Browse Source

Merge "Add reference multi-tenant site"

changes/88/786888/12
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
e0a44391f2
67 changed files with 1200 additions and 0 deletions
  1. +22
    -0
      manifests/site/reference-multi-tenant/ephemeral/bootstrap/baremetalhost.yaml
  2. +11
    -0
      manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/host-generation.yaml
  3. +12
    -0
      manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/kustomization.yaml
  4. +14
    -0
      manifests/site/reference-multi-tenant/ephemeral/bootstrap/kustomization.yaml
  5. +4
    -0
      manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md
  6. +6
    -0
      manifests/site/reference-multi-tenant/ephemeral/catalogues/kustomization.yaml
  7. +24
    -0
      manifests/site/reference-multi-tenant/ephemeral/catalogues/networking.yaml
  8. +11
    -0
      manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/host-generation.yaml
  9. +12
    -0
      manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/kustomization.yaml
  10. +10
    -0
      manifests/site/reference-multi-tenant/ephemeral/controlplane/kustomization.yaml
  11. +12
    -0
      manifests/site/reference-multi-tenant/ephemeral/controlplane/nodes/kustomization.yaml
  12. +2
    -0
      manifests/site/reference-multi-tenant/ephemeral/initinfra-networking/kustomization.yaml
  13. +5
    -0
      manifests/site/reference-multi-tenant/ephemeral/initinfra/kustomization.yaml
  14. +18
    -0
      manifests/site/reference-multi-tenant/host-inventory/hostgenerator/host-generation.yaml
  15. +10
    -0
      manifests/site/reference-multi-tenant/host-inventory/hostgenerator/kustomization.yaml
  16. +5
    -0
      manifests/site/reference-multi-tenant/host-inventory/kustomization.yaml
  17. +40
    -0
      manifests/site/reference-multi-tenant/kubeconfig/kubeconfig.yaml
  18. +7
    -0
      manifests/site/reference-multi-tenant/kubeconfig/kustomization.yaml
  19. +69
    -0
      manifests/site/reference-multi-tenant/kubeconfig/update-target.yaml
  20. +6
    -0
      manifests/site/reference-multi-tenant/metadata.yaml
  21. +6
    -0
      manifests/site/reference-multi-tenant/phases/kustomization.yaml
  22. +12
    -0
      manifests/site/reference-multi-tenant/phases/phase-patch.yaml
  23. +5
    -0
      manifests/site/reference-multi-tenant/target/catalogues/README.md
  24. +96
    -0
      manifests/site/reference-multi-tenant/target/catalogues/hosts.yaml
  25. +13
    -0
      manifests/site/reference-multi-tenant/target/catalogues/kustomization.yaml
  26. +19
    -0
      manifests/site/reference-multi-tenant/target/catalogues/networking-ha.yaml
  27. +120
    -0
      manifests/site/reference-multi-tenant/target/catalogues/networking.yaml
  28. +16
    -0
      manifests/site/reference-multi-tenant/target/catalogues/storage.yaml
  29. +16
    -0
      manifests/site/reference-multi-tenant/target/catalogues/versions-airshipctl.yaml
  30. +13
    -0
      manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/host-generation.yaml
  31. +13
    -0
      manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/kustomization.yaml
  32. +41
    -0
      manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/patchesstrategicmerge.yaml
  33. +16
    -0
      manifests/site/reference-multi-tenant/target/controlplane/kustomization.yaml
  34. +19
    -0
      manifests/site/reference-multi-tenant/target/controlplane/metal3machinetemplate.yaml
  35. +8
    -0
      manifests/site/reference-multi-tenant/target/controlplane/nodes/kustomization.yaml
  36. +11
    -0
      manifests/site/reference-multi-tenant/target/controlplane/patch_controlplane.yaml
  37. +15
    -0
      manifests/site/reference-multi-tenant/target/controlplane/versions-catalogue-patch.yaml
  38. +32
    -0
      manifests/site/reference-multi-tenant/target/generator/README.md
  39. +2
    -0
      manifests/site/reference-multi-tenant/target/generator/kustomization.yaml
  40. +2
    -0
      manifests/site/reference-multi-tenant/target/generator/override/kustomization.yaml
  41. +28
    -0
      manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/configurable-decryption.yaml
  42. +2
    -0
      manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/kustomization.yaml
  43. +49
    -0
      manifests/site/reference-multi-tenant/target/generator/results/generated/secrets.yaml
  44. +5
    -0
      manifests/site/reference-multi-tenant/target/generator/results/kustomization.yaml
  45. +2
    -0
      manifests/site/reference-multi-tenant/target/initinfra-networking/kustomization.yaml
  46. +7
    -0
      manifests/site/reference-multi-tenant/target/initinfra/kustomization.yaml
  47. +4
    -0
      manifests/site/reference-multi-tenant/target/lma-configs/kustomization.yaml
  48. +9
    -0
      manifests/site/reference-multi-tenant/target/lma-infra/kustomization.yaml
  49. +17
    -0
      manifests/site/reference-multi-tenant/target/lma-infra/lma-infra-object-store.yaml
  50. +14
    -0
      manifests/site/reference-multi-tenant/target/lma-stack/kustomization.yaml
  51. +8
    -0
      manifests/site/reference-multi-tenant/target/lma-stack/minio-admin-secret.yaml
  52. +17
    -0
      manifests/site/reference-multi-tenant/target/lma-stack/patches/minio.yaml
  53. +19
    -0
      manifests/site/reference-multi-tenant/target/network-policies/README.md
  54. +43
    -0
      manifests/site/reference-multi-tenant/target/network-policies/calico_failsafe_rules_patch.yaml
  55. +5
    -0
      manifests/site/reference-multi-tenant/target/network-policies/kustomization.yaml
  56. +12
    -0
      manifests/site/reference-multi-tenant/target/workers/hostgenerator/host-generation.yaml
  57. +10
    -0
      manifests/site/reference-multi-tenant/target/workers/hostgenerator/kustomization.yaml
  58. +4
    -0
      manifests/site/reference-multi-tenant/target/workers/kustomization.yaml
  59. +8
    -0
      manifests/site/reference-multi-tenant/target/workers/nodes/kustomization.yaml
  60. +31
    -0
      manifests/site/reference-multi-tenant/target/workers/provision/kubeadmconfigtemplate.yaml
  61. +10
    -0
      manifests/site/reference-multi-tenant/target/workers/provision/kustomization.yaml
  62. +30
    -0
      manifests/site/reference-multi-tenant/target/workers/provision/machinedeployment.yaml
  63. +17
    -0
      manifests/site/reference-multi-tenant/target/workers/provision/metal3machinetemplate.yaml
  64. +20
    -0
      manifests/site/reference-multi-tenant/target/workers/replacements/generated-secrets.yaml
  65. +5
    -0
      manifests/site/reference-multi-tenant/target/workers/replacements/kustomization.yaml
  66. +41
    -0
      manifests/site/reference-multi-tenant/target/workers/replacements/workers-env-vars.yaml
  67. +8
    -0
      manifests/site/reference-multi-tenant/target/workload/kustomization.yaml

+ 22
- 0
manifests/site/reference-multi-tenant/ephemeral/bootstrap/baremetalhost.yaml View File

@ -0,0 +1,22 @@
# This patches the node02 BMH to be suitable for ephemeral purposes
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
annotations:
labels:
airshipit.org/ephemeral-node: "true"
airshipit.org/deploy-k8s: "false"
# NEWSITE_CHANGEME : ephemeral node name
name: stl3r01s02
spec:
online: true
bmc:
# NEWSITE_CHANGEME: ephemeral node redhish api endpoint
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
status:
provisioning:
# we need this status to make sure, that the host is not going to be
# reprovisioned by the ephemeral baremetal operator.
# when we have more flexible labeling system in place, we will not
# deliver this document to ephemeral cluster
state: externally provisioned

+ 11
- 0
manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/host-generation.yaml View File

@ -0,0 +1,11 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: The ephemeral node name
- stl3r01s02

+ 12
- 0
manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/kustomization.yaml View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../function/treasuremap-cleanup

+ 14
- 0
manifests/site/reference-multi-tenant/ephemeral/bootstrap/kustomization.yaml View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/ephemeral/bootstrap
- ../catalogues
generators:
- hostgenerator
patchesStrategicMerge:
- baremetalhost.yaml
transformers:
- ../../../../type/multi-tenant/ephemeral/bootstrap/replacements

+ 4
- 0
manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md View File

@ -0,0 +1,4 @@
# Catalogue Definitions for Target Cluster
This inherits Site-level catalogues from the neighboring target cluster's
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.

+ 6
- 0
manifests/site/reference-multi-tenant/ephemeral/catalogues/kustomization.yaml View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../target/catalogues
patchesStrategicMerge:
- networking.yaml

+ 24
- 0
manifests/site/reference-multi-tenant/ephemeral/catalogues/networking.yaml View File

@ -0,0 +1,24 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
## NEWSITE_CHANGEME: update file with ephemeral node ips
apiVersion: airshipit.org/v1alpha1
kind: NetworkCatalogue
metadata:
name: networking
spec:
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
# NEWSITE_CHANGEME: Ephemeral node oam ip
host: "10.254.125.231"
port: 6443
# NEWSITE_CHANGEME: ephemeral node calico ip and pxe ip
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
ironic:
# NEWSITE_CHANGEME: Ephemeral node PXE network
provisioningInterface: "eno4"
provisioningIp: "172.63.0.12"
dhcpRange: "172.63.0.31,172.63.0.126"

+ 11
- 0
manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/host-generation.yaml View File

@ -0,0 +1,11 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: Target cluster first node
- stl3r01s01

+ 12
- 0
manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/kustomization.yaml View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../function/treasuremap-cleanup

+ 10
- 0
manifests/site/reference-multi-tenant/ephemeral/controlplane/kustomization.yaml View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/ephemeral/controlplane
- ../../target/catalogues # NOTE: use target networking for this phase
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
# otherwise nodes will hang in 'registering' state for quite a long time
- nodes
transformers:
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements

+ 12
- 0
manifests/site/reference-multi-tenant/ephemeral/controlplane/nodes/kustomization.yaml View File

@ -0,0 +1,12 @@
# Note: this weird extra layer between the .. and ../hostgenerator
# is purely to apply the label below to the generated hosts.
# When can come up with a better way to declare (e.g. via catalogue)
# that the host is a controlplane host, we should get rid of this.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

+ 2
- 0
manifests/site/reference-multi-tenant/ephemeral/initinfra-networking/kustomization.yaml View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/ephemeral/initinfra-networking

+ 5
- 0
manifests/site/reference-multi-tenant/ephemeral/initinfra/kustomization.yaml View File

@ -0,0 +1,5 @@
resources:
- ../../../../type/multi-tenant/ephemeral/initinfra
- ../catalogues
transformers:
- ../../../../type/multi-tenant/ephemeral/initinfra/replacements

+ 18
- 0
manifests/site/reference-multi-tenant/host-inventory/hostgenerator/host-generation.yaml View File

@ -0,0 +1,18 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
# Note: this list should be kept up to date with
# the full list of hosts in the cluster
## NEWSITE_CHANGEME: list of all the hosts
- stl3r01s01
- stl3r01s02
- stl3r01s03
- stl3r01s04
- stl3r01s05
- stl3r01s06

+ 10
- 0
manifests/site/reference-multi-tenant/host-inventory/hostgenerator/kustomization.yaml View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/
- ../../target/catalogues
- host-generation.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../function/treasuremap-cleanup

+ 5
- 0
manifests/site/reference-multi-tenant/host-inventory/kustomization.yaml View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- hostgenerator

+ 40
- 0
manifests/site/reference-multi-tenant/kubeconfig/kubeconfig.yaml View File

@ -0,0 +1,40 @@
apiVersion: airshipit.org/v1alpha1
kind: KubeConfig
metadata:
name: default
labels:
airshipit.org/deploy-k8s: "false"
config:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
## NEWSITE_CHANGEME: update ip with the vrrp k8s ip
server: https://10.254.125.239:6443
name: target-cluster
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
## NEWSITE_CHANGEME: update ip with the ephemeral node oam ip
server: https://10.254.125.231:6443
name: ephemeral-cluster
contexts:
- context:
cluster: target-cluster
user: target-cluster-admin
name: target-cluster
- context:
cluster: ephemeral-cluster
user: ephemeral-cluster-admin
name: ephemeral-cluster
current-context: ""
kind: Config
preferences: {}
users:
- name: ephemeral-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
- name: target-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

+ 7
- 0
manifests/site/reference-multi-tenant/kubeconfig/kustomization.yaml View File

@ -0,0 +1,7 @@
resources:
- kubeconfig.yaml
- ../target/catalogues
transformers:
- update-target.yaml
- ../../../function/treasuremap-cleanup

+ 69
- 0
manifests/site/reference-multi-tenant/kubeconfig/update-target.yaml View File

@ -0,0 +1,69 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]

+ 6
- 0
manifests/site/reference-multi-tenant/metadata.yaml View File

@ -0,0 +1,6 @@
phase:
docEntryPointPrefix: manifests/site/reference-multi-tenant
path: manifests/site/reference-multi-tenant/phases
inventory:
path: manifests/site/reference-multi-tenant/host-inventory

+ 6
- 0
manifests/site/reference-multi-tenant/phases/kustomization.yaml View File

@ -0,0 +1,6 @@
resources:
- ../kubeconfig
- ../../../type/multi-tenant/phases
## TODO Consider making a catalogue combined with variable substitution instead
patchesStrategicMerge:
- phase-patch.yaml

+ 12
- 0
manifests/site/reference-multi-tenant/phases/phase-patch.yaml View File

@ -0,0 +1,12 @@
apiVersion: airshipit.org/v1alpha1
kind: BaremetalManager
metadata:
name: RemoteDirectEphemeral
spec:
hostSelector:
## NEWSITE_CHANGEME: ephemeral node
name: stl3r01s02
operationOptions:
remoteDirect:
## NEWSITE_CHANGEME: URL to the ephemeral node iso
isoURL: http://10.254.195.209/ephemeral.iso

+ 5
- 0
manifests/site/reference-multi-tenant/target/catalogues/README.md View File

@ -0,0 +1,5 @@
# Catalogue Definitions for Target Cluster
This inherits Type-level catalogues, and adds in Site-specific values.
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
customizations on top of this for ephemeral use.

+ 96
- 0
manifests/site/reference-multi-tenant/target/catalogues/hosts.yaml View File

@ -0,0 +1,96 @@
# Site-level host catalogue. This info feeds the Templater
# kustomize plugin config in the hostgenerator-m3 function.
## NEWSITE_CHANGEME: update the whole file with the site specific host details
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
labels:
airshipit.org/deploy-k8s: "false"
hosts:
# NEWSITE_CHANGEME: update with the site specific host details for all hosts
m3:
stl3r01s01:
bootMode: legacy
macAddress: E4:43:4B:EE:F4:CB
bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.230
pxe-ipv4: 172.63.0.11
storage-ipv4: 172.62.0.11
calico-ipv4: 172.64.0.11
hardwareProfile: default # defined in the hostgenerator-m3 function
stl3r01s02:
bootMode: legacy
macAddress: E4:43:4B:EE:B0:43
bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.231
pxe-ipv4: 172.63.0.12
storage-ipv4: 172.62.0.12
calico-ipv4: 172.64.0.12
hardwareProfile: example # defined in the hardwareprofile-example function
stl3r01s03:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:D9
bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.232
pxe-ipv4: 172.63.0.13
storage-ipv4: 172.62.0.13
calico-ipv4: 172.64.0.13
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s04:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:DD:0F
bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.233
pxe-ipv4: 172.63.0.14
storage-ipv4: 172.62.0.14
calico-ipv4: 172.64.0.14
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s05:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:2F
bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.234
pxe-ipv4: 172.63.0.15
storage-ipv4: 172.62.0.15
calico-ipv4: 172.64.0.15
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s06:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:F3:B7
bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.235
pxe-ipv4: 172.63.0.16
storage-ipv4: 172.62.0.16
calico-ipv4: 172.64.0.16
hardwareProfile: default # defined in the hardwareprofile-example function

+ 13
- 0
manifests/site/reference-multi-tenant/target/catalogues/kustomization.yaml View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/shared/catalogues
- hosts.yaml
- ../generator/results
- storage.yaml
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml
- networking-ha.yaml

+ 19
- 0
manifests/site/reference-multi-tenant/target/catalogues/networking-ha.yaml View File

@ -0,0 +1,19 @@
# This catalogue alone needs to be overriden at site level based on the
# networkign requirement like HA
## NEWSITE_CHANGEME: Update the file with the vrrp ips
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking-ha
labels:
airshipit.org/deploy-k8s: "false"
vrrp:
# NEWSITE_CHANGEME: Update kubernetes virtual ip and OAM interface
kubernetes:
interface: bond0.61
virtual_ipaddress: 10.254.125.239
# NEWSITE_CHANGEME: Update ingress virtual ip and OAM interface
ingress:
interface: bond0.61
virtual_ipaddress: 10.254.125.240

+ 120
- 0
manifests/site/reference-multi-tenant/target/catalogues/networking.yaml View File

@ -0,0 +1,120 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
apiVersion: airshipit.org/v1alpha1
kind: NetworkCatalogue
metadata:
name: networking
spec:
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
# NEWSITE_CHANGEME: below is the vrrp kubernetes virtual ip
host: "10.254.125.239"
port: 6443
# NEWSITE_CHANGEME: first controller node calico ip and pxe ip
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
# NEWSITE_CHANGEME: update the first controller node PXE network information
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
commonHostNetworking:
links:
# NEWSITE_CHANGEME: PXE network, untagged
- id: eno4
name: eno4
type: phy
mtu: "1500"
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 1 port 2; the first NIC in the bonded interface
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 2 port 1; the second NIC in the bonded interface
- id: enp134s0f0
name: enp134s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
# NEWSITE_CHANGEME: update the bond link interface name
bond_links: ["enp94s0f1", "enp134s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
# NEWSITE_CHANGEME: OAM network
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
# NEWSITE_CHANGEME: Storage network
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
# NEWSITE_CHANGEME: Calico network
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
# unused for now
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
# NEWSITE_CHANGEME: OAM network
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
# NEWSITE_CHANGEME: PXE network
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
# NEWSITE_CHANGEME: Storage network
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
# NEWSITE_CHANGEME: Calico network
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
# NEWSITE_CHANGEME: DNS servers
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

+ 16
- 0
manifests/site/reference-multi-tenant/target/catalogues/storage.yaml View File

@ -0,0 +1,16 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: storage
labels:
airshipit.org/deploy-k8s: "false"
spec:
storage:
useAllNodes: false # We define per node/per device configuration below
useAllDevices: false # We define per node/per device configuration below
nodes:
- name: stl3r01s05
deviceFilter: "^/dev/sd[bc]"
- name: stl3r01s06
deviceFilter: "^/dev/sd[bc]"
---

+ 16
- 0
manifests/site/reference-multi-tenant/target/catalogues/versions-airshipctl.yaml View File

@ -0,0 +1,16 @@
# Override default controlplane image location
## NEWSITE_CHANGEME: update the file with the ephemeral node pxe ip
apiVersion: airshipit.org/v1alpha1
kind: VersionsCatalogue
metadata:
name: versions-airshipctl
spec:
files:
k8scontrol:
# Host the image in a locally served location for CI
# NEWSITE_CHANGEME: update the url with the ephemeral node pxe ip
cluster_controlplane_image:
url: http://172.63.0.12/images/control-plane.qcow2
checksum: http://172.63.0.12/images/control-plane.qcow2.md5sum

+ 13
- 0
manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/host-generation.yaml View File

@ -0,0 +1,13 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: update with the list of controlplane hosts
- stl3r01s01
- stl3r01s04
- stl3r01s05

+ 13
- 0
manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/kustomization.yaml View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../function/treasuremap-cleanup

+ 41
- 0
manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/patchesstrategicmerge.yaml View File

@ -0,0 +1,41 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

+ 16
- 0
manifests/site/reference-multi-tenant/target/controlplane/kustomization.yaml View File

@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes
#- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../../../../function/k8scontrol-ha
- ../catalogues
- metal3machinetemplate.yaml
patchesStrategicMerge:
#- versions-catalogue-patch.yaml
- patch_controlplane.yaml
transformers:
#- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements

+ 19
- 0
manifests/site/reference-multi-tenant/target/controlplane/metal3machinetemplate.yaml View File

@ -0,0 +1,19 @@
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: Metal3MachineTemplate
metadata:
annotations:
config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml
name: cluster-controlplane-2
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: controlplane-host
image:
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ips
url: http://172.63.0.11/images/control-plane.qcow2
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum

+ 8
- 0
manifests/site/reference-multi-tenant/target/controlplane/nodes/kustomization.yaml View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

+ 11
- 0
manifests/site/reference-multi-tenant/target/controlplane/patch_controlplane.yaml View File

@ -0,0 +1,11 @@
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
metadata:
name: cluster-controlplane
spec:
replicas: 3
infrastructureTemplate:
kind: Metal3MachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
name: cluster-controlplane-2

+ 15
- 0
manifests/site/reference-multi-tenant/target/controlplane/versions-catalogue-patch.yaml View File

@ -0,0 +1,15 @@
# Patch the versions catalogue to use the site-specific local image URL
# TODO: patch this in from a site-networking catalogue in the future
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
spec:
files:
k8scontrol:
# Host the image in a locally served location for CI
cluster_controlplane_image:
## NEWSITE_CHANGEME: update with the first target node pxe ip
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"

+ 32
- 0
manifests/site/reference-multi-tenant/target/generator/README.md View File

@ -0,0 +1,32 @@
# Secrets generator/encrypter/decrypter
This directory contains an utility that helps generate, encrypt and decrypt
secrects. These secrects can be used anywhere in manifests.
For example we can use PGP key from SOPS example.
To get the key we need to run:
`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
and import this key as environment variable:
`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
## Generator
To generate secrets we use [template](secret-template.yaml) that will be passed
to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate`
execution.
## Encrypter
To encrypt the secrets that have been generated we use generic container executor.
To start the secrets generate phase we need to execute following phase:
`airshipctl phase run secret-generate`
The executor run SOPS container and pass the pre-generated secrets to this container.
This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated).
## Decrypter
To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml).
It will run the decrypt sops function when we run
`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/`

+ 2
- 0
manifests/site/reference-multi-tenant/target/generator/kustomization.yaml View File

@ -0,0 +1,2 @@
generators:
- override

+ 2
- 0
manifests/site/reference-multi-tenant/target/generator/override/kustomization.yaml View File

@ -0,0 +1,2 @@
resources:
- ../../../../../type/multi-tenant/target/generator/

+ 28
- 0
manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/configurable-decryption.yaml View File

@ -0,0 +1,28 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:v2.0.2
envs:
- TOLERATE_DECRYPTION_FAILURES
template: |
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config2
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
envs:
- SOPS_IMPORT_PGP
data:
ignore-mac: true
cmd: decrypt
{{- if eq $tolerate "true" }}
cmd-tolerate-failures: true
{{- end }}

+ 2
- 0
manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/kustomization.yaml View File

@ -0,0 +1,2 @@
generators:
- configurable-decryption.yaml

+ 49
- 0
manifests/site/reference-multi-tenant/target/generator/results/generated/secrets.yaml View File

@ -0,0 +1,49 @@
apiVersion: airshipit.org/v1alpha1
ephemeralClusterCa:
crt: 'ENC[AES256_GCM,data:6uQzsPDu52M507lC9AWv/j70+JefIZ1N/R5ZKTtKMYxwQWVTFn6vXJrT1Sn62gqS3BrtXD6ZXOH3g5ISETgVNHfG5c8VuXlx3cg5MVDPJl8aGWD2MnoG3mcfAiotoKMF1cPTIJFVw8C1GFOINTM9AmVYzxURs5CHsi4pkSSYShLivy5OEm1dSMyV5X+uAndEyAChMQoBp2fq0cuMu16o80s0SpRo0KB3CfVCKjaaajLZtKadpGt90UgpTUdTRIofQyNucaEmqLQbEZw/SwN1jK88ulC/vtHoKZuxDZtk4clITqiTqTAiepjHlmyTpo6PK+HvM2K+ZIWRCzKy3NTtS4iOEL1kVfWtbE5Zemqwh6hDuHH/IuvjIxcx6twZFOEy7+iqsAhxYZYMXqaUHPIMbAw0jguqMc0Li5pjlwGR8pIxT+VdZ/oQV6E4t/enpEVJ/8vrIJ5fu/1rbV8s2vHgxFHO/r740Do1UVNjbq9CMxEAqi4sTUaNNYBxRIqfXGsjOsosolIMy1YmTfoDJ7iqf5do1eVOId6gWeBJQYwQR3YLzk2j+MzN+GRZUMXYAspE/FmAbytaKnk8AVHL5AqklsbDHmDimc4hee3VmNSQBiNDUbIj6vD9R9PuyPDO7IDs4cZxcyFwfgq/z6LT5GwEh/pmT8bIIb96fTAeWkkLA/XvaTuT3xqzrT7NBl8trlLLGsqct5/07o4QdbGBRtFc4wL6LDyq8MF5pHU/PRcgOl41E+2KECSdrJBJltRvOE73sd78nkkCq2O/dMSRKpb2sPW9K3IQYlCurpShYGP1a+p2H50O7/GGz7+E+4rymzJ933IWA4T0YNFWZ4EFDsGccDxDC3r71iX/9xd19xvZZWU1JowQ1OcPzTdpa1YhDIuqgKeIekatKEtLDhXHsaIbA5CXKg4Ew6BOx2lBLMgx1RnlReIAzzWnYyYb03awHJIKpfM+mKDSN1kQ6Oc5iLmKshFqCB270+KMna+r2hdvnXqhtTkM/pZge5QCIrtGkPc0jqHXF+0UutVuTVk5dejhqdeT3ITYP6eZj+/CPBm1a1Ms/haPJc9SA6r9yJUWKthJQCGReey7glzVzHs8FtbcZqr/xDDMYCDT84GNIo4RlsCqm4EXR8cpumkP8YVMQOzCSuWmS6NYDk7JrSRYiO5cdl99PDrSGNyVj6LSEJuDkkfuiFHR1SbqLhwNDtSoheHMtBJ6rmqPsGRe6UhkOETU5RkNiPAubJfqAGGl4OgWNcKIM+Wea5d+MYJPpXPbLCvN8eWIo3VyhO+lhnwUxle2Vp0sR3XoPNsnU013O6GmsmNvTnqa/CHGjDinL7hQioBZpzx14+IeHPMoHLjoL7bStJqoSYoC4sPnI1F7Zo7KEXaybwqW2A7oIoCOsLkqO3PP+LaR8aZBtWmQZ/buchWVOT1D6vwowAjbrfYmGuU0VZiY74TuX53JS3KCJ+sn04CwHZBpoHoAAmy9Yo1bfuzOlI0XGxWP8jGBwzQtJddoBEV5ziussvfYSHDDLF6CL1IRWwjj9YHz2w+8IzA232aMO2eRR4+TbbmOzI57WzlVsd7nBN63lPfPtne6MBtxiQuq2pALqHP897a0DocuuAI0xfaO5YYrLQ215lb4DxIR8764T6bNMdcHBo7/TgZfs+QS4B72WM1p19jCHRxAan0cJ+knKUERE5koJyshdbl8cRJ4kL2amk5mT27Q5Ek5mNHnwE6nrrHQXK4VrDG3v4IfgRQ6wP6525RUsjrWGvxCj8Am8JXtO13JfwMpEcWTZK86cMDAYXXLiu1KOlx295qnrWaJzknRzY+Nb2DYsoDe92zs7fgy3A7d4JRGZkjsCV45EYxXdUpSlRaMCj16urJ/BrdmbJ6ccw/PKDqxnWY7JQ4NFAoEC/BrgHpSKBT53xku2Nxmz8ktt4AvTb59rjjfAEkMDjCaLmGz+RKIBQ==,iv:aKqk4ruA0/QtbBFnr6mBidCrnEY2uQ64swqO+SysFkc=,tag:Uzt+Eu7l1mf8DzJr4E+KWw==,type:str]'
key: 'ENC[AES256_GCM,data:U0U76Jf7YNIqMRoWrlYcOpi74tYKflDwE6wh85Mj85f/bBMrY2WdmOFmqiL61v02SBahXnBCHrQw1wSBxmqAdP26W4kSLL94NYBFUvwJIQwbKU/Cz7sQpiEYFWRuc2De0N4ibzS6//vINSMV+yi/G1aSbpOlxzfSH2upFcH2yGa36erkLgdY7AsoW/YOOUMYWLWsgsXUkXnkzu0+44nLyGOJwnuLW5gb6/Ci+RWKklKfI69pe1Wkb8Av6zNhI29CnzwFclkVX6I1PWkvouayLusrzo7nwy7mHxbI8j4Xfq9YNb8jSg9nS2ibK9LtQ5BzcPAa7BlP6NGavCu0OJauQ0sgw124kaWsG77QmpxFiT0TdvqnTVu3vEI3f/XZG2c/sWXVA8FGZ31F38mM68KsDMlusXs3hUOJf7QaUw+0MeK8lmz8t3vI0UANXRMSt2fEVBaho4JoTsbgZSvTD/RZ6YwI2a1uoPdNKPh7F8i0rLOaCNgPLVoKAcV3M2mEhodJNZAI0ifa7sdQuWNQ0fbPwGh+dXLKQ8PNjdXMgn9JINLYRKDRD+eRFWPV/WuwepSjtD88LGJmQ66GjnCqXAOFo5RcHmPEIYM5o0x5wqf/ibmgheuUUBJVnNvgH2ZVqMH8oNyr3OfGxfgEItvA7LgQ6ao1ympnCnXZvpu0m04UqNmebsuEnqH2EB/MIBk/5UjyMHTt4X52S0RpmXU8CDZKj9Xk9VFDCcmWnEowMHl9i2CjRwMb0g0b8fC9A4N6P9SbzKX7usUJsa1tSkra+Dn3C7vprOunvE1fQiQM++K2KixP0OjeP7TbAyMkHTszrfxdvJT7V6Rb90behJaaDb1pZAva1SMQ0vudV844t+NLi96VsqpNptx7AKhzSsRrzz2kuhdVf1dr1JinR4h4cVSwQCjZCcxLDt8do/d6BgHuvHWQBBGOM4AqMOyIKGm3G0ZiW6j3WiCPmiWou/6cRFu2AqgVWgRludtcgZaTs/p5k5gVFVzNtkocfg4hluP0zk/zJeOdU2zZ/XuxDuNeA4MBHTZ4qzzKgMLVMiMWsQ927d7J2h9w6kvmoXKrKZH/oB0R4a2pDYiBpag8DOm8P76uLeaKlgj9EQH2eK1KO2998mZwDGS91HWl4O58SjSENBZFr/thgzqFk+2C80/abMjofziXrsefuJOYP8L5LXTGyV11qsjV0HDRZhlcvsIW2q66t91lW7WNzYoxDBNQJPq1nSEewF3tvDT4BhtDAjioO5fVVyUyI7bAxRcCZ+E3wjDF7uw7yngbyHP4spYU6xi4kJhQEXvBOqFt1N/aY7etlfCn4daMNQK6u385XIcSAq/HgC0D3jqJTil7HyxF21fwQCorK/G24ELzjW0SfYUFDHAeUKj1VkU2GqAO0uCGklcx3wpcH6QvSQMGid8yRbEketsXw+H0CBloWAptdLOZj9LhwR0lXlvooYuDGTEoQ4SXx37kscRDcpWggW6NA21wIwQM5aX4kuhvvsdEpOEd4lUdH4LGdnRTHCdldFK0NxTuGuf8swEDYbVUjUHwMHIzmtNG5SmKahPMwEzg2YIV1BU8z+nXbT2XaOUD7hXfpWdGx0BkQIeIZL6bNJMDuvmjtaoDq5CywmyOIkrQqSEGDNyCQJLGBGPD1QjfkRbtmtB2gVyyQTuPqI3hjOuSZ8ZBiTExkXYQvK3eNrij7B9n6q43pOjJ9zaoHjHx6sMcBMF8qcSNo7xoD5Xd0Owv6USL+tz+n5zcnu4PKnYg1ZdfzxcQbwKUZ21SEVGW+ZU8KpNtHjWB7oQ8MTD5wjpqsUzgYdkBypNcRWBgmzCsZwcxR0LU3qRGDGe9eSHyk9JRgzDuWfmlFsOb4UHZQW3SRY16xokFaXcpcu002GX0n/puS60fLsUr5/raEBF9vCPC4miucCQ7wJ7cCzsRc2fBx2osiMiTCDPmVK9QpxmQ/4fMnOZo4ocAF7cSesqZvPsOo086K2OeU3vr0kQhtFTYojFGM04zhd+d87V9GiYUR8ABwAqaqg4Xk1gh/oputa7e/y7NsByv0DCKOQxw4uKDNBf02WvmUnGK0w6ka6ZQmT5+GndTY/DdUvxXTUZqoGZf0TPZS7PrJFWmkUn9hwqIlSTNtY1WwkwWSbvKTswe1sgfL4Zs6u0tecPiIebRIYopNlDSMbk0LnKLo68Xg2zxV0bKU1iyMzyobh8/mhLIVAo7NS1za6ksH2km9dG1IUjVJIxtHjZqQ2BgOcbLEqEA1+J2tuKxc/lHqR39OxwDObei4bpXJqfWPEG4mHVGFMNWkj7H11cnBmX+GWEbEBXarQCZezRh++WROFmmylfdy+QlzD+bwxT4A37a/djWY0n27XdRwVA2nVGdBzi8aBSFws/lOaaGHJnpotFw9xjUuXI8uiN1eGhaWCzU2VBWYNutjKBJOefLYf7ahpjphUv6W7uYX+15leuWK5RuCwL1G/PmjdLNMzynhxgNmW+xvmNI7WrqLrfGciOqkxPirUq2tzvXdCAHDanS7Ckui04tEswwuxyaY0PMf11ku9XzVX7rn/OhxjYjck7D7O9S5SYWI+5u20Vjrv+gIYPI/YSLPNxacmk4GYWUGkafSRgDg180JUtKDmquaz/rZVUBC7wVnJV/Tv2aTs+iZbWhiGqY/4wepo19Lxzd6wBQNPfrN+d+BjTDVmPaCy88lloXWJBsTIuWz7mmANV/LMkNYSA5poCL7rRlbvgaOsaxBQ1yslmJ25G9oaLU0mj6SEfoK9/aZchAmBB8u9s7DzQLaW9HmfgHcLuU1XyWRm1nIeFFqrbBnS0fdEOTkExXI92+vRlM4DbqdMOtpZcZsUMiXvKKFRGhuZRxbY8HujqLHD+298Fk6y+GjcH8+Yfm5euDLp97/tImUqjUb2Fqdw/7aJKrR7zzWHPp/rbJtDUKoW1lvHaK37+eT9MF23Dl4Dteu6ouPGjaY3z/EUINU2J8E7HuwNjdQiw=,iv:x2TJ7k9fVfblb/WZrUP6lgc4xWg4Fop2T6oNfI6G7rY=,tag:MTLldXBFI16om6D5cDNcuA==,type:str]'
ephemeralKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:Mx3R3AOO/a51bRTZ0lrp2KoSsQHaiVByXi8OuRkL+Ka2h0dt0PuJ+0XmvJNPUjc8Iw2DQ5MsvZ4AhbrNcaTV63ZH7HpeR1V/bFbqj2T0QzHVCzuZlpjW2GFkzMaDBFSCFmeLhB7KsK0chTkvIccd9VhSrwA4wukgY2Wy9r9WSBeZghV6yteVwIANz5qLTL2qalq73IYFbMGkQhhsc0sKw1X6CLSfz/1Cm5r5MNWtGnrnZTAVLQeF7ZcryqloMwRlDUBblWoM4oDIiA1UmpLmzCzOgNxAkNF2p3ci0WXxYtCDyX21lcYhDFOk83lYmIzUl/ufjJYdEWCfEoUk0Tsz8LusCsjm03vn3pPCpwaBfboFw4DisAkfh/nmvKd1rO7nrcWK0yrSjaNuqoGxW7I+GpFoeXtiyYKMk8konHy8r+U91kLW419lQ8iWxiQ1RyK2tgNj/3mzx6EZ6VnKbz7D0IA5+1KVXPOtF4TGQJD7VHb/xZhkTAy+XxoDgbMMS1EqfgFVS+/Rqp+V19VUjOiQg4WMleQoWT59xh78oBZFKXElK2neDmym2YLASeLs8nKprjWAVdlUAb4zX/AqRdky/+am402ifzzWDXe6IOh9Q6l0ZUPM+S2D99yG+JVlTtvtcmtmGu1ZneS8DgpEMMh70kGv0nr24YbhL0eJMmkZbIayiWMjsNkMk4JGzkZi0a4OpopUkrO4R5l+smVkNHtWxhxUy/8sUqzqNyGtzS6b8ygB6NEd1uTf52CqltyV1+ZOZdl/Qkb8a4BtwYdbb/kOteO9SFUv6kaUabaFyUCAo/EoxqraIREnmuJCFnIp8h1TzWN8om8UdBsZdPKlg1nv71WqxL1ZnZ8LgRClD/6dtSCcq8caECH0l2sP5dmctx6IPQJd/YUDW4RbLX9NQqCRlx6LR0jv5lN5I5Qr//07k5KDieNku6+uBnS3LMzgKKbN6swMjT1TMje4XEuolaiDjKAcsMb/tEJFwDYfSROcs5vylLJDwZ/DIo5m/c46i9hJJgzKHs1PpNXX0bbWR/M3Pk7fARF+hirdk7971FoILWcRTQZo2UMF8QJPh3MQRs3dOKIPMugDNTan6ftnjA0+hzwr94TknYGCEv+XH4Y61nWGZiTcv2tCt9JCGdXNARZLc3RtporxCtiAE8fMol9oso7x5sMqmuALl+iLfjpqzUHoXNJ9slipLH1RWDisGJXSQkEgrQ9h6bhUaOzuUeauYxnZBETfBZBmSoah2NDOOGcywGDDo03sRleaRVguxSZvftWtUb6RhHSj96qDbh+urbdW1PhfKs6M//XBMmLw5zlulYXqMaDvHeBRL4mSf+ZKNCFFCC/RJxGuT6hcuWOBwe0ZdCugvkVaJgqx32Fyd/YpHDPlFZEQb8/T0wP9M55jLg5Vm3voDzA02+UIZZFkSqbT5ZrmP+ScXE7HCFXLFBA3TBh8N1f5obuH0rbENvYFkBlEtIaAU2FkhPCpHJworrrIdpq/byQB9Jj8X+yhBh4y2vdSGT9faUDUB0S0v1fiD92IXJKzPKlpId3a4/bXXGl9tTVSQ01lPGSJf9/s2WyrRf6lhPuKY+bapWcs8ydNWGYhCccmZ4OHaOPbwGwks7l9RLTjDJzTr3ntnDI2DnbVENKdhuAEkavoElmgGSMscA/8sseX9FeuZLBvI4fKyNE4F9ZzAhUWe8JYulnw+oimizCLCAC+t9Inixda+dLZWJLbUEg17zvB5dS/aMZhO3dFUjn1/jGO2zbZo/SxjaHyi/WQFr5mZcLvwU+Zdyt+TRAbcV9sOy2tWUDp/xlRYAYqdeRBMly0lAoItUfa+jftUtR17l23i7UcMLs68hZ1NyuoEhKKDteRW8epgsbjmPfq8a04SPBW1XBZ8ujubf+UxMhTlvXdXKCQ5lIvlZE81Ezk3PuRfKXiK2ckCHjzyxE09pWkZXESAmdqKg==,iv:1WkqcxzVLVfrmBMCTZ48q9JLRpEkBgioGatSU3j+WQ4=,tag:VmKsG18InwFczeME1PUlZw==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:85hKBjZyixCRv4c7zptdAeh0p8a4F+yYXssxGUfhYNwfYAY4DTHAxoLsYeNcy2ZdNUDoIBrQu8BuqYxRnMkY4RcT+SzWwGEKN2yQe+Wm9pGRcXAB9xz9A1nPHgxRO0ogVcDR93bJYEfsIhx2ws0pSTw+Zn7LGFoDwMRve7xXmMoxyYKHj7L00dDb+fp0a2rghC4Mcsy/0rijSWcvnm1mC084oMl/J5dj6tHIR2zEpgWtX8wRH34vxxkh8nyghuDQfOElheZ2q1Mho3deHtDxJJ4Kk9nscCULYU0HRjBghsexvWvGEWn+kDUCFAvSe9o/nkWxYiTt3+dM1ifDusj0+NzjBbLJvZ24ZkLjqgW6jIxVVCiD8Ky4kTAOfvlFMoRsLiezGvGbkPj5eTtcJOR+ukhMLpabKqpK6GDxohQfpD+SNYmKEmS3Z94K7oJ3d0OAPCE/qgac1AZTbDv1/buqWexT+zus9CjsWbgmIeJppWtWPHsUoqVmM5teB8zs3Qfd7IJj8ZtHZj1l3zLf1lIE7GBgToCwVPjc3opSX2lmekOt6gMmAfXYKNwOypvRhe2Fm7BAjrck3GZYj08rEffDHdO2/2qFq9qknKHmS7mJZgm3aZZh/+eDr6HVSLYztTXMjHKdzIthnsSvtX94Mr6nkjJMnMnOuFGnC0b5VKrw7ZHktLiaqorerVaYsCXr+TdQrIYkEguKlzQbnmpztGjCxN9JiaJ45Qxzzijxdy5ahlNmpQbrgBWBgZjjqdOuBJrBKNkzKyWikFk+jBsfKZkiHHT2Rw2+uu3Xz/LTc51vNLfFvwKr0XTa1i/hQnxtI0YlsRm4SVornTsSdQjmadCrz/NvuPwJ2lyFZirxeZsajBHUJ/Obk7ssevFXY0Sel2kajkS9lNu/CfMBz18PNb/+1T7wCP7RJzfFnnuLYrRLbCw9ihKNtRqkfBZA4X5Hf6ZKjmM8ifYqg17YWDk5SFUDJvVt59Hyfr1uazdHIWlovr5bju9TfGXH9ylWm8Ms+AB6935fBNnwsnN1tu4yOO9voD2dc3X97xqlqcr0fOhTIkFXlyAlILRAb0wywFAqDX8yrpIdtXzlY+iobSj/phXcHCb5mdvgrcKCrkOmRMhIhHmXZ8g+fBh52gpxVjkEwcmI5/vls63UbwC7NF/fnDUZeW8sq7aExFL7a53ApVoeXTRC+eDrLecI87Ehfz7aGGKIHa9CU81eM/W9BOsM/ZFLsx4fK3Tgp6ZVHYXvGc2geJskovhJuEyk41OYtGVYXZ/OPECrHFaj7za5zFxS2/GeEHkI8qau37d8gtMJCn/SuEP3hBJPkMt9S0OIYgl6jnKx66+TY808GtlDaOGr8U94oGhsnzw6zzTMWYSMKyoK7yIQwOvZKsoS/G7nI8wa9gm2EG0+Mn6Q+2pZL81EucvbTufDqUwnrV7KJeEF5wR1cM56BvZefi9Y67FeF8NNJV1RClzcZwg520qXKUU35PdYyivuKe4UqfkaKfltOUmLoEPp1fTad+2HoeeZFQr/b+6zAI/If9Z5j50IlncnaBOuGMsm1qxUrtpNR99gCswM5VJm7G0Rq7/ykB9cCcgdPJ1Yem5Ktu3+nRQNi2LviY49h8xrM8bPd3YvpVIpIks7d8dX6vV2jHF6CpIqfLvqWePiNeplLJ/C9kB01E3LxDgi0n7Vm1zQoBNzFjZMtHIYJX6abZAQUPwtN5qmJ56FFL7TZTNk0Oskw3khDj9NVphb85nDHGCt1LL5r45uVhsEXU+OaIB5tZZIZRs3kLpt3GLRHomOJKbxpExdjw1e1GqK4JFN6v7Rr8BmSZi+4nCGrg6rdFE0iopmsEla4R309mS2XYrMn2UJEcUDnnsmZD/UVeS27xQl1f3EK4fruRobbEQszWkDSYQ8RuJIOihyjCpIfMuW4N4G+znepub8kEMNg/eLgFw5X9uEoVJg8RW2Q6nJE+coMt/sKPILVlfnSFLy,iv:X/ONxuQJ3EVMe2RZLlR+mwu2cKtP2JFGztWNjOklP/I=,tag:9a6KFR/WldtUasiA1iBmuA==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:hPeSh6qEUcnok6HgHm0eVB98kOqwjVYDM571D/kAvttm4XFX52/eNez/Mc8zyvOwv6P7QCOmJQTH1BQwyaJS5rD8CeuFWP+igCF4KLIo+8rqhLu6FWZzRblSKWnZhb/LHeyEl6EDZz7aA5njbEdXrlC8UkiJMu2xAuAE7a65YVag53AWcvF4K50BqRxNtGnSCMA88vLSXEagCGbyZeMRgJmA8neJTzsFCNXCMpGGEiGIKCsotm2xyBqGClZxcI1+sqCZag4s61rlttBYlrlKm+F0eF8vhoM9vWlHu2HRshFYEy3x/e/CMnULByGfFWqwrqstkIVjT4nX/txQdp6SaYrG/K71pPATEAIGbAERFh+APmfhVa1fmg4XSn4P4RzPThH7O771GRsrXkskbVs9icwKPxwpBSzepn89kUYj+/dq1AWo8lMrRI+T+s3vBif3BBGd/sNBZAyxSY9PJFtrAgaE+wYCJG5Gezg/L6Bu0GyormxwtRCAKHTuvcIQiwXWigJpL4oobKONOiYIfrooOeRGIogmCMdFLoNj3A+NQn8g9yN7ybe38/X4b6iF6a1mjWBhKJHDVPsFBXRsPp5DzIreVJL7+cw7OlwTSaZ4oNpGXM25a3NbMjfjYz/QylC9fKvE+HEpbKhWG21aTLbwtSm7wDRlx7lEofhpzR0/oEHsXtEk9qLupG3jTj029DaprStvKd4V1uQV+jjiuQWH8WXJO5ZrIY5IvT/4i9LWI74Bmdfm1uxFO0rX54xlrmLt8TVO6JnSijNM+miWLZMrhezT6DJutuugVx7DuS7CXUo3QMfu9NRQB2Al8DQS9DBrej2DXJ0cnCZu752vS4j/rRnC2SHYtLRUEzJuIkGWsMQIq9nnmSSMWpD/cdWEufLeOzRU6OibJQ9lcu+gaGWHBHd2MRyBoh74YHVOIH7HYop4CUqZfpnxc3oN0d4Y6B6Y0/qO+94wsAgp9b/CXbjrxxsVJwJQlAlHN+xFHNb5HLCXlXGTDBoseHARjbWaqPsv6+HWFkhzwnxtsSJCdcCrOpKJFlonO/ujWvDM99Uve8NGkZkgoII+FraeSVdBQIogUnRVtUTi3Aeqi6tn4Tt5K6gNqVX4O+jQtMrNZaDdD3AM+7zwZdgwHfgNYrFn10HUlgcqISuj0cJGBT5DGFxavGD1Shx/uBcVqOHzv4IKGfjpqjqPwHlqOuXGosZtgpbmLd8RnacLAb/WJRbGoZhM7r4AZEV8815JktZsD6fY+iH0Gq1+OubnfqWmzinNiifnuhirzPFLDOmFw0sK0s21Xr45pTQX0Kj4T+kcOwjNX1D6BJo4s11Uk8D4rfe2eBfFIoGnE9OEEWvvj8MLA0A0i7nUPhxxq0lKu5faCYNNw8w12+T1F6corMECtgqtphDvu6PleLf9b/aFTp5vYefRz/eifx6h/NIn7Z8qq3vI6zWmGv9zRZiKtDedNwYyOIC34KCYL7X/UsjsbhrpXsT605MnyzxyKOMLuxmaYPc4nj2M4xm1GJCBqxjxVkW295vO/e4WCxTyyjNHzNI3Cjqzy+dhyV/tq9Q6C57iawAoOroSVl1RPAzTqxf8slt4b4tdRzO4d9XoZgxTM0qiG83qD96QDhzi7wxY81ztDaAv9KFez6yIx5B5QLCZXoVapf3wPR8DLv7RzcKmdCKpinfSwhvgC2GpUnEDyQCIJTz9WY5AckbsLbsDmefMuLAda7K18kzR4MIrk3Vvv0MhM1CfeOndxG7EdIyDmUqjKc/A6KQM5L3u+qoQozuKRCWlveQPaG/ByBnf4uN9LXkrJkND1MtDvXssQJHRTgzTe+3mfmhq2aWy7l1tojTSUr06X4XV0ay4PSScxzdTVTf936nigmiU8L4qgk8NJmd64XJprH+mmxpU0tOdslsXSOxk2TP1+7R9Wbyx9Z/1SIhdyWjsFCfOgDOFL0y8zn4jaGehXVqt9FL3VDodI8hd2QFb6ckGTn5iW+zMMk1ZkCOizmhxC5oCLP4MlVtIEgqLwqclqevsAYVpSIxCLeAHr/2IoPawAgxUgOHgtA6LHJbv3oN+XPo6+nd8sPkXJZ8VlY5GouBwzf67JtLQjd8Y2VL+RjVozUkOcLTBBLWHBMxWjwp4+hsRc0lP1Z4/pK4CXuANacYPkmXOMozJpTJYYoaNv6WylLLFKCyj49yW+gl1HAkeyb8PSNY9LgjqEIZB+RZ9Xn7Utt66Mhqap0o6pCdAUuLK9uv2CR9rCGEeR8j8dsBQ9KJisxwBUjz9b6cBMT8XuOIUkWv1ESZhFmKJ1sCXhVKFOzOq5CgjU+QRMGOu+LIw4bUh3ZOB1DsA2P7LcZiWSVvtcQ11K20qkNK0Kkl9tZh5Y7qpRgh+SmIQE+X0QvZmWC7K1gWrlFEbtv3mw/9IBazy2GjA5ULKYz3ZzfNOwNrd4++rH6YHrwYn/o7slG18bb8oHElCzENwQC1nst5cmbTfHpeX/YET3tycL+EOHL16Kfg1DKzi8hbNZhAI3PWcV8rsuFcyMbtVXa3MI6y8dfLVfBETUlgPULJ5w/HFarKwXpRmU0v5YKpg0gy4JafVyqFO6bhmYAMvqKvZzt4WQUAEqJdPDEhyWj8ZQLAYwgAW1w+Lr5oIful4omz4AmDg4jA2aAB+/o9S42rM5nLLfgDZVBMeCU4QgUE9kM6S7lPWXdkaZUgoiUrD8OWyKy8KiAsMt+nkbuY5G5X57IoOApCd+smXT405+UatpL9VxQAHUaPqqX1raqDVmJHlJb2TB7rB8TL9q+S3AdOSQOMEfB/FxFYlIO7MyIayIyr7+7ZLBvJEnCMae9kjgbuHRCkelA7Qn2WCLzHRuPftgfs+cKExDVEmTsGkGEUy7erO00muI1Kt47HzIt0emR/RXG0arl31aYP8nBSt+cmkA3inWK9PaB9/Vc9gZul5Scqus1GCZ6CvjxhCMgUx91YrGYuVFGybcmUocXFVnWfoJ65E7n8=,iv:Um9mAPVzbSdF7D7IzmztYODkyCtgVwAexya0uYyxRFY=,tag:OYU+Wm0fBpQ/GPQpNC/hvQ==,type:str]'
isoImage:
passwords:
deployer: 'ENC[AES256_GCM,data:5gHuzx1UgSmscTZVHCw=,iv:aaONFJ1W6FlQWWYwl+th7yDCRB71qhRDtpeP3verayI=,tag:wXdqB/VZYpeIDw7cxTYYBw==,type:str]'
root: 'ENC[AES256_GCM,data:0ViR7nN7r2HXAJ9Pxxw=,iv:bzqgGxK00NAkCJQlIt4x3V56tv3kiKipiUremZyOvf8=,tag:fC9RVyo8nObI26ERKFlj6Q==,type:str]'
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: generated-secrets
targetClusterCa:
tls.crt: 'ENC[AES256_GCM,data:WsmzwpV2WvfLHUb88aMI0cBFhOUvmywUtzLNQ9vpEyA+a/hzOkCt2hH6IGDg6rOg/DLCExMrRk8edXV8SropAl1jfa183igRPNKVYnswgtXZVOsjrXeoumDA4GeYsxh+J5y2V3uWoAzfepShTRyJZLLWOTiubgffLmY2c4hFoPjkvp5IdiLh19VYDLnLUhxPdJDneey5QwN1wdZ5RjKOD7tB0boDiENHxfzhUzWRHIok3TC1kScUqKbKNtqoQnl5R2ghTFVGyMtDCaBThdUfGWItnbO/F1ICvMKDkWCHEkh1XhVRi9WCVZxZHBzkbcRh+WTSgfjKnRAJmz78qgVo38F0cE4irqjoV9gDoCubQsplRyqOqmR5FY49g4599y5cRCyN/Pg2KZ4Qow2BO65EAQuDarjado7eB6LdBPCFKRFvJPJf3LxCt88esv6MTdJUTBuWWNDha0EqdMgPe76/xIoMNv2LxVHSzBArRz2jWayREV5FrE3xECnO80BUZGa4P+E2VgqkmijfQANm4fxAlomh0Hgy5V3LFa2NAfHnK70pXz05nwl6+q33lEGgQ9UGWG92o0ZK66bQDKSGA7AuS786fr9WiFhydGW0Ot0pE7Db51OL2Ln1S/SJCSyUi8QP7FViSreanwtz9dbXbXjnZUjQysAcQufuwSnX9Iott07PadiCCooumT4nBOGru8xi01SKiusOEk6qjscoTfpdfElpAHFQrWLgwGuS399cBFPcfu9YbGqzB6t+xRq48KBxvLGf04uVppNdcf3V4opy3LGDeNETcMfKea0fsNkSKMYOah0jqBoUcA3Qpo2uTo7qJ5wnO0lXYpn5RwxYgTKHIgomiFPOn7BptVAMz49EtcxJQpdpOf+LzjZLRHvZIqDlbrBrdSpQOZqsi2MXpkTG4b+ZEyP4+8helKe2kgOAgKzKQkgOjGWN2fbGsDqcLqVCaz08kvtqjyzO5bF+IwezaKl1abUAm0YEH2A34IZr2lkTvhIPN9YKjjWGZk3GCofNOFwMKLZ/Z4c/dGrjW8BtszQKAnpl33wyXunCTxjZiO3mpWgI7ffmXABSHzNLc6nElVn7Na3lwvxlSIGY+dVIekWSV2Rf0SdU5mBRh72UQ+rXwEq7C/ZvgP4mAyxzGZE0kd458Tnjzt0oqNMPPaZnAv/dZW0CYFQIyQuTFKKxbW0IgjN2lf+Q5RpbgfoGLhNEqN0gg2D3YIjOdOE0y3dDWx7iTQ4p574VIhxeCdoxkUIhuhh3P1cIqyjCdCsjmsEVG5QBFo/XIPjoffk8IN8DklVCp8AwIz8CFrMySRzgOOoK91XhhXo6BsZsIkP6Xk9zWvN4op4VR4zM3eqlcc5stBg4KepxxUvQTp2OpDokc5JsKxhUp3qM/uHjYWsDlflfaZukJ2xLcaRRniPLDaRbDH/9L86so/9ztCaCRB3OEtogEjgPFb4KOFiPG7TqUtvrisygwXno10DnI8Q2VR916hO1Gfyc3hdTpHzQK95rx3n/CVclyxibnwpH9S8DlU4QHT0X2NQXrO7t4aKCIg4NXbYMifN1Sp0lEHr1EapqkuL7lqc0PSOTonNt8OhBZ4NPvHsgndQ/+r4aFizZ/56k4n4Fs7Ki9Qvrgkk2ZJuX0amp+cdWwMQmDWC9OIOHRruHjtquX7gcZuQf3ibEU94K14XZB0mSbwmuTQajkBIKxFmtPbe3aCchvBhfaA5Tg3qm0nQS1dpMSzKYH7+kBwuGKKW4l+FTpW1OakPFM22r5oCH+5IY+Eh830Xvzxm/3zZdVD+S/3Dk0S9CSG8moPpDxxjwZ4DPcc5j0fEUweML8SpjeoHdVqyaU3spvuFryzu9poYukFMthvdh6xGzCHzM3889RZhOcG7bUfFlZxYQ015ZSXlYek8TGlaG6oAlrOIjrxRn+guqHUsAOlt1FnRe51WCBh6zMwxKWhVC+Q==,iv:VnSbM6xsMFMeMFf0PkflNnA2SK5cJsQ/HNmN3duawEM=,tag:pMk/noJNqGwTFalvR+Ar2Q==,type:str]'
tls.key: 'ENC[AES256_GCM,data:kvyc7MnG165YbHWCltMw4EPzZ3iC4nGOFeQ1z37s5/92f5Sc0pKnoi1tyC9YvgQrN2hbCMJH4H4thQ1RDEO8QNgAPilblNLW8m9qbSQ4SW4dbXILhokKb/eEN2dRfbEzLr+b2SBMDFi4KSWkO/u7JjCeFNTN9JifFddnqHlnaHkRFPRH7uXDf2ZziXcVbLD9y6JP3ZexTAGGy8W8kZhA/xLAdWGsLpyAC6qLbS3Ggv77JeRFTUTjLp9waoDootSA2BDBmC/KhoQKZIvxEDxdafe1qYqwtgl4L5X9xo6afiZXH1y3oBiNrASfZhE/yDe9oxVJBgQJRBj6zshTJ3ueoS66BdJY0gc508gEkEvOv1i7ZEqmhSTVaw9PJuABROHVhwTcpMYcOhhngdEh8/TqmPOzl8T5wRARgzN1jPECrh5ZcSrV6Guntc6SJBR9olVtt88QpNu5SwLJCTj9Xf5UgW3/cBUmsLpPylXY88B//5RSDiAtw4XIcEKMkk3g8czouAEWwU4APa5C8WtuF75C8VDQdFqmoVVHxshRhB1Y1j2laAhKAwq1I2jWUc24MLvCk2SA+o3SMukE0GcRSIx5rwh6bDaLbutgUXFtju3rYrbo9riFPhDBZ05wPB6lrST6+ZBcPwwvmMx0ty1WeFXwX5ddEBWnMLCHfDbTsi3hjNVOBG7OSmINe47YOC0+8Vf09LcL+C4NCiXFO8V06tmz1nbSIUmPBZRAvCaXTKHTE35dVtkkkmQy1wPk7dR69ALTFWhnceSi+LMxcQOKpafIU9KlgbrjhbjGR3gMYL33yeaMMR6OB/ghXROaopww8uoANxUmyf13VMYJBaJ4OVVd7M8b/vT6RfMw8fytIQBPB3I9xVvYMSoC1dpZ/N53LEIo0vq9suLoVYnFMhILVhxy1U/JChKR1tRv4lFKYYVKcZKoze9I5rl6FXyzld/ql+2EM0lJSAXe55mnmdbYPnQlUHPj5wq5AfqXW6ADnIqWHqdbEBo5UEvu9S6ElkMViNv9gD+iX5dD6DTk5Bx7R+lBmsvtