo4MH1CA6bGoGb20S/7BF7kLERas9vI8vYQtMI5qHR9T/Upj8v0VsLO6fpnBsqWm98+3em/ys2hVrJiSqa+Jv/8suckOYIIi2liznZkgHJb62ZrE9DeCoQhEfaoDqMrZDqjca5xPilvFPb94LzjXVPLbF+0GqAB8grObPO4mer6MCqWSqQdLCRgGSzCKsScG2RY9mUwjFynjjlTDJeUqzU4RXC+AGHkfqPLpKZ44cYnZgakBWvSSj1TI41Kh1o3EHtQkjTMbJBaFR7Q86sfNB3H4GTNXKi3u1OVHNC9p3OCDyouomClpJ6tO1BfelzUh8s0sNClNJsL7mRMfDigNOZQXTvydKz0fQlPKkD0xZJmoHSJanQom0GJu0gg++bRRkOFN7RA7qZCAoGjOQFxMYC7d59jl9pBmwH7LHnnREdRZWlHbKbmMpm+TNbCbhXw/KLVoDzfgv1BvuMjz1ZddcuZnNZ6jVBhdcm1uyAjOu5TIl7QD/QcjVTlEIr0/mQkJSQHXQdzmfrSM8MqTpZRUPZvyZs06V0Y0PFsX9Z6ti7epZeXGzf4UEUKJ+WeSKi5Bpu3Jo4VMXQO/UDrKXrZfXFYaoPPu9pabqTD7aCERQBHv7hDoP9uKg2q5XfhCVk0ivtSMu73JAz5Ezh2kjveZSZDksKEMXNJljnYqFVBXQMKMqfQADCyP629C0Jepc8Vorm3,iv:pgVhozoNdRTBi2Y4zzx5bybtuWkP7R0enTXwfbrHKOE=,tag:71AKiBMZ/sBD/zWBgVMFOg==,type:str]'
name: crt
- data: 'ENC[AES256_GCM,data:MDBlkJV8BJ5hXxjIzEF8lhGoA2rTYW6fKOHpRljY5pXUQ7yArWK5rskSiROF/GnjuETnI3/1QtArMN0kHzTcqUPSkvSgSTo5Ulposf/efKxBbH69P1SIg4O2ViReznajjdO3unePUKax6mswnUG8GK4jv2utfZl+sx0xH6TGS51OxhuAo6+JMSIKK4s9f7XCVTWGRRf8tst0eYnlLbA+5jd1dNjFHxT17wcAxY4xFkAkmYRUt8UAd0dIm7pbcnIMBsTSZkkQUOLD3YZKjysxfN4NCnxkRcLkYMKHsT+Ekx8R4OTgBpOYeuiAUK5e1Oyctts7RxqHDaHD9D0MkU7Ko+a/Pjx/UqJzFjGZbZWdGpQwC7oKmTZxplRfbR35Q9E4z15lV/BO1KQ0BpZU3VwScHh1y+fwGxi9d5F7TPbvnKxdfvwZbZw9kwVB49p5xh+gwnJYC7K79HYQL82Ta/96emq7ri/61984MnTIsx9wR5uIcA8EMrSJS1iBd0ye0xlIhfQxK5W8Uzj/a0HiFN4xE4foxh7pA43+oJA4ZUECgwDTFX/jHFS+tdj+c+EpmrU2SpbHy5pC+5JokfXP/xcnFrc/j92CdTLYfxEFa1HZKhHk8Np663rtqlX08uigLJ3BIPE4ZMkmEN7nCJ8wMxGPMmz2qCiC9pySDootHAdlPz0gPMq5/g2aJSskrFLS50L6g6bjlIQlyllyRdxCoyjfSPiIhtpswsvwe6W8fY98AO/cBtK2fcRWIecy356ntGVLCfGZwcSU2xiOr6fm5RYiBfcbttnEHhJPzW7sbYoj7JObKsoPb3sg95ZP2jT0iM2FFA1UOfUCwiL2qbvl9oCIijJbrShec0Pd8CGIhetpH20jrra+eD9i8GCAvFkmOofLUQx/3CHFc+/YSOmpTa8p1ElBq8ev8Kio/28ZGSEDZzO5LYlKWGcj/4G1705yWFDTLj4J53z/XeppgmjVaLRthlO0Jt014vrP+zxso5EfzhSRJ4vKt1ywuruIUwSwKcaGejOIepnaNurrAyYTe1IMRLNIZ5tMYlw+DAdZXyi+dykmfJsyb2FrVZbDUdh9bkEpKDWzzv611ICnjdrfS49uPJz2wvlCtCZkVIZOvEGeD3Q4q2aN7YxQRkLxzwWS/UVUysAwZnU9cqm9SFZvVOVW2XsGs2BYDkjxAV6LNTCQwUwM85ijmNF5t+Zu6u7mX3l88PZVHeqYG53SHP3tfL9CzzeMkzWjnzNbFUlCm1hIRo/uIB+IZ6YupzsiZzPdmH6xgrX4eC5VqZgySAYaPW0bxfeX30l2u87nxaMiYeR7/TB+7LWakpbbLkhPNrEtshKDwamKxVXjb4ChmynemGbNbUoVpYjpmXbUTmSm6cGjFx+PPAMo5Lh8dJOkpQwG8LneA6ZCnq4cr3Xns99OxfOcLFCGV6XPcxwd1+g5ZZp+wj572G3j1jODDheLf0c0kwAOsECVs7iQOvAbvKR/BMbTEbPjGEdu1YnSwh4F9yVcaL+0HGoFHq1x7OxX9LzPg8d1/I23mRIY40kSxqFAl0/1iHRPMKj3SzAY0WFdIsQXr1SDuxNuEeRiG5DCEDi6Dq3jKzBYWjvA0AHlU7f/a1j/CbEvJkzmw/I8KEX/UmbC8/MaC1iJ1p6obLvMo7kVFRcBP9rSuriUxQSC656PSi+j06ssRs+TpHLGBZKP+IjGIdtVmoH2ErWVebjIt8mBl4d67bxtOHNbQD9AOGIYYTZhaIUAhFvqQv0CKJ3wuBet0qQ/3Nx4bf4mqOkG2BzVlaE/WVyhE/gBcHeBVqq8Z8xASzZU82nDR6QctFPWVu69nukhh98G5VlexjgwOW6u1SJDlX32gdqS7dY9VzvMhCQwAPB/KnLqGrHPG87OkpUkMdrmB6e81s1DF86Cum8qo9IPq8m6gtQu2b3xGDdg1peiUjR04AK27KWwUJ3oBYNq9x+RB/QBLwZYdzKJqI9t4qm2F0KM/A6JURaAKGUbM2fjWpJnd+3KyYUdw5y1R6OhMQQp2afL+1WDZNCIxqZw1APxpQRWDSh135JwB+vBkYOjW0TxW1/UdCw+ijwoXTc+qUPSJy9sPGHjc2LKdNePzdN95l9KzjxRa6GcsHbE/ue6GhFfaB01CxsgGlB0i0fz0Tb84ly3BMNvMIIN/jSPjH6SC1+urB5Zh1SSxf1DucC7oxCCvMmFw7ruvP5U3AbTL8W5Kfpd7z9JpePvqtiswl9Slv4vRZFTNfEs9NsEbtbWu2ODyxTCrQbu7Lxts5dGLq8xeHCEB9JhSzJgQaG20Aih9hPf5D7giG1T/FlqG6gwBJiAr4u3f85faYcE0UTsoFlgiYHFJuqmDC0lbWvL75rvyDPhsRhgwZ4g9uSLdPKmxLQFMgdbn0GLfPY2Ckaysfzx/gKiQ0HYsaOW5kJyQtgspUBmjm9zS0RxZcfXiFgtamSHMMAesmW1bGMTePTKIL2JoyS5fe0t01HdAsrw2zx6WKR87f4ZNglMnsunKFTPGXNcy1tN+0+sJelGxbah4doAdm7bWCNj3ej3G8Ki1jpgn7Mdw+GGWJfqSm4SI4nyxcl1ct/22baJ/QGpc5Dfu+MshtcAFz0Xn9NvZyIZN+pfJWeXPU1F6lNWqNnh+yVRLSda+HmbyHsWWmads9jwVSPPvCcnD/J9r02TQIhgYjCVYbV9rVQkomnhE4Kheke/hzD1Jctp007IA95sUI276TqzqScQ+QiSjc/HK5s2HmLidGOVML7riC53JVs1lFZCeqhBh9G6kxTKZbQX1oGcj9jPLwWMT8uSNzf6EpTmsBP7tvsumlzis+WfOrZDPLdh1DhJm8P/9VHme4T0vh0CsPwFnekbRJP8te4zg4hOmhWI/I3qlfvxGHOojZgtscghB4X3t+GbzTK9vn0DZynUKq1AvwSn4wC6v/HzaIl5UUlKQV0j4n2/IfQyqMsUUA76XxzPVRfkENtUZ5BX+nFe/Sg=,iv:ZVGs1HdrjkgpfKRMLnKEnZDdqD6sRO8h1/8V1W5QXRM=,tag:TUZXvh3hd+nRKaull1P+nA==,type:str]'
name: key
sops:
age: []
azure_kv: []
encrypted_regex: ^(data)$
gcp_kms: []
hc_vault:
- created_at: '2021-08-11T17:27:07Z'
enc: 'vault:v1:dTgln4Sz23VgKsMigpRssTtx7X8XB6wjCPDJGzvLRnM+LKpGnYdyppyYg4mha5mXLes5ke5RAj5CQHa5ccj+yaZFnCKihqZ1SkHDYhExXyBy9dNb2X8yDHx8Iix8Ir8icSEw+GZkG92xIbDHYxU4LgPgMAu9mQ5BUKGKv+IDpA/WKBRvvsczgVVDsuleBNnIQkxiU811RnqhYPojrPJefBcBXNsC2IgV0E9Lfo49Zm5HvOvPDaolucfteVAxIw3nTYToO/v2IV3I9X5NiWOvmYQ9JMvv83pmYgdkXlqekez4PPlADqUSZ/cW8B2UV21i46rW9Ilqui9eDv9SQMFg/xRbDu1pfXlKc4BGmUVrnH838mSCfizvNN+sX1ST6wrGtfOQA05wYtssbqRXrXbJ9dzjnkWnHWqEsTmS82uSu4tohsu29fRVwOgWfxHGKmhZuKYt2iggI/fn43CNyLgw2cRaXaXQFuTtefCAQ9toUOH4vOiZ9rDYsM8dInBukzYAcRAydZ1hVnhfm+UjfhS+e6MRDhA33BF/4VZzFW+mv9/1VzzbrZZE9x+juTDakmfcxj+Y88a8fgmkFfHpCAGnapdqpwvQ1/jomiCzLkQYPw8nRsirxDThggJBQ5IWqmINpr6wbx1A5eaepoAiGxEUTatFZdfVYL+tqO9Auz1xdvA='
engine_path: sops
key_name: firstkey
vault_address: 'http://127.0.0.1:8200'
- created_at: '2021-08-11T17:27:07Z'
enc: 'vault:v1:hGmSWtvLej7IwtrKrjnfFv0vd+X0CeClUCzjgLXTz72zpEp+0velsci/5QYgr+N39Z0ZPt3a6PdwNN8Epuzwtbos66bWCaVz4LM7e6zj41mZczgXQMvEm4YRGFnVXGvB5Hp3OexROCBa3HskFTWqSFeqV6pzOKv+1Z12mGVqVNMJasU4aTM8kN/yvWaUyk8RYoh9q2FLwAawLFBhbXPPQ+HJeQcvaFN8/q0OH2mF37pvk3Vu7hm0Arok95HRfziyO6CMZymSKB9zsfeajYCNtTpZ7KDSwPIZraxqZQXrtUvQE97lvBwnMLhdA3bPAxq+tk498f5Qgkl4q2ikFLE13Q=='
engine_path: sops
key_name: secondkey
vault_address: 'http://127.0.0.1:8200'
kms: []
lastmodified: '2021-08-11T17:27:08Z'
mac: 'ENC[AES256_GCM,data:qRm8PgsmzgsfEUST2l3Qai6NYqSmQYVjmSeqKXVNIzW86+5VpAgvtfeb+CYW2PoDyErPdUN2aVlCCIIMSHcvs/oeQenjhxuhD10Tq6YCSW6xdr18y9l2gfQk7he0lQrQD0G3s13ljW3pENSb5veD1z9jjePCUzMYxFag/AYKMa4=,iv:tNYu1HUIPUZv1Eu1uIejskm/oKY97ViHpByVsP4gcic=,tag:VChCD235OtUIFJY7LOZsPQ==,type:str]'
pgp:
- created_at: '2021-08-11T17:27:07Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQgAovWJoL1kvunbQqgZVRDIpHJa4zPkbMv4kr7XHGSaKaJk
7YIG6/tHJnbGWeEoJmjg06nbN0ovMBt2Aw8nEocirLgsdq8dSdCePiRQw9SZ/rAL
U0F+iItqqf9Xe0vxZAwJHnm2Gd2OTkZ5DXvmL3NdOb6zD7c/pQbMpPpYXXeKTnqs
R+b/V8lUCpRQbrmCLAf00Dl59+92hCZH7IZoLq60hTqjEcLJivRd+JHnYHFKYD7U
rWcZUmXb5YKSG90L42/E+KuUMqiNf2QUJYZos+2s4GWVOZJ21+C5ciPEs1ep1RRI
orc/4oGuMNiaGforo+gYv0GYvWp/pfIzpimD4uoclNJeAQmfo63FskWSqm2ON0jc
d6HNRqBMprGtvQjK9ES6gJotHV8iM1vTOnOchvWkl9Vwe3ZJiYYMFxqzjjWnSF6c
rKIhPfUeXP8kdADct7poEdjWfnkCqsOh7XmHKUHb+A==
=iW1A
-----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
- created_at: '2021-08-11T17:27:07Z'
enc: |
-----BEGIN PGP MESSAGE-----
hIwDXFUltYFwV4MBBACc87vDwuhVG9NN0BK77GsH4PzZ23gVdqR/FB/BsUVKfIdE
Gm19aZZAlSL/AstATpddhXM2IRtDUM9sMRGfbr/E1r8qEByoUVruPGORsAhgvOfV
zEhts2UP4R6c1H7pT8JojrXpPQidlUj7hpCDDRczZlEgbkd9fB82isK/BYKUs9Je
AfibRs0Y0lpHNKJjYWZBMVuKfAY71ujAI9s3WaNv8Et84ddGJrun8pHlOydsL2h4
ToYsrMozVGIsJGLhg1VcwgDgPCy7BsL1aF7hJzTdSYsW+Em++uJlN0BGAQbZzA==
=tT7m
-----END PGP MESSAGE-----
fp: D7229043384BCC60326C6FB9D8720D957C3D3074
- created_at: '2021-08-11T17:27:07Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQGMA5pKZobbvtIQAQv+MhMPhbxS4gNfQwiFpnTqQ/Hga9FfbPc1l96Cd7IEQd4J
JQqMAW858fOSwsIAEEgZP1skOGGTQXDdpKCqPafySdRVDfFCPTFzVXnFTr2HwUfc
g0ByHpTqDMlRQ8mASlo8+PoZuw1nZSwOhdag4AWwDp1a/RVRP6tPOmOCL/P/t7Hc
VEcaAuaE1g0HJsLvtDITPf63WcgN2b9LcJ+anWfapjTL1yNLiZhUdN9sEETr8mkt
vNYrcPjMQ6/e7o8TYThrXw+5h0Uwed/zGO8E9UHUse+XeBJsYSJ76vnuiKXK6t9Q
LtrduJ1KeaLpvw9e1p1nxCZHSLN8dVngmyoYtdv3yVN7JUN18HUu7WT6MQ0VYttM
fBz7pHgltX2TP5EAvMBUAWA8i1K3razhGq5l79d3lVlxRK4mcTfZQkXQiieCBh/j
/cbvwFcwDYWbk+RKPFHw048+iIrWaqsv5nhv3Zc+8gZIyLmEattFh/8YTCyirNjj
kNamcFLHu2H5UTyuZV570l4B4SJNO0Vs34LIBMHpwQaEOdKPto2hvtzNuhZPw6CP
MbDQr0HaAShFTaQ5TJRKjWErZ8QWt3//lVe9wkMaMPlqVbddlyNbCIittzteS4CJ
I1w8PpzzT5u8EdTymqDT
=Vv6V
-----END PGP MESSAGE-----
fp: 9DC6FBBDB3801E4E1144017138959A55322BC64B
version: 3.7.1

6
manifests/site/virtual-airship-core/ephemeral/catalogues/kustomization.yaml

@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../target/catalogues
patchesStrategicMerge:
- networking.yaml
- shareable/
- encrypted/

92
manifests/site/virtual-airship-core/ephemeral/catalogues/public-keys/example.pub

@ -0,0 +1,92 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF1oQV0BCAC1iFfE7H3uu0hbWbRYVMoz5zZ91ACHETCOMVxN8GOG4SV0l8aQ
wmK9QWkYxhi52LnicVD3D7Uy75+J3zkvEDQ15C0AZ8UHXp4JlSQuXpFhrOhfYUF/
6pr/QexT+hQjOacvY4qfnj4xKa/AGdv5vPIygtQumE6r3GhEVAxQ1GSwtCWSU3Zl
3Uqf7S8kDvJTemtR2UkVfpXcMd4AmMKgt7fVhPO8eFotqTLPvz/iClzER+q61fLA
d1rP9YlmY46MJp/PffPicWdJiKv2i6ynKcIwkrQyP6V2ZzYi/gAhNJst3ZlMfsiN
ekCtcow9Bn44uxW3U8W02FNQSNyn6V6QPDIXABEBAAG0U1NPUFMgRnVuY3Rpb25h
bCBUZXN0cyBLZXkgMSAoaHR0cHM6Ly9naXRodWIuY29tL21vemlsbGEvc29wcy8p
IDxzZWNvcHNAbW96aWxsYS5jb20+iQFOBBMBCAA4FiEE+8e54qT5KJrAwdSEPRbO
5KJzgbQFAl1oQV0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQPRbO5KJz
gbTDcQf7Bp7e2zY9pBBXTgDASQl31SSHp9WkRUV5iqPVC9iPCELggteBGMwIpbDl
obc6O8/06foxWctTUaaciPBo2+jeWFTO+DNvB7oXIArqr5673QHLh6jEABBjyt91
rvta2wYF1XJBgxpui9aLICsCptFNIRvHeKUrXBI4fG5z3CDs/EOoY8K/AAYJUF+E
RtmvmisiE/m20UpbYRmkBJy25c89Wcn12I1SUJA3H3hGwvZCYp8hY1HPxxQUtU+D
ZBIpryi0xQqExGAlYqck7G03F+AD7/csaT1LEdCtWRLNwE8UkvfUF6liF0SgzxFo
1pp3gBU4swds9yO9wNe12JY/M5A/BLkBDQRdaEFdAQgAtun8JhSpNAKvOXwWX2nF
hnMXTJp4viMhlAZEdmMXEi27B2DM/nRzldjxGZoNUBSVbJNj2kx5ZUDl0o6eOpCh
vRaGuCOpYqOuSQvD8FnX0NgQULwuTZ+MawsaezktJEjDSBM1R6uASeJwDZj4hcUn
PgyAIESajPdowEkEjdYt261fGOLLcVoVdtqzOMBkLVdrK/FD1kGR9jnSlKEYDV9D
veBUBQGdqkgWXjS5BKcae07viC6xMa9AJS4pizyDALB2k0HQOelZNihOGXYUuvkc
s2Fivl0Tk3OCfH9XDvFehbYRHmkRDoMuKUDSzdy6tFBAkL0CPlXAWI6kQklaBEp1
9QARAQABiQE2BBgBCAAgFiEE+8e54qT5KJrAwdSEPRbO5KJzgbQFAl1oQV0CGwwA
CgkQPRbO5KJzgbS7zwgAndbf532OXo9HwPH+yQQmzQCLDFL6P4V7LcFrrydYItTE
hxqI3tbb96MKXRAt+G5Mw6JjRkWhwzbU3jE7D7XBMHw7GriTTU9QltNHg7VUpSSa
iTfVcSNErzsaqbjbA7jMs7VWzOq4LZo6Efy8UDKg5qcqLFaTQrzQZYNHNfM+kLAi
UPU8m7vwmz6oJWsjHkQKUhKhHptlpwMwdHkoacqDO0x2H6H91l/PnDm4ZG6FybJt
cjr98i+p52/XOo81nLgX7tcFS3nrN9HNdgKg1ZW3yrzg8NOaFCVA8qLDgLk//M3q
DixOxiurECkFrMvt/bDxEGpN5GVy550MmyUZQrkuqg==
=Zs2s
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mI0EXWhBiAEEAM+5U/ol2T8n9Ns1r11eKun/PPArXxmo2502pAY3cf7ZpKDFfAvC
VF/PLusHcJToTCPOT0RVh5jO1MiQYcvQlnUIJOIEkCuUc7RsdBDsI94o+SEiGSN4
DzK711xTvuhgLbFvCB/jcpjN8wpIYTJuD6wE75sf5jqlokrnhXZy5LcbABEBAAG0
U1NPUFMgRnVuY3Rpb25hbCBUZXN0cyBLZXkgMiAoaHR0cHM6Ly9naXRodWIuY29t
L21vemlsbGEvc29wcy8pIDxzZWNvcHNAbW96aWxsYS5jb20+iM4EEwEIADgWIQTX
IpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRDYcg2VfD0wdEdnA/9mMGieN4hrnmgMwchZ5fplBAUCeB4R+KewSHce
gfQIxN8i3vCOHaqmF8cmc2ifXfioqsSQU9JdRl7dx+TN9sgyWas1wfT01j98sfPk
NQrgrOxC/24SQ9f7C3bplXO+25kLXCPTUomMj8zf9marVeUVNeC6IduFRRI7hxrz
tIyN/riNBF1oQYgBBAChXi00fmpEs0Jiq0zOyYm9i749VoOsNReoB/5ix1QCimwV
ZKe1D37IP5Qqysxy+LIQc4lJ+Q8foNOx1Aev5+TDyv+iU82D9xr9uPLLbA82k3AZ
04OrBjrZ/Yt1NZhuaHzciZCPpmqzF9kqVqAZc+vMiKZL1WZjS7O1FwaidY1vXwAR
AQABiLYEGAEIACAWIQTXIpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbDAAKCRDY
cg2VfD0wdMMfBAC/66LvXwBPaHDakr0lo25PGOWWsf4o8yWui/Q/yhcc8KiELlzE
zmwnq0JDSodfJ5agMTxXfVu2oVUBDKuvTDLSCe2XUv+2ufAweg/xr/FrREc2TkLu
GZy6FMdtB7Ik1uJElmkIhnU7KsXXv6rq71gE+PCqnwqsn/SvLLaTJvtlEw==
=PafV
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGDfWUMBDAD0nxvYUqZiUioXYFbQXDKhzVPLTo8mUY9YNZQzrcuspP3XKja1
B4v7PwMPeqkLS86n/lK9JOZh2AMe2fhKYdp+Rtoz+7ARVl9QzkQEjcILM88wJOTg
i/VwK/rCWKduns8NASSE8vZrFI4pvS1nrf5BNotArSCdHsuGhFvqk+BoId1Z7ykX
VC44CcR7ePEDVWnff0XRgiPxEMuHT9HlaFZig/aBZz2GUSuuu7n5dvQCKtZGiLPN
4KpCoXh4atgGSnAeuhVFYeonMdhQsrPFRHyT/ITutsEsu+sAklT9IcaUM6/LIjXc
hVOgePJWtwA1wqBNmKn6vriGiFaFHCun5BSQq08pty78yvL1AwqrIKPv1lPGXcn4
RlNNgG4F3G3qpxviwq3QVuYn08EWQh465Giin1EO53LeGLMajB1FIKNxyMgkV/n7
O1cJjoRbm0veboIJYFkRd7t7SjOStPxGiFrP1MvyQ1nkexETQoYd2hjLLJTjORWX
qXdLQFPSLcTQ0iEAEQEAAbQ0dGVuYW50ICh0ZXN0IGtleSB0byB0ZXN0IHRlbmFu
dCkgPHRlbmFudEB0ZW5hbnQub3JnPokBzgQTAQoAOBYhBJ3G+72zgB5OEUQBcTiV
mlUyK8ZLBQJg31lDAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEDiVmlUy
K8ZLB4IMAK7p1Jq9mDki0fhNdKKF4p4wfP6eF28+8S6RbUsysaZK9zPMg/UKK5R8
0Y/oXVCYtXTjdyjEwiSui15KcuKXBzzFnmJKTwGX5IVm5C6Y2dclDmFbZejJ9GJ1
ImXh7pD/MgQfic/2i9lxmmc4tMZJCEJnaJw+oUniBO5KK5UV7fyoONIJAG3HW3B/
aAEuYuB7lOejtkLxJDJeYJfrCIZYy9MYTzGOr0LukCws9+CqNiBaDdCJo6euGTao
LUIQlmdHB9peM0NjsQQpfpu0BzdlOgB0pnf79ZNRBlsgXqsine94tujRaiiOmcu3
XVyM0JwUebB4ym2ky5+Gg9nneLCirWhqTqU+0sUHl7iwia+2L2fXa3aj6C0GlVAZ
Fpkrg/18BmdrykpaNJTq7z8MMrMD+crf5OsZIwPZ3xNjXiW3KLzvNKA09TlPTp8c
0WwzqmDsfkJPY2Z7+F4Bq/m9yYTiCxeQKwSCTOlLhubtnBx+Z93KxOeMy3jN07Ff
pZlkmNa4vLkBjQRg31lDAQwAttvs4g4Qfh3jl0QRAbIvxE8jKxBKijPmRRZf3MXd
dn7DNo7rv+J+HPWFSUlduX2eFDDbmDQAy1LQtXA2S63AELVTFNUxaHhbXpAltpV3
1cIdcg7aNXc+uUC45EsC+mu6RE7u0pswMSepAeohI5jDNfX2Ij3EOtZfz1sC8CgI
FzdwQm795oAkFB4dS310fuJrejl3glBmX2jBDovKWTrjartrHqRiCrKjkBH3VEuh
pwNGYFw3mxA0NgltOBw698/XZqRJkonSmzZoLI9EJ+YGkIJtLHP14DxAeY5Z/7Yg
h0gIq7p3APEOr9uimm1pFEvReIx/4p7NM22ryQ/j7LlN/n8EAhpTHZn29t8ftTX7
SZN5MygdgVdFxuiodvKsd4JtFMHGKq2BQZG2ZcVhSUTI+0tX/gDgSzeyIWdHT22k
ZJXmTYIfDsDFETYWlzAf76nAT11Q1wEcJ4d4xfvo1fOVAMNKeWH8ovE3uIFQ7FI9
qe4ImBTSEIOIN8xOh0SIYTLbABEBAAGJAbYEGAEKACAWIQSdxvu9s4AeThFEAXE4
lZpVMivGSwUCYN9ZQwIbDAAKCRA4lZpVMivGSxKEDADofi4m8pXZOpuQ7IBhjjww
/CxMf5VunM/xH2SwnRi5/Uf/pwSu6sk+Q2VGRV25mZv7K/jjMcdduGzdYECZpU5Q
HJ5Yfzep4bz1GAORMAcBgUiTBH2QhDjkBkFrVfEbxnr3udESIb6NF3LpC0DiX2x6
785pKYUEUUY/H3PsQvKqkls9iit6HTIu+fc0JOtzSLc5cUDcCoj9hsQA+7y1ijWv
ur1nTPVYjjITjogV+9siHTPr5Vkbx1IDMFtDgfU1OUsSnvDpGqruStmor9Qhq+X2
384Ng2w0k82H+tCfrXXaBp32V8avFIXSA6QrVncu5jSueARFB6a08KbJzIodKEvl
lUBlJEweLFlBZm96JxfQnr7e0v/TpHJ6SW4v/1U9/BlGIPL4R8IjSp1kfL3UC8Yl
GftHRvOj+M9QWkaZEh6i1dAdL2ID1B0s9zp3TE+QJJjbq22Bq9yiHsIg9qx9AFhV
rwDF2ieowreVC8aC6NmtMFjnXCyyj2iBJlQ9zuh+hVM=
=5FdM
-----END PGP PUBLIC KEY BLOCK-----

10
manifests/site/virtual-airship-core/ephemeral/catalogues/public-keys/kustomization.yaml

@ -0,0 +1,10 @@
configMapGenerator:
- name: ephemeral-encryption-keys
options:
disableNameSuffixHash: true
files:
- cmd-import-pgp=example.pub
literals:
# user U1, U2 and U3
- pgp=FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4,D7229043384BCC60326C6FB9D8720D957C3D3074,9DC6FBBDB3801E4E1144017138959A55322BC64B
# - hc-vault-transit=http://127.0.0.1:8200/v1/sops/keys/firstkey,http://127.0.0.1:8200/v1/sops/keys/secondkey

6
manifests/site/virtual-airship-core/ephemeral/catalogues/shareable/kustomization.yaml

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../target/catalogues
patchesStrategicMerge:
- networking.yaml

0
manifests/site/virtual-airship-core/ephemeral/catalogues/networking.yaml → manifests/site/virtual-airship-core/ephemeral/catalogues/shareable/networking.yaml

3
manifests/site/virtual-airship-core/kubeconfig/kustomization.yaml

@ -1,6 +1,7 @@
resources:
- kubeconfig.yaml
- ../target/catalogues
- ../target/catalogues/encrypted
- ../ephemeral/catalogues/encrypted
transformers:
- update-target.yaml

24
manifests/site/virtual-airship-core/kubeconfig/update-target.yaml

@ -10,8 +10,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.certificate-authority-data}"
name: combined-target-secrets
fieldref: ".secretGroups.[name=targetK8sSecrets].values.[name=caCrt].data"
target:
objref:
kind: KubeConfig
@ -20,8 +20,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-certificate-data}"
name: combined-target-secrets
fieldref: ".secretGroups.[name=targetK8sSecrets].values.[name=crt].data"
target:
objref:
kind: KubeConfig
@ -30,8 +30,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-key-data}"
name: combined-target-secrets
fieldref: ".secretGroups.[name=targetK8sSecrets].values.[name=key].data"
target:
objref:
kind: KubeConfig
@ -40,8 +40,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
name: combined-ephemeral-secrets
fieldref: ".secretGroups.[name=ephemeralK8sSecrets].values.[name=caCrt].data"
target:
objref:
kind: KubeConfig
@ -50,8 +50,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
name: combined-ephemeral-secrets
fieldref: ".secretGroups.[name=ephemeralK8sSecrets].values.[name=crt].data"
target:
objref:
kind: KubeConfig
@ -60,8 +60,8 @@ replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
name: combined-ephemeral-secrets
fieldref: ".secretGroups.[name=ephemeralK8sSecrets].values.[name=key].data"
target:
objref:
kind: KubeConfig

6
manifests/site/virtual-airship-core/target/catalogues/encrypted/kustomization.yaml

@ -0,0 +1,6 @@
resources:
- secrets.yaml
transformers:
- ../../../../../type/airship-core/shared/decrypt-secrets/
- ../../../../../type/airship-core/shared/decrypt-secrets/cleanup/

73
manifests/site/virtual-airship-core/target/catalogues/encrypted/secrets.yaml

@ -0,0 +1,73 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: combined-target-secrets
secretGroups:
- name: targetK8sSecrets
updated: '2021-08-10T20:00:41Z'
values:
- data: 'ENC[AES256_GCM,data:VGOFunY8rvu3GnfVLvwRRHjIL8r+qdjmbbia3tcqF0lKZAqz611aRZk2NUixqcP0p4rivGvVJipxI7fG0J9NkVNT47FR8qzHq2FEhXZAXKrgF/74MH7N40V0q3o8Tt/BbC5B/mplaYhIwBeZhWi0m4fuzmyW92DReKOHnbAavN6w+bSN85LuM8ccHTgXf7SBQ4cxHESyGs2XmtVAquI0vdUZF/okZpV+ViQk79MMTUkK55Y63St6KkaR34riouwlKs54uz2ZtlKGTaQDrXAJITlJ4UJVJe9XH0FkCarZ20rZ6Nng18aEOZzvIXQSDMkTWY9PbPYyZJzTuKkT6gEuPmSfjooEEUf6NPKsi3NTIpZTwDAszypmLYIu33LspSHHBn6oV46oOy71hlqzMDX2d4Iulg28rZqfXdget/sYxWjhJRwozDKD0Rw/w1uykGF9nxwHZ6mONPYi73THXczJejfJbhOoAn8Kk1YeADafVjLICCK4RayWmK71O049SIE0UGWBq1IQntV4gUV6STdpQqK3gePkFDgY/H1tNfPeuzy5GoLyFdVJwq51RLLS5mTSNndQEcv9j9wFPZDXTIbogamI2jHYokFwk7eRtRokCG7KwuJhyPY+/arBjMtKcEWBsd0uCeUtMGqAKXdeuSCZnpn+fORjCJZjoCDbaC3yU/Rti14z7sTNFmLlLEqWeQGYFNmKogv6A7oxraKKLcp8GSvNLw+7+KnMaVIgyzs/kAzJ8ZN5OFKnkp0MUiQKrQ8PNa3fYOPEdHJsYjuVU5BRGN1ZenQWDqPobF/CfEcHRyeY24A0Kf/S2Q7RSs7zisoNp1NyYaxc8GvevdgFt+7zrreQE7IX+nk0JD+0ppeE3X3/2+qzCwPKd0zWngdUmS0qQ1DpQpWOWQv/ayrlRJjlS5IF7SiOgoRV2YFPGbtwn1nElmDY2TuM5f9YFvOYO5spKtnktSavqYAhrsexYp8gERfujyyTbu8gJTGttixK9dta+l7cpnXjVooUvAP+RtygPeqExE8SuO97hvi1TfyBdf/zeDvidHEE9IkQkr6OWCDFGDwR9vGbMeG+0iO4AyEQp44jHqU093SD18ka+hlL7dVARmaZMVFA1WmbqNSGL9CoU4AWD8yMQfnBKp/EI4CO+PzY4jpUN/V/anUZigOoABg+WV4jldWM+RUJYRcJFwD/FRRJaujLz8mbdB3CWzkLdJhIt40F8ObHnuUHHTm/rjvEj2aWpXUNmR1Vx77ypvitsYWVyskaRSQ+7ar1Ch+Qc+lRbyapKdVu8P6HXDmB/Oq33i5pZz1eThkUWx7yrHF4iAKSg3v/Ff9NZzOXd2jYBEg3zbqEN34I5iwg19HJax7TcTuWse0IzFHEvqewwM91QlkZUrETfxPt327alMqwXet1iPnxqFiTgN00wsoU4q7S9GRJM6pED7oQUSKODNQqNyHP03EKbCVBxy3PRMd/tHXWb6oRHbbU8EZHfxkNcEsMPO0t7ZVNr3M/36t8IqhCs7/M/iulloLoPWJTXYu51YiQlyKoCvesDUfjk02Ay9hlk5W5bI5sTNzwNUL+WsOTPSzB1/VgCtsFXPA2pfTFV2qoeTuawc6ztXbTdnxU9XGa6s7IwAf9nP3O40InZYAWI2B1c2PMvcDpPko9yUJbf/MUhCRwr1RHJ4KLnEWyCXlr0eKCtvepApI44/L5cZeexjeqYm9EKK20MWWMYtqOKKrH1vCYZYG0rxqnUPlUJ8lBwJ7kjwzXc3XM2b4uAnr9vIPCXWK6OZ2/nQ9Dzx/uZIt3CevR3DKQiRVAStGlo3lT69g8XF19RMqD3XEHo0LtTgi4eWxh3ntIc5Akb//2Flb3cJYSrcfkcJ76ZAZyWhK+NFtMkdgjpz9T/JketIKzJ9tIYnNLAqpL0zCwZjMbfQMmlbXe6DpAeKIOj7DVq0Xoe/Ms+9Ay2firg+oFThlBAjLqcTM2ZD/hPrwzEIuBNIOCyCK1jTqPR12jMhQDTlmGvTRfCA0gH8kwFZUZ/xo=,iv:bPQ/f0A83qe/N/5MQVMDwGKNo0gCVSov3j5ctRBqq70=,tag:vvmSh6a8pEoFE8yh5UpCUA==,type:str]'
name: caCrt
- data: 'ENC[AES256_GCM,data:spZ6ALzwBM4BpdAtKdPzDv+hgDcCsjdbmHTtWAQ2seJDf10gnail4FK1aU3IQy5XthwMaSRv1yv7Lu9bvsBC0VclMp7WaiaynqJTi8pcD5COl+I69kfE5OE6Y7+gPfd8ySHrmq4XtYvNMFthQ2xrzJ0qqx/5H+Z2InkEB6vfz9MD+OjuUuBi0RTpAfsRQQFdKG7QXo/1x+9WIFUAAZiumAkayjbjJaDGOXCfmbAYIxP8zTdG/KOLbgDuSC79LAIop0AOGUvNfB0V/VVgohiErpcZzXrDr7h7S+SyFTFlrFmaA0OEZe1CW6WNiCIJIKwh0JeudzWNfI3cd/nh39T1K/ySKKRbN6jPqe2nVfW1LqtFSx0Krj9vhKVV5uURV74viJYlgETRGfoBMWCEeJSuq9++bg6kFx/K8XXXG91Jm/J4t51uA6i+uUXWSOZbDyLzRBYQtNCYUCa9HAyasNWVJX2Vdz9uaotfv9k32dAu/7ncOW0AgOyJQrW90k1R/vMzGiCfd+94wTbwQHa6kbC4Fk+288PF4feCTBb3UlTLETPj/xIeimYRE8gOvVr3JDod0R9EF0lkgGVEZQU29McqOi6EnHs/kiJc0zjarmmGPBYjot5P3Pj3uWe0AN4T92iOvW1f24nFSq3fxy04wUYfh+RUa9ZvCRJ4LfNNYktaTUmTyi7g9grce7DG0hpdSgfxn2stNcV6jmNjcYSZAGKFaAHATfXsBXNYASoIifQLsarIA0u7lJkmfDerCan8D2+l48bglKP3aXwXYARuKyhl5ePlnl0OVy3zQ5vhY8Wtce5V0VYDhfoBQEbRP+B2CxxblU2mm5WUS3I/JIF6zAjDbd6RyjQXFnp+Er1NhP7DAxqgut/gw5SxZHpLUpO6zd8GVL8Lv2uT/te1RJFnwwznBdhZDL8LESMBZ9pTOKUT8wAbpPseaGzxfThf72onQjHvu6qt8BRlMR7mlzRLEBe9xZ0d5OqPRl6Yn93CMhZmbCun6pUouZpw6zQfaFpRe3UA8t2ScDbqzD+nxA6QOSJ/pbfOHh6PGa7jajYSDbV4asuys8ujwQC3WHgRN2aPYpcqrXYDtXmWzMoMn7U1qskiOL++8n2wY1qv6fPPUTZqdUZjD7HYqcCmVAL5v9TxtsgE9uyFHGgWoIltEDr1zYI5ID1CGPdRBrmIGJ8cYC60BhdvhZKUP7fQzGS/M80ed2ey43t+9nX5++5hmITA6mxNKFG8SzUCeR9Ndl7NJNDjOGMw4OAdIyPTc2obFc0D3JZKhGPJ0h+nMFP/3rRM7nc96qjGYLZfffKta4P8yQkONC5Tpj/BwMsX2YgIEB7V3STnJ8rTkiFatSkVx/PdQpTvJ5TH4HxXKF9xcLKeoCYTHy0cS3W5LtvPSY3TCP7SJEFsgzy+059+zQf5bSxOZh6eA2YFFUNfPDct4lcS6QOtwHxGrZfr1ueXuclqSV9kGaO5IZIyOB55myS8mNlD/TH/onzE1M29YsXaeayYWXf/KUac1Myw/bfecFB7nkhdhbrTDPWArfCzjvi5nhZslBVv8vbYwDEqp27ByPIPNNjb62Fb1F1b43VM9vAVHsGBepx4Gfukx4WWuOB2Uz+Pd0QhtgvhCOpnvgv3VMYLdz2i17c1SGB/4L8n4jzV1HqJ0HCa5Da1BnA/JlNWiydPzKpUdazTNsJm5INAu1EGWJc/oDIRxEwnZpx9EUx+bt8RtowZH44kgB77t6Knih4UfZqbOsGLMovpZO5OFgFPsI+TqwIEBrXYUotBb9r238PmRB2p4oruFGug0m42gTasTf7E4MYToySVmeOpjcT7fcSJSMOOeckZqmXeZrb7uJ8MvgjJyo2BSVxThQBx4oy+B0ZswA1gaW49tVeYsPvWGblQMWft4MC9aj6aPV1sjcIUMvqRZCzUeHuHq6gEIH/qUwY8WiMaQlYqc7VO9Ff9iH6brLPGC1vuXsat3l4E9O2R0IYRBIcfEUb+0i2WIi4iTtixZ2sRfk7YtJySnlzVQeKG6uAdLLRRv9YXCDMHr6YwkeEaGub1CbIl+fJ/QKI3h6qg3yicx+y4YSiqFdx9eRnN6fapS3k1Vwr4FXpeFfpCozSZMJqob14LhGMlM9nKzT1BAy1vxv8cTDYhgyrEPQXQ5EBAjCcCf74KZGM6sZOK3SG1MW6z1hsV3uyKlxTR8+XTWhhTR6YyoMyBFD2VE68SVkEPwgGjUd/KYb9vHFqZiBXq938q14JMmII5oSK4WdsgNWNM3ExCfzbHDiJOj9L2Jtc8tIYjPxgyV482AGGsHi5Pr5MMZ9HS/8So57srk1TwBTxCVAfmFA6o/fmDUwUBQ8tJooBdHr0vf62AN7J8JhOK1PrRqNxRqKE/QqLc/9lpjVegM4AkMmbBpWHS3CpCBsZWewnMUKBz31O8dU8Y6SF4pQSTYpM6RJOHn7bA7uFIk8k6hZgVFh0ubQrTySbVvrU06/XmAcCbXYZtdwE3CYjQMJ08auEaB9LKV/vLzb+J9X4m5sJpo4sNAzpUed4hVAbeqws5OUtoCwSKBsHqfynhsGZztpBrYCwxNjQKos0UnwWDLVhH5J5w1d6jtid+5aOR12fAhwDl9OR/SvdwjXywN9RPQTouA8GsWPcfwfd/jWPDpNNdbz3qrUHum2L/g9mpqk5adY+x7QulAyfeRrrvDuXJjXQATtwVHdGfj90ogUzxXo7YNaLbYaIDQGRFNZ5p4M4t6CNP8MuT6DXZHxzzpt8gOgWStFFZsNwG56Vz2/16B822NLuDgC5ka8bNxklPKAGu9lnmILDF/GycvMC9IKJJLiY7dSwn3m9mv4mMrgB6poXX86xkzC0ltynYyrFFQmNwCLwVfITSiBhBc/HKte6gq4HTLvVTzr2xb1jmp14EjzSVK7nFyd0FORa/2KhRD3K76ved366rX2jmwwEMlTFwFna2k0pockGOYFnujoipLF7rXZgHGFQQI6KPHLQ=,iv:Z4EXdCvzyL3kfwgwGMO0dbo6n+24bXyu/YOLUvokYwI=,tag:1z8Igd1gDyCoAR4wshKo1A==,type:str]'
name: caKey
- data: 'ENC[AES256_GCM,data:Wwx+WY3NayWfwMfsTfqjM0Y9adNSdrz+XNU0rTLoWUPV5ocXD465mtRN7aKOPzIx6RldFXcHuQUJglYGwb3fl10onH+6tGFPwthBJOmA8z/MH2UVi0Ov76bUgbAcCTZkDzeE2xjjym0wlKd2W7nAtdyBPq2TyUh2IpFy4CX5tIoh3/JM9KrEynceWMmmr7Srg1YndtCc1UZfy82uDK21yEIF9PD749CqYJPz9+kJBwHBOpO/fEuoKqVseLjWXiVBWKBGc8l9rj6IHc35koRrdwqMzjKyBNr4v0pFhDPQjg9j/pfGAEACyhUP+DIM2U+jf/WLrfeIfndfy5MKMWl7UIyvXadLlJ7rVLw8qaeXfyRVYagyZIPAYCNPFTNmyCWA9BZeVvISwRY9o9mz/xqNh2kqOth0J6Jg+32b4UJkLSpglXAZNlHkKvMMTIUbAcYPctQ7d/9V4Bv46nGP3H4Ij4CE1qc5A2QQeyB9sEi4pSkAoekjK6ytmFC8qw+xmgsdd03CJpp5D8PDvw/yW5jS0iRCY3HBvZH8vAz6Bkf7aE6QdaHFl3ddYeNKZq2MB1/Wy41E/FA82o6j65aEiL6M881u6BNLeOzfhm5SKtUaKf3Ab8fBdjiMIVVRdnzfwuKgAvXwqkHcTisKn8G69FYz7uj3DzCQywLNaJNyzmFuxBfxE1EJF2/S451qwhL0AbkPzi1m7KQNJKOCeOq6NfEypq9op77r0LIe5dUI3FlecTIL9IWxARmTr52h+X3+7+Wa/ahfK1j8o9YxIFsD9JFyVBF1Ua7f4qms7UJP2DsHFGjUuUlf49EWfFCBPIQ8KS+80gT+vnp0qv+dpAs9MFliJCe8WcqlJXqFl9OthC+t8KUmbCkJzD9UBXF/9RNhszlcU6acyq4Ut7koI68eDdbZD49UN1rogpj2MgHOD75Tp7QRNFt8ragC/KA3kk6LVRExdF5OBzDn0eA2GNzIK3p14Feae+mlfvFcV20flvdq6agvMJa7JEEAPvAPZa9GAmmZYnJr3qvv/q65fMWC/MSlbOfTwq6MwKPiiUBe+A2aT0isvPpJ484E3E1zeSdIWiLUK8ljjW1obNfTKAojHpxxywmFvQixgsn6GaNBKi3H/r50MPdiUisy3lwGwUypY8rjtAtWeVHIMujTLjVhFDmcv27erG2fx8vLHVIYaLu2k5C46BhrrXF1Ngt1RfVQjxjXC2FsWiqrE1vheIb22itL51UwxjsXIayXvztEBX1gMvIQtps2fkc42zRTL1pecbwzsia1QzfpO5Zdo557ARX9Um4Hk8qACfLfC46n+9MC8wrnlbadcvwGXY9/Yq2vNr0uKQUizRmZxK003Ga72qDeI4nqeGMJPAM9Z2VQZLxdhTVJTuJEEhOSGzoLj0HkWDDj1/rCeXwafbm5bfHnTYIlATTnWfNHy3Mjol+T7kfpc+V7Hy2HSKihIeZNQ3CXeG0Z5ZWg6zKwWir/td+mDeCc2lN8uM0xi4/jxX1tG+oQ2JhVXqffVca4WF2iANF3bE5kwukNct3GBU0Li5JY7q/79yJBhktzXnT2O89I5T7o/a1OyxBa+VCUGwjsRTq2ry9tRZ7jvewEmI+8LR3n2f+Jq8wHy7yAU9VDpb/d7ZAFXmH0PzhZ6G2y0gwic+DHklK9AyfiFnHzvYRy4/awIQd8F5zbMSoCkRGieVPLW/lV+mMe5TNdP3HB9rfGVj7ozQHHmxHlo0rfl1zhcFPQckcK52xtKNHx4oBr0KyUbd6mwXNVRzVxVzhINQd/J/Bu6ZnkFKH6GTIWMK24DvXDU7YOhJsA356sH9uyQhVvJrgJ53B7vmsiYqzLkxakVGPKcdM4i+0aWRd1Nn4Ert9kPZ5KbuptIctBkIgZyYkVscTR47PYj+KtAOfp/GRAs6wwwsTLupbZPBdE54VqoxUuNSQz33H3XjzVJq4F+zhTbdZz/v7I25JVLsfeltCGa5e/qsKYR9efEQ96t0PO4kZsRmCHQRxtVS0+SAPznSdFYO9srPW/9L8xd6QlcuihfgMD9j8xE5q6L/b7/hKlcflz,iv:pvNaEoY5wwwbtDUUqJLj0h1CcXJBB6t/oOVTMTyXVOI=,tag:gEWpf9AKCNtA6nmkwj2GHw==,type:str]'
name: crt
- data: 'ENC[AES256_GCM,data:vzOfplS6cfnsH/1SbwQ5kOh2DzdOUrsRZH4/RafaLtMvC3d4n+Xixp/gr9rQ2pKrEt0gqrtyebtl736y65enRC7DEDJMHUwDhvTWDMZmzRu6duXLNy0At4vdTTiSzxm8sRoNFtGg2hkk5VkPZL0YUaRu4WTZjv/itjWy6spnXfc5r5p8glviUsPPBFK8WimCACHQOSswR1dRqD8/XEXiu2b25lj64+vtWyLMrjm5QmTh0o8a/Wk4K26mKiCsUiPBUKwAI8LjE/+yYVL9KFVufodoev7TZQ08FA9zyALyETA8pwImqBKq5Um9jKuMjhZ/7WlpbnV4egn6ZiBAt6FPgF/MUIat+9emVmpj6ch4RcbfK1uTIDVBOday7945B+u6aGJgI/bKnNoVkWAaRVkiR5CsQ4O+5dmu54KBm3bVYXwTmaRTLL/cQ/Cf73XeIJ/M0EtNrZrrsso1oCwgw4yzyvXmVtZ7RFzp1jEkDjyujmbB2I5fYpCADe1i7BPR2pLAx4JVUBr6qPPu0KJkUAStBOHkPTlzlAfineQjjU6n3s9YSWNTtsKpqazntWYZMNi0ou+8YTGJLq/Zzw7mxTxQloiGU/E866iyib66tTraxMBFKeTPvBjUZwg57DgpB6fW0sLl1xjJRcNW2fkwFHaV4iwdC11XLcjaFDX0r2qjxC1ZzlRB+R+iv6ZEalANayzAL5ymImM6WKx/CTBfTGA5Q9LOk15UCNSRT/ucak3+Px5u7tHp/FSrcAYIWako9MFPfUEq/4eLXTtYql20iEiHOjpT07/Xztyb7Jjas1qmYeoCzCeN7RrKHcuwqBG4DB4QX+5EY238n0RQ4bkG5sKdQDWbu8W3u4BmcvJXxjtFvdyB1WW/cQYvQXQn/bZH5DiMaWYAnpGAE+gA67z1aVofWPO0doKO4ae2SC5F6R0IslX7Zyx+YYHThIqQxeTjwVHNPAeuyfqZuE0oRwQFSy8bPFy4/nlm1kg6pXDjUCil2y9YDUU9MZZbKTlIqSQRzfaXiOZ5EqOMctz2UAa+w7kwh/4mKsye9e/C1J1McVV2HGXRMXJCmrNFJ1kdTd9/xuIAHHYPfsnAZRrnyZWuXZBAQfDB1ggZLMgn4wFExnS94GyQWFQIIm9KMapckYhAzkpAjLAPTgYbfF1abm1dYL3VNlSFkBhoq6Uny3WVos+6362GjvhiHhsTWizNo+6R0wvFh5NFzEBkxJGe+GhCCTAeUB+aQ/4NvDcIcOBdbt2UVzmE4pNP6fkVg1ZcIWKyWahlkXvWXVBCfY/uZWyhCSwTrKEnk/WLzCNDu4z4OMYDZdmV/3CZ6xbLTKRhKalY3sHJtsJoKdmN5PpPiEIJ/PAiStJ2vH6ElVHY3tc79q4S76h1UiZKzmOAufNmULtNweM1/nNnEasEtqzR3JRN3kuZafagfTNZck3R0faaBYIxBLzXYldFJZ+7M5pk9OPKunt9rVG/iaO1jFexFyXkZhQO+o2oALsEY1JL0F1T2NUFz3Np1UUSuYO3WiaUyuwuyD1tx/+0RZFKC0rUJhLIUwerMNmz3WpZQQmRvTjZ+FDkwc3akRnUeYORqy8DrmSVITDJlJtfmtzCIJlYaPziK0uQ4VjmGzm+53uStyjDvZ0Zc90bbZ0abj1pJ9vR7HoiTUbgE0AxzEkwppgdko8v7nVLptflHliE47SLz9W2LpZjh9tEtkLsHxhHPF3+zCZfbs9smmWnQ3jHUgmv6yC5JedSFtYjt2ew9t2TgjIDugA+YTEV6X15V4dSYvNfSi3eqivRNQJYGyULEYCHWm1hze/zLMWsQTl5sD81QL98xpASqfb1Jnh8RdNDv/Mj/PPNCIL8hGuBbYvNejoCz450k+9yIsZ36+kMgDRRwenJLOYZjD+QqAod3LsD9D686EmBd7yLIkULBb3fMIuK1ejf5vkgVmd0U/AYoB9fWxeD7sxwcre2UBERj/1A7Tk6KoxK0KvS4Y1fMRCz24WxH5AfEKhn1fg9lcGeVSa7f6uvIHG6zNyMOD2STNUs+M3s73hwKgAtqIr1oCijnw4Oh/6V/KtMLcEu531Kq0jhfBPpP4Of1db6Xq0CpyAsUKd3cO3FRFVfugxDRavtbTkOD3kA07rXVCaq09UKWKJ50jzPUcgJJn3+pJbA56TOFs0m/7aovijjPMahayY4fggkXM2En+oWHNmDAdQp5Bd8E6vhn4Ouf5Qz0vvWd0ifaDLW/Y4aLME3rVPIIcYFgiq4JpASf9ANMVWH2IseXwzmzDIho9+IPIPEOOImrB+ly/9OOIeAkcTU646OIotUXwovvF5J1u+RBTXEqEGbZLkx9o0f1ZRvacW5FwwnYLR4Mz0qeh3XmQtanqeT5jNElGRaZpVBn1KBhWYmNh651u9Y0V9XkVLJGlPC1b/U2qQA+H2FEcTZd0Tk5F1w8+fUUQVi9UtFnw7LtcCbMflO6/FjXuyMIZxR9CJY98Lupscy53Cf78ClIo5OEQK1F/ix78n6y/uclyNFxcX/AvQ7JUNyOFrfXX1q5ZbdA3YSvm8QLEcZsG3hwI4N4p1k+uCS9oAnMfgNJyRwXIoIxs7BZ5oIVlF/lX1q3sP01WxTMlZxNQX3xPuGKeq7mPjqUwDcMMPNXGoCdKuWofQ7GCfp9wMF8a8lI2q/id4z9ETLHqkpV7H/CSNz0B2d6NjohVJ7FbDlNgWIo5e6ndCdiOjTVKU2OfCuCKdVJsleCjed5vYVyNKD4w9GlInVAPZsDppS3GEW5Xd0FerbGUIewg7OLFue3EUOm+ItxOJyRgr5AFiXhUHgcw/Kv22LGqheCpkvkj4uRAuPgI6kdDXpgBeL+z6djXDNkj03uPKQoCle3/NN6T19sYq3fqVSrdx6o0JM+GosJYqzcbCpa3qZWkr01kCFnWeWhWXxdspTXjF5Dwc6/+Tig7/oxdcvRqeswq8l9U0DcoSQSEaX/f+3q6bP8lA+v3TqKYx32I4=,iv:dPDYUIlrM0uLfyXEdUx7D/UYUYc2h92JZhmlfUHEPU8=,tag:ySJUMycKpoGg19qJKdNDCg==,type:str]'
name: key
- name: targetSshSecrets
updated: '2021-08-10T20:00:41Z'
values:
- data: 'ENC[AES256_GCM,data:lqIbk19JrqVZf8eWHlZoTu3w0353ZqpI8jXQRfKC+dD0f5k5Md6YnWZZn60eH9S+FbhqWHB+y/J5VfM0Y0x4pMA9xRrYQHND0SxAsnI6vd0nd7Yggpm2aArIoe3C4ZtY6du0TN0EUy7QsuyKCQTk8hHzJbFgoW3EMmB4gkByOfhAja7oM+Yg2B01Zt6joe7xb8EXzFh1KKLBjhp5YLsy0B2TYSnVaCf9Kpwa4smYdTtjQSy0qxmjYfMD1uVaZV82tWmshDrHCnI5OOgZ0drZbSRc0M2tjtbtJ9Zhtf7m35telTGLFQW1gIjaZ9kescUySvMwVLmso4RgfXZeomKL44gatSQshU8YiqfiYEu98kiisF4F6iuz2yUrlyMmUasaqqIkFXyiY9wjHWyB8pW4LwvNlL9XHZLIwqeYL+1LBDhU454ZPqfgDppni7ng09bik5BDsYaIW+ct5HfhC2IjMAhbCG8Fvxfb7rFdZYPVnvdmmXpU75k9bDmIL91/lKRG6slH1KWBNkPEyS5T7DPd9FX0sH9gsuhzLGEVmgJOa5/v3nVSGxmSmdzKVZ3fOPSlPhvh0733AqCtaK/A0mFtfNDx0Us7N0ulBK+px1HLBoY4wsQNO0yFm2eYl4xTT8BxYYxT4xyIs+vQgxzAYwATYAO9ZXMZXkUTWPX9BWL4e4bruH2gJtplihdxnsTVYaW4pDMGheZIjg69YxS50J9yivIBWG6Ad+o+5kQ8BH8/fuNMyxvFgiKMK1qVsn8coYcfHG56KqHivQQ/fIenT4800+jP9umhoKEzBSonLGgD1aOrgFXXYO1YllMnWAuQ0HYcK5rCjXiSTiW8pVwL279KjfNjGoehV2HFqJ8SEwr1KNyMXqn/CPmWmlMCK0T4h1lULH2G9o2u+JdyTZg+uOJ60hqrUHfqfL6KRNktak4nuR+sP3KphxP81W+ZQVRp6ZnNFLN/3+/02q4i2Qqz3GTXrugUNzrPZ7AovDYyicy8lqPzCdygS7nPfMsur7KNONFZiX11/bTSUa4p6o3Eb7mxFCvX3I03bUq/XXPrF6ZT1ie9pd+aF5PkOw8IRQuumRjx0Fvby70UlW4nI86ZA/NIjOGJSVv3Rzsd9hXjuYaYMpyyvPPtCljLOvhttERZYBJ+yMACer4WfBsPKqEDGCsE2OlmJyrQsMYMSoBhJFo5czLf5xa88QI++CX2k4DJAVI+daMj43rGv9aTUt1C3Gyu2s0YKgqFOWlv6svlMMJZ1DFYysL5nQyQi2ySBp6BIdPPPtJLpjvMZmhI+Tr45gGB/SYPMsD4tUEYqQleVUfUA7OsY0E+KtWJNNq4BoeFr2mwgYFXSN6gVyHmXVvDnjtee99thfSdIcai33GIU0SPgwFvlZm99S3bRuJO/Fh3+7dMez85WVBhm9olacdvcrH6CEpm/5+J3gBmwx5pBeK7PXt3LQuacYQw0wwWankLXDA15+iSQjgo/G6jcm1x+DaFzblEnA00foKch/7G0BL+e6hiZU2Cco7h1ckJP4WFQcaNP6c5823Of+J8M0p+NNReOLEVozXSVsGbE6bddOy9pG4mEfmYmOBMwxNvVG/ybXEKTqX26zVkPbYraG2x4bDkD2kXf3A/9Z+3vmyT+L0ktUdBESGjV6az/MrThJVNZIQZT22dD7MrDP1ht03wXKDwppG12fRAlKIrC46Z1Hs11mLJSXcCcyzKLO+XuizNVwfMVBFwGbMdCigfJO7Qo36TZOb6n81rkfKSceMv6Y7w9tEWiU4P24Qcmt4Di1LSMoJUwBI8gI4KbxWEpbo8wX+6O29wcXYWjAT+VA+dgUFDhnjjUnIL7wpf44ZUEMPtC/tQs3+r3dMeO2VdTqfjfUKJSSgUh1igYko24YogBZDGCIqBllrKWuNt7+NBhvBJ9S7F1162bbdCYvy4yDu1mQEeawh1Jj0MirkslbPm6v5eecqDD0JaAKfxcJlqVF2SqqZMYgSNAsTn1jCddd+f1VfcPXK68OnggicoGV14kS7zDvnj57lIKE53j/ckdyrns70YJ1+M8zIvrOhj+DemwzD47kP1xyzzK832QNTy+KW9DCOthyfkeHKCe8UMYDkjVBVquyHmavEORJADCgu7N+NO/+qnsl9JfrGHiRL1Go1ijdDiPy1LZbFX5jPrXlB5G3vWtClwcqpLlHOubKef21JKEg0WJ8zW/ZLzkjpj4N9edik3m3UrJzj96QxnTxHmw3IJDzz51uQX4jodCvD1dFyufBerlfWV/tMN45B80CpbhM1aPIlbFdXw9hIJjitnxDXs9nrr1NK4fN2xVZd70QFmv+ucpWowed8ijifrGf7vPwq4J7S60i/OZAIS3J7azfhT/EzElvcCgrqALuXCuzkUdkll2iUZyBVBgrmDjt1ZncHjEbvgl/dt9B5YG6nFVku3HQEFJLv0LPNRnTt2iJEn8k0e1V2U6c6AtpIuPf6iTUig+PVDHIrXxTIfpiOn1ZG36gcKpSPaA4YkESHKM57qEQiV3IYUc+dMwSYa6xxe9O4iFcJyh2GkBC1CsbXqyhskatyMSpydxgn/DEtc7ODhdGRgkhxj2xy01apWe2CxbcXvIAOeRpj/kJIeJLvidUkzSLgz1Xcts0XlbB4ZO5hOdJtE7UutvMxOAK9lsbk/fdE1gcNuzcK2HQsU1xYviSMjLK+h8JXJS05/y47+CD2Xdq5WUXqdKdHSwIR18rAbCCFZsEB0QQvjpuxVXmK337DdL+P7qfJtSIOAE+S4atXyHYikOZaclGKb0vaVKHsELJ2mFJ8lOCJRj9xrviPYP+GMsmfrvp9zW49XRNx0ufdAvYuRBdOYu/+56ndQPiYj7ssDyRLl2wb82v18EQQXYUPpsi+P2yiJ5XXlsjIHny5v8iMs+gxDfcwkFErl0U943NUCdqXdL44jNcki0TaCtFge07yGirhGsCdZYVbr+TOl4msE8pBL1NhIzBkzgVONGfFrjQieC+dq0zzis5wmFj6FKtIBdVSKRtWA2swyP9cAdZsFdV6rukk2GJJk7bh06rSodQARh6Y2pZ7FbqZ0WB/ZPjRxVx04R281s0El1SDucVerwz6nMBjVD4BZJyhg0Buyi2G4+TwTV6G9aTE7FTLGMcmHiq21SiN9QvyTRKv97QbvlRAHdk/Ax1sbXHUIbhUp8XYRp+gA5hyftsldjhayMP8rsPGE4PsAubzH99xhQv84uRIocaCJJr/STAdLt9SA9D3dZehuq9XSpVo23dSiRl2c77R8CIlq4oa3e0wM1BdKmPthOJquwyFDU3B6MdaZa+kWF1nTdUydP3izEKfl1X1nxCgiIKgA73Lql5o/sR8C+7VDiT5d2WZBVCqh6iF/pQfm2r0mGVi/qx5bKMQYIEbwA4JagWpQOFB67gSBUSuvkbNOwnS6CWygXP/5lHkd8pH6kUPL2w3nRU67GCvCOSidcwQBIiNZdsbX9wPww3EU3945L5uItFh6LuwlY5xjj2oyf48AeEYmRvyKatFZyEdzJteqCLde1B+0ez7YGAndwrrMTaQKPiV77SKDIu7NaNdNOnKESIa6EmFy/wYAkRCo8CYcMKXPmPtR2+tAyrwvWSPKeg6DEtwx2YOSDfYkc2amVJNAvJO3yt4bLe9YGpa9Q2c17/ons66zbAvLct8K/Ysds3B90MJ+Uz3AUy4gnBJ+7vFYNuxC0MEHq9mouI4jKOJMkTmtOeaOpdLQp2KDfKTLw0QRC8fmeezUtOn8pbcgdHkkKolUPhe0cJ1uluK7vOmQwWwGhhKN+Xgi5L0LU5+iein+KQIJHfcS7L8mNYKo0t41/LAUqCFAVItm38KPUAj1S7U0bkbBwtUVzmxlF5ByMulmI9digR44oPmDOErjOz6QpSmidTYdECeWTjlKHCjrkkq19KTWaCDUcvT14WWh2vcbtFt1tWenSAs07pBFguSqlNhH41CnW8+6lzIE+ExXvyMiHIYcSW0yvdl/Rx78SYS+KNAaeHPo9nIOzYdjSuyFmU0PQdPcIUjWBQipUDizk/ZhjMWyikMwtQxp8N9P0J7d3EOSrSDxqEuUpBRkgwn7COvuqUVhR+VSiBC/6b1mwKdoPa8T3k/tRklY2wDllumzGoXxgmNZ2HxEYsLiytOrt32KZeAkWIvHYi3xdIyiCDJrMLf3/dMJjnEzG9rszpRhIcAPF4ZuS6KTVx3eRAQ7EhdGv19SuxddMib/kDnHNnUn7r3+KKpUAbscOm4bJpTF5LrA63Ls0E0BJPAXH6C7PC+8V0AuwdGP7/mckUeYlgiwsMxXIg+uxHBO7IoypY7MjWmz,iv:3V947NfzKkUc/KyqIqQxYRr5SlD1RIeppVC7651jppc=,tag:LNziKYmuXMRu7Myhu179Gg==,type:str]'
name: privateKey
- data: 'ENC[AES256_GCM,data:dM9Q7ZnLO2hGxtP//uQTdjGVa8UMffL+9YuzsOCqhnGaJFYoCOlPk+IYAtbVqlol2vT0mnWsVGuxn0c2afJSxpTuP8q+48p30s0v0weSZO+wjFXM8l2ZJ9bjW1Rn1ifnVKSwJFli/BahfSfhw13FPXO4ExGnOlL6U+lZkeaBUmHYPHkGjmmdDaFE7VFJ37Quylpxul6RWbidQgnzOymiGhsJMAL3reC9HmR1PXrfngyxXGWXjfkDCKlTr2libXJT3Az5nBwfCVyHae5i5uEThw/tfXlq01G0glQGMSyDf50uzH7O5ZGN9lnzjC6J8I+cPLHmqPf8N4ih1BuuJAhs2YRfsfO+AyGXbx5Kz4OXLf+0Twge+z6HCOLecQn+q3ZtzbmtSZaAvy1oKcsR1rE5khsOUf11CVMCKZgxOsgp5F7BLZOnUBVJoUmph7iSPTK0O7oR93RgyoRQ7+55c1GjDwsjZ3D/oVN5jcXvtjfuHrswcPhW/jxCHBt+jXVA7MsFWBZYpJXQTguuLavdRfFBF3UvvP6AdxxHb6leeMZQfyfR23Q4lXpDECbE05t8JyNguS6CL5+BKvIuTH0OZ6aoy8fn5+oP1039s7loACtAmig+caO+nytXXLkm73LgN8E2PyD5rubHT6eO/5JBgvlCrsikIfiSrmt4m/MnNlnOmARaS1eEGuyaZBDuCVhPaWbpQigxfGNMwhVO7cgacsSGEsct+83hG/UU1qZ5aA471HZKBdrKeZEQejxEoOJPnG5TW1j2G+ptes6pmK6OS9C9DFbwhE9eg48Q9///gQytBAm0Dvkk87lV3DUF4zZTg2xz/xyL2v1IpGle7bkbmKCXLldGDpdFLijyUF3197WLztl2UdMSCIERIK0DrBx/oL5TtJW+aNEONjW4eXbDsZ2lZ/VzC0vA4gp0AbHy5jNetjDfx3Dux+kNhntPwRTdVROOPtm6xSo=,iv:dM6ZBlzqKY/1rQBvoELAsQ0C7t3ImqwgfEVC/tmB21U=,tag:09JyHpyaSOhczaHxKtmt6A==,type:str]'
name: publicKey
sops:
age: []
azure_kv: []
encrypted_regex: ^(data)$
gcp_kms: []
hc_vault:
- created_at: '2021-08-11T17:27:09Z'
enc: 'vault:v1:jhJ6EQdgewNU8G90fvdFvB3DI5vYtcldhmiokzEuwFIwn19w+3iI7OOsHRImSlNAaf7hk+vGaWLJOllJzgjqn6WLtHQb4FNK6sQNHOMLKSlSNwwGtSR4/5NqGfwr83Bhf8di/JLlIsoGoJTN/qG5BVGgpObSbQS9QAQgHqIc6XAO4gaafl3cm71UyY6m1hgJzE+ETqoViySlTBVhf+RYZ3FRMrmZuPZBN+2t/J3KT6JSMCWDQVCPljADuHJqQgWviKs8EbSjNGYcKMX33driB6XEYmPkOs6kXh+hFDYvvLNEIyWWG5K5e5yRlxlBCcl7T5hQx2LTONotgcsi5Js/W7FkTZgmHJuwCrnHBi8sKwsnuJzShcKYENZa8SB2IiGxMN/PfgycyqPSBr9LyVgmh/rq0Sh4h5zuAR4p+QO+1M8eeYaCGI2mf6dK1zLxxK7JKL5cPMtn9Jv1ZhBA1oFejodVPJxCIrsr53wRKje13PBPwQFxW8ottLllykseAhHFWOxktBKwP6gQfkX6nChwTuHAb1OQviewpqxt+Y71godrNH8FIOjWVY1WdM9puum9pbyxk5UAKD/YO9zzboGmB822DnbnrHq+AlcglunvsgLvl/a/Wnk++mOmph1cOmR7s8LyxEa92KJ9UX1CGlSC68uzIWkX5YxYyVM267Su0bA='
engine_path: sops
key_name: firstkey
vault_address: 'http://127.0.0.1:8200'
- created_at: '2021-08-11T17:27:09Z'
enc: 'vault:v1:SHCcOUHlef/HMsMvS5KY+ZZYHicJDYNzcdzZKGwchjYIssfqE9KZXDv+O3bDNWbNH7BnMO63TKT1VeZ/oAHFkovNnl+fcTdMtbI7WYiDNxBWiV+yFmj9OshsharAaFJ0fh6TE5Qqksccq7Oq0DVcvzSpMvJnNL011e06i2ABTOEjsjyf/kj/9hwnAezc+rlylvmObaOpX6lURmWqBeptFbmLj446BcVCITatg9Tg8qYbRz+PR1JIOaSmTSoRuifPPSZR0PoJmda6+gmHNJ7ezFAAyNq21lUnhr60R1gPI17WUwu7IPWNL1LMrTFRw1SQahbQFaAOj6wDqdKJ/HS1Cg=='
engine_path: sops
key_name: secondkey
vault_address: 'http://127.0.0.1:8200'
kms: []
lastmodified: '2021-08-11T17:27:10Z'
mac: 'ENC[AES256_GCM,data:kYqyZkHzzrFCMCVChrNrQzBZ88vYzursIFEJGQz4mHpnMXMCPykpKOzfpUSlj+M5mYsb/y5hNbw8xsKOo1GUV2tEjoJ4k7kL4CF3JRVLHKHDgpJE8GTtz0uHBwN7HrPX7EurSWHeVmOTxP+1mxs7cBQQS/Yb2DyvOJNZyYswfxs=,iv:NDTuNLFHQxvZoLF693Y23bqySnrn/EBMvUNHkj59Bu8=,tag:UARHcP1hom78DlC1T/S8kA==,type:str]'
pgp:
- created_at: '2021-08-11T17:27:09Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQgAhDRNRaVRHjXylYzg1ASfArY6BptjZm3dldnNjGP5p8RZ
Szz7Y77NTEqc4HGm0D2L2ob0hx76FUanMAEOEB7OJAqQC3T9rjVTnNrdfpX+I9ty
k4b5scb5iya6dQasDGccyMSlNwkJu63f88DhVXQgg62Z3r8LrkG5yUPB2YH5qpCf
m1xx19ssVuAP+EBp8T6hulhCf57zbGsJwUr6d0pkXzX5sUbeoNzgGSJ3xkyS5h/D
VvMjQpNxB3lvItNzvtDYCotQzzGMWRHKkDm4xzlN0ztbvg88pfCUNopU9kD4boXn
x13KS5F/LXokHRagXOxY/2lvIbpqMR57w/k6X+dj7dJeATWuTCbYLcST7YpPbScx
/PC756MHVn77RyIeNVkVL9b+PVgTHmU4XtX/ofBbVSpgRIL4kIpTjvvvQ/ZJpNCj
8IxL/Iwni90DXv+CrhL8mRlwH8dtXGyMuthYGGU/Pw==
=Ln27
-----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
- created_at: '2021-08-11T17:27:09Z'
enc: |
-----BEGIN PGP MESSAGE-----
hIwDXFUltYFwV4MBA/9KHOMOnyeKipAPielSJGYCFIe70/DqoaUOgbq1aerC5VQ6
4jRZ6+yhNHFCYAYH7cN4i/wroJLeNY8e4PUDd/dBTILr4P9htje+8SiIoQFaI1Fo
VR9y7MTYpiHniW3Off7McwNg9qny1xpRDcv2M6wlqtMYVBGzu8RDKvAjbGPJwdJe
AToMSYhD83qWOjcRsdj/N/l/aMYZXYU1/crO/sM7wvJdM0irvJeZTclI0Btv01NJ
Hy+7ZzhB65XAvdKbTlw2YcyLkISq72HnuNX5IwhptZOxkhuh5rrYjlSUvdSL/Q==
=0cje
-----END PGP MESSAGE-----
fp: D7229043384BCC60326C6FB9D8720D957C3D3074
version: 3.7.1

10
manifests/site/virtual-airship-core/target/catalogues/kustomization.yaml

@ -2,12 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/airship-core/shared/catalogues
- hosts.yaml
- ../encrypted/results
- storage.yaml
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml
- networking-ha.yaml
- shareable/
- encrypted/

51
manifests/site/virtual-airship-core/target/catalogues/public-keys/example.pub

@ -0,0 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF1oQV0BCAC1iFfE7H3uu0hbWbRYVMoz5zZ91ACHETCOMVxN8GOG4SV0l8aQ
wmK9QWkYxhi52LnicVD3D7Uy75+J3zkvEDQ15C0AZ8UHXp4JlSQuXpFhrOhfYUF/
6pr/QexT+hQjOacvY4qfnj4xKa/AGdv5vPIygtQumE6r3GhEVAxQ1GSwtCWSU3Zl
3Uqf7S8kDvJTemtR2UkVfpXcMd4AmMKgt7fVhPO8eFotqTLPvz/iClzER+q61fLA
d1rP9YlmY46MJp/PffPicWdJiKv2i6ynKcIwkrQyP6V2ZzYi/gAhNJst3ZlMfsiN
ekCtcow9Bn44uxW3U8W02FNQSNyn6V6QPDIXABEBAAG0U1NPUFMgRnVuY3Rpb25h
bCBUZXN0cyBLZXkgMSAoaHR0cHM6Ly9naXRodWIuY29tL21vemlsbGEvc29wcy8p
IDxzZWNvcHNAbW96aWxsYS5jb20+iQFOBBMBCAA4FiEE+8e54qT5KJrAwdSEPRbO
5KJzgbQFAl1oQV0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQPRbO5KJz
gbTDcQf7Bp7e2zY9pBBXTgDASQl31SSHp9WkRUV5iqPVC9iPCELggteBGMwIpbDl
obc6O8/06foxWctTUaaciPBo2+jeWFTO+DNvB7oXIArqr5673QHLh6jEABBjyt91
rvta2wYF1XJBgxpui9aLICsCptFNIRvHeKUrXBI4fG5z3CDs/EOoY8K/AAYJUF+E
RtmvmisiE/m20UpbYRmkBJy25c89Wcn12I1SUJA3H3hGwvZCYp8hY1HPxxQUtU+D
ZBIpryi0xQqExGAlYqck7G03F+AD7/csaT1LEdCtWRLNwE8UkvfUF6liF0SgzxFo
1pp3gBU4swds9yO9wNe12JY/M5A/BLkBDQRdaEFdAQgAtun8JhSpNAKvOXwWX2nF
hnMXTJp4viMhlAZEdmMXEi27B2DM/nRzldjxGZoNUBSVbJNj2kx5ZUDl0o6eOpCh
vRaGuCOpYqOuSQvD8FnX0NgQULwuTZ+MawsaezktJEjDSBM1R6uASeJwDZj4hcUn
PgyAIESajPdowEkEjdYt261fGOLLcVoVdtqzOMBkLVdrK/FD1kGR9jnSlKEYDV9D
veBUBQGdqkgWXjS5BKcae07viC6xMa9AJS4pizyDALB2k0HQOelZNihOGXYUuvkc
s2Fivl0Tk3OCfH9XDvFehbYRHmkRDoMuKUDSzdy6tFBAkL0CPlXAWI6kQklaBEp1
9QARAQABiQE2BBgBCAAgFiEE+8e54qT5KJrAwdSEPRbO5KJzgbQFAl1oQV0CGwwA
CgkQPRbO5KJzgbS7zwgAndbf532OXo9HwPH+yQQmzQCLDFL6P4V7LcFrrydYItTE
hxqI3tbb96MKXRAt+G5Mw6JjRkWhwzbU3jE7D7XBMHw7GriTTU9QltNHg7VUpSSa
iTfVcSNErzsaqbjbA7jMs7VWzOq4LZo6Efy8UDKg5qcqLFaTQrzQZYNHNfM+kLAi
UPU8m7vwmz6oJWsjHkQKUhKhHptlpwMwdHkoacqDO0x2H6H91l/PnDm4ZG6FybJt
cjr98i+p52/XOo81nLgX7tcFS3nrN9HNdgKg1ZW3yrzg8NOaFCVA8qLDgLk//M3q
DixOxiurECkFrMvt/bDxEGpN5GVy550MmyUZQrkuqg==
=Zs2s
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mI0EXWhBiAEEAM+5U/ol2T8n9Ns1r11eKun/PPArXxmo2502pAY3cf7ZpKDFfAvC
VF/PLusHcJToTCPOT0RVh5jO1MiQYcvQlnUIJOIEkCuUc7RsdBDsI94o+SEiGSN4
DzK711xTvuhgLbFvCB/jcpjN8wpIYTJuD6wE75sf5jqlokrnhXZy5LcbABEBAAG0
U1NPUFMgRnVuY3Rpb25hbCBUZXN0cyBLZXkgMiAoaHR0cHM6Ly9naXRodWIuY29t
L21vemlsbGEvc29wcy8pIDxzZWNvcHNAbW96aWxsYS5jb20+iM4EEwEIADgWIQTX
IpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbAwULCQgHAgYVCgkICwIEFgIDAQIe
AQIXgAAKCRDYcg2VfD0wdEdnA/9mMGieN4hrnmgMwchZ5fplBAUCeB4R+KewSHce
gfQIxN8i3vCOHaqmF8cmc2ifXfioqsSQU9JdRl7dx+TN9sgyWas1wfT01j98sfPk
NQrgrOxC/24SQ9f7C3bplXO+25kLXCPTUomMj8zf9marVeUVNeC6IduFRRI7hxrz
tIyN/riNBF1oQYgBBAChXi00fmpEs0Jiq0zOyYm9i749VoOsNReoB/5ix1QCimwV
ZKe1D37IP5Qqysxy+LIQc4lJ+Q8foNOx1Aev5+TDyv+iU82D9xr9uPLLbA82k3AZ
04OrBjrZ/Yt1NZhuaHzciZCPpmqzF9kqVqAZc+vMiKZL1WZjS7O1FwaidY1vXwAR
AQABiLYEGAEIACAWIQTXIpBDOEvMYDJsb7nYcg2VfD0wdAUCXWhBiAIbDAAKCRDY
cg2VfD0wdMMfBAC/66LvXwBPaHDakr0lo25PGOWWsf4o8yWui/Q/yhcc8KiELlzE
zmwnq0JDSodfJ5agMTxXfVu2oVUBDKuvTDLSCe2XUv+2ufAweg/xr/FrREc2TkLu
GZy6FMdtB7Ik1uJElmkIhnU7KsXXv6rq71gE+PCqnwqsn/SvLLaTJvtlEw==
=PafV
-----END PGP PUBLIC KEY BLOCK-----

10
manifests/site/virtual-airship-core/target/catalogues/public-keys/kustomization.yaml

@ -0,0 +1,10 @@
configMapGenerator:
- name: target-encryption-keys
options:
disableNameSuffixHash: true
files:
- cmd-import-pgp=example.pub
literals:
# user U1 and U2
- pgp=FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4,D7229043384BCC60326C6FB9D8720D957C3D3074
# - hc-vault-transit=http://127.0.0.1:8200/v1/sops/keys/firstkey,http://127.0.0.1:8200/v1/sops/keys/secondkey

0
manifests/site/virtual-airship-core/target/catalogues/hosts.yaml → manifests/site/virtual-airship-core/target/catalogues/shareable/hosts.yaml

12
manifests/site/virtual-airship-core/target/catalogues/shareable/kustomization.yaml

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../type/airship-core/shared/catalogues/
- hosts.yaml
- storage.yaml
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml
- networking-ha.yaml

0
manifests/site/virtual-airship-core/target/catalogues/networking-ha.yaml → manifests/site/virtual-airship-core/target/catalogues/shareable/networking-ha.yaml

0
manifests/site/virtual-airship-core/target/catalogues/networking.yaml → manifests/site/virtual-airship-core/target/catalogues/shareable/networking.yaml

0
manifests/site/virtual-airship-core/target/catalogues/storage.yaml → manifests/site/virtual-airship-core/target/catalogues/shareable/storage.yaml

0
manifests/site/virtual-airship-core/target/catalogues/versions-airshipctl.yaml → manifests/site/virtual-airship-core/target/catalogues/shareable/versions-airshipctl.yaml

4
manifests/site/virtual-airship-core/target/encrypted/generator/kustomization.yaml

@ -1,4 +0,0 @@
generators:
- ../../../../../type/airship-core/target/generator/
transformers:
- ../../../../../type/airship-core/target/generator/fileplacement/

4
manifests/site/virtual-airship-core/target/encrypted/importer/kustomization.yaml

@ -1,4 +0,0 @@
resources:
- ../results/imported/
transformers:
- ../../../../../type/airship-core/target/importer/fileplacement/

4
manifests/site/virtual-airship-core/target/encrypted/results/kustomization.yaml

@ -3,6 +3,4 @@ resources:
- imported/
transformers:
- ../../../../../type/airship-core/target/decrypt-secrets/
- ../../../../../type/airship-core/target/generator/fileplacement/
- ../../../../../type/airship-core/target/importer/fileplacement/
- ../../../../../type/airship-core/shared/decrypt-secrets/

2
manifests/type/airship-core/phases/kustomization.yaml

@ -1,5 +1,5 @@
resources:
- ../../../../../airshipctl/manifests/phases/
- ../../../../../airshipctl/manifests/type/gating/phases/
- ../../../function/phase-helper/
- executors.yaml
- phases.yaml

2
manifests/type/airship-core/shared/decrypt-secrets/cleanup/kustomization.yaml

@ -0,0 +1,2 @@
resources:
- patch.yaml

12
manifests/type/airship-core/shared/decrypt-secrets/cleanup/patch.yaml

@ -0,0 +1,12 @@
apiVersion: builtin
kind: PatchTransformer
metadata:
name: delete-decryption-secrets
target:
name: decryption-key
patch: |
apiVersion: not-important
kind: not-important
metadata:
name: not-important
$patch: delete

11
manifests/type/airship-core/target/decrypt-secrets/configurable-decryption.yaml → manifests/type/airship-core/shared/decrypt-secrets/configurable-decryption.yaml

@ -19,15 +19,20 @@ template: |
annotations:
config.k8s.io/function: |
container:
image: localhost/sops
image: gcr.io/kpt-fn-contrib/sops:v0.3.0
envs:
- SOPS_IMPORT_PGP
- SOPS_IMPORT_AGE
- VAULT_ADDR
- VAULT_TOKEN
network: true
data:
ignore-mac: true
cmd: decrypt
{{- if eq $tolerate "true" }}
cmd-tolerate-failures: true
{{- end }}
{{- if not (eq $debug "true") }}
override-preexec-cmd: '[ "$SOPS_IMPORT_PGP" == "" ] || (echo "$SOPS_IMPORT_PGP" | gpg --import 2>/dev/null)'
{{- if eq $debug "true" }}
override-preexec-cmd: '[ "$SOPS_IMPORT_PGP" == "" ] || (echo "$SOPS_IMPORT_PGP" | gpg --import >&2); [ "$SOPS_IMPORT_AGE" == "" ] || (echo "$SOPS_IMPORT_AGE" >> $XDG_CONFIG_HOME/sops/age/keys.txt);'
{{- end }}
cmd-extra-params-json-path-filter: '$[?(@.metadata.name=="decryption-key")]'

0
manifests/type/airship-core/target/decrypt-secrets/kustomization.yaml → manifests/type/airship-core/shared/decrypt-secrets/kustomization.yaml

2
manifests/type/airship-core/shared/encrypt-secrets/cleanup/kustomization.yaml

@ -0,0 +1,2 @@
resources:
- patch.yaml

13
manifests/type/airship-core/shared/encrypt-secrets/cleanup/patch.yaml

@ -0,0 +1,13 @@
apiVersion: builtin
kind: PatchTransformer
metadata:
name: delete-encryption-secrets
target:
kind: ConfigMap
name: .+-encryption-keys
patch: |
apiVersion: not-important
kind: not-important
metadata:
name: not-important
$patch: delete

17
manifests/type/airship-core/shared/encrypt-secrets/encrypt-ephemeral.yaml

@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: encrypt-ephemeral
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.3.0
envs:
- VAULT_ADDR
- VAULT_TOKEN
network: true
data:
cmd: encrypt
cmd-json-path-filter: '$[?(@.metadata.name=="combined-ephemeral-secrets")]'
cmd-extra-params-json-path-filter: '$[?(@.metadata.name=="ephemeral-encryption-keys")]'
encrypted-regex: '^(data)$'

17
manifests/type/airship-core/shared/encrypt-secrets/encrypt-target.yaml

@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: encrypt-target
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.3.0
envs:
- VAULT_ADDR
- VAULT_TOKEN
network: true
data:
cmd: encrypt
cmd-json-path-filter: '$[?(@.metadata.name=="combined-target-secrets")]'
cmd-extra-params-json-path-filter: '$[?(@.metadata.name=="target-encryption-keys")]'
encrypted-regex: '^(data)$'

3
manifests/type/airship-core/shared/encrypt-secrets/kustomization.yaml

@ -0,0 +1,3 @@
resources:
- encrypt-ephemeral.yaml
- encrypt-target.yaml

25
manifests/type/airship-core/shared/update-secrets/fileplacement/filepaths.yaml

@ -0,0 +1,25 @@
apiVersion: builtin
kind: PatchTransformer
metadata:
name: imported-filnames-patch-0
patch: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: combined-ephemeral-secrets-import
annotations:
config.kubernetes.io/path: "encrypted/update/secrets.yaml"
config.kubernetes.io/index: '0'
---
apiVersion: builtin
kind: PatchTransformer
metadata:
name: imported-filnames-patch-1
patch: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: combined-target-secrets-import
annotations:
config.kubernetes.io/path: "encrypted/update/secrets.yaml"
config.kubernetes.io/index: '1'

2
manifests/type/airship-core/shared/update-secrets/fileplacement/kustomization.yaml

@ -0,0 +1,2 @@
resources:
- filepaths.yaml

2
manifests/type/airship-core/shared/update-secrets/kustomization.yaml

@ -0,0 +1,2 @@
resources:
- template.yaml

140
manifests/type/airship-core/shared/update-secrets/template.yaml

@ -0,0 +1,140 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
envs:
- FORCE_REGENERATE
- ONLY_CLUSTERS
- DEBUG_TEMPLATER
values:
# these settings are overridable
sshKeyGen:
encBit: 4096
ephemeralCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
targetCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
template: |
{{/***********************************************************************/}}
{{/* define regenerate templates for different sections */}}
{{/***********************************************************************/}}
{{- define "regenEphemeralK8sSecrets" -}}
{{- $ClusterCa := genCAEx .ephemeralCluster.ca.subj (int .ephemeralCluster.ca.validity) }}
{{- $KubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil (int .ephemeralCluster.kubeconfigCert.validity) $ClusterCa -}}
values:
- data: {{ $ClusterCa.Cert | b64enc | quote }}
name: caCrt
- data: {{ $ClusterCa.Key | b64enc | quote }}
name: caKey
- data: {{ $KubeconfigCert.Cert | b64enc | quote }}
name: crt
- data: {{ $KubeconfigCert.Key | b64enc | quote }}
name: key
{{- end -}}
{{- define "regenTargetK8sSecrets" -}}
{{- $ClusterCa := genCAEx .targetCluster.ca.subj (int .targetCluster.ca.validity) }}
{{- $KubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil (int .targetCluster.kubeconfigCert.validity) $ClusterCa }}
values:
- data: {{ $ClusterCa.Cert | b64enc | quote }}
name: caCrt
- data: {{ $ClusterCa.Key | b64enc | quote }}
name: caKey
- data: {{ $KubeconfigCert.Cert | b64enc | quote }}
name: crt
- data: {{ $KubeconfigCert.Key | b64enc | quote }}
name: key
{{- end -}}
{{- define "regenIsoImageSecrets" -}}
values:
- data: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org" | quote }}
name: rootPasswd
- data: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org" | quote }}
name: deployerPasswd
{{- end -}}
{{- define "regenTargetSshSecrets" -}}
{{- $sshKey := genSSHKeyPair (int .sshKeyGen.encBit) }}
values:
- data: {{ $sshKey.Private | quote }}
name: privateKey
- data: {{ $sshKey.Public | quote }}
name: publicKey
{{- end -}}
{{/***********************************************************************/}}
{{- $onlyClusters := list -}}
{{- if not (eq (env "ONLY_CLUSTERS") "") -}}
{{- $onlyClusters = splitList "," (env "ONLY_CLUSTERS") -}}
{{- end -}}
{{/***********************************************************************/}}
{{/* get combined-secrets yaml and exclude it from the bundle */}}
{{- $combinedSecrets := index (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-ephemeral-secrets$" "false"))) 0 -}}
{{- $_ := setItems (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-ephemeral-secrets$" "true"))) -}}
{{/* get combined-secrets-import yaml and exclude it from the bundle */}}
{{- $combinedSecretsImport := index (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-ephemeral-secrets-import$"))) 0 -}}
{{/* skip secrets generation if it wasn't decrypted */}}
{{- if and (eq (include "isEncrypted" $combinedSecrets) "false") (or (eq (len $onlyClusters) 0) (has "ephemeral" $onlyClusters)) -}}
{{- $_ := setItems (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-ephemeral-secrets-import$" "true"))) -}}
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: combined-ephemeral-secrets-import
secretGroups: []
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
annotations:
config.kubernetes.io/path: "ephemeral/catalogues/encrypted/secrets.yaml"
labels:
airshipit.org/deploy-k8s: "false"
name: combined-ephemeral-secrets
secretGroups:
- {{ include "group" (list . $combinedSecrets $combinedSecretsImport "isoImageSecrets" "once" "regenIsoImageSecrets" ) | indent 4 | trim }}
- {{ include "group" (list . $combinedSecrets $combinedSecretsImport "ephemeralK8sSecrets" "once" "regenEphemeralK8sSecrets" ) | indent 4 | trim }}
---
{{- end -}}
{{/***********************************************************************/}}
{{/* get combined-secrets yaml and exclude it from the bundle */}}
{{- $combinedSecrets = index (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-target-secrets$" "false"))) 0 -}}
{{- $_ := setItems (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-target-secrets$" "true"))) -}}
{{/* get combined-secrets-import yaml and exclude it from the bundle */}}
{{- $combinedSecretsImport = index (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-target-secrets-import$"))) 0 -}}
{{/* skip secrets generation if it wasn't decrypted */}}
{{- if and (eq (include "isEncrypted" $combinedSecrets) "false") (or (eq (len $onlyClusters) 0) (has "target" $onlyClusters)) -}}
{{- $_ := setItems (KOneFilter getItems (include "grepTpl" (list "[\"metadata\", \"name\"]" "^combined-target-secrets-import$" "true"))) -}}
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: combined-target-secrets-import
secretGroups: []
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
annotations:
config.kubernetes.io/path: "target/catalogues/encrypted/secrets.yaml"
labels:
airshipit.org/deploy-k8s: "false"
name: combined-target-secrets
secretGroups:
- {{ include "group" (list . $combinedSecrets $combinedSecretsImport "targetK8sSecrets" "yearly" "regenTargetK8sSecrets" ) | indent 4 | trim }}
- {{ include "group" (list . $combinedSecrets $combinedSecretsImport "targetSshSecrets" "yearly" "regenTargetSshSecrets" ) | indent 4 | trim }}
---
{{- end -}}

11
manifests/type/airship-core/target/generator/fileplacement/filepaths.yaml

@ -1,11 +0,0 @@
apiVersion: builtin
kind: PatchTransformer
metadata:
name: generated-filnames-patch
patch: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: generated-secrets
annotations:
config.kubernetes.io/path: generated/secrets.yaml

2
manifests/type/airship-core/target/generator/fileplacement/kustomization.yaml

@ -1,2 +0,0 @@
resources:
- filepaths.yaml

2
manifests/type/airship-core/target/generator/kustomization.yaml

@ -1,2 +0,0 @@
resources:
- secret-template.yaml

63
manifests/type/airship-core/target/generator/secret-template.yaml

@ -1,63 +0,0 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: localhost/templater
values:
sshKeyGen:
encBit: 4096
ephemeralCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
targetCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
template: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: generated-secrets
annotations:
config.kubernetes.io/path: secrets.yaml
{{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj (int .ephemeralCluster.ca.validity) }}
{{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil (int .ephemeralCluster.kubeconfigCert.validity) $ephemeralClusterCa }}
ephemeralClusterCa:
crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
key: {{ $ephemeralClusterCa.Key|b64enc|quote }}
ephemeralKubeconfig:
certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }}
{{- $targetClusterCa := genCAEx .targetCluster.ca.subj (int .targetCluster.ca.validity) }}
{{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil (int .targetCluster.kubeconfigCert.validity) $targetClusterCa }}
targetClusterCa:
tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }}
tls.key: {{ $targetClusterCa.Key|b64enc|quote }}
targetKubeconfig:
certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }}
isoImage:
passwords:
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
{{- $sshKey := genSSHKeyPair (int .sshKeyGen.encBit) }}
sshKeys:
privateKey: {{ $sshKey.Private|quote }}
publicKey: {{ $sshKey.Public|quote }}
dex:
oidc:
clientSecret: {{ regexGen "^[a-zA-Z0-9]{34}$" 34|quote }}

11
manifests/type/airship-core/target/importer/fileplacement/filepaths.yaml

@ -1,11 +0,0 @@
apiVersion: builtin
kind: PatchTransformer
metadata:
name: imported-filnames-patch
patch: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: imported-secrets
annotations:
config.kubernetes.io/path: imported/secrets.yaml

2
manifests/type/airship-core/target/importer/fileplacement/kustomization.yaml

@ -1,2 +0,0 @@
resources:
- filepaths.yaml

4
playbooks/get-vm-config.yaml

@ -16,7 +16,7 @@
- name: get BareMetalHost objects
shell: |
set -e
kustomize build --enable-alpha-plugins \
kustomize build --enable-alpha-plugins --network \
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
kustomize cfg grep "kind=BareMetalHost"
register: bmh_command
@ -32,7 +32,7 @@
- name: get network configuration for BareMetalHost objects
shell: |
set -e
kustomize build --enable-alpha-plugins \
kustomize build --enable-alpha-plugins --network \
{{ airship_config_manifest_directory }}/{{ airship_config_site_path }}/{{ path }} 2>/dev/null |
kustomize cfg grep "metadata.name={{ item.spec.networkData.name }}"
register: netdata_command

34
tools/deployment/common/23_generate_secrets.sh

@ -14,22 +14,26 @@
set -xe
: ${AIRSHIPCTL_PROJECT:="../airshipctl"}
: ${TREASUREMAP_PROJECT:="$(pwd)"}
echo "Generating secrets using airshipctl"
FORCE_REGENERATE=all airshipctl phase run secret-update
echo "Generating ~/.airship/kubeconfig"
export EXTERNAL_KUBECONFIG=${EXTERNAL_KUBECONFIG:-""}
export SITE=${SITE:-"virtual-airship-core"}
export AIRSHIP_CONFIG_METADATA_PATH=${AIRSHIP_CONFIG_METADATA_PATH:-"treasuremap/manifests/site/$SITE/metadata.yaml"}
# Setting the same value as targetPath that gets updated after create config step (22_test_configs.sh)
export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/treasuremap"}
# Primary repo options
# Only the last item in the repo url path, e.g., 'treasuremap', is used by
# the generate secret command.
# In the case the init_site script was used to generate the project and site
# directory outside of treasuremap, set it to the PROJECT value so we don't
# need to ask the user to set the repo url.
export PROJECT=${PROJECT:-"treasuremap"}
export AIRSHIP_CONFIG_PHASE_REPO_URL=${AIRSHIP_CONFIG_PHASE_REPO_URL:-$PROJECT}
if [[ -z "$EXTERNAL_KUBECONFIG" ]]; then
# we want to take config from bundle - remove kubeconfig file so
# airshipctl could regenerated it from kustomize
[ -f "~/.airship/kubeconfig" ] && rm ~/.airship/kubeconfig
# we need to use tmp file, because airshipctl uses it and fails
# if we write directly
airshipctl cluster get-kubeconfig > ~/.airship/tmp-kubeconfig
mv ~/.airship/tmp-kubeconfig ~/.airship/kubeconfig
fi
cd ${AIRSHIPCTL_PROJECT}
./tools/deployment/23_generate_secrets.sh
# Validate that we generated everything correctly
decrypted1=$(airshipctl phase run secret-show)
if [[ -z "${decrypted1}" ]]; then
echo "Got empty decrypted value"
exit 1
fi

2
zuul.d/jobs.yaml

@ -35,7 +35,7 @@
- ./tools/deployment/common/21_systemwide_executable.sh
- ./tools/deployment/common/22_test_configs.sh
- ./tools/deployment/common/23_pull_documents.sh
- ./tools/validate_docs
- ./tools/validate_docs virtual-airship-core
- job:
name: treasuremap-upload-git-mirror

2
zuul.d/projects.yaml

@ -14,7 +14,7 @@
vars:
# NOTE(drewwalters96): Set AIRSHIPCTL_REF to a commit SHA in order to pin
# the cloned version of airshipctl to a known/compatible reference.
AIRSHIPCTL_REF: 36d7153a6637ba62abb034d03c295d77e385723f
AIRSHIPCTL_REF: eb9ac97ce207542e1e4d3b363963bfc5f0847096
sphinx_build_dir: docs/build
check:
jobs:

Loading…
Cancel
Save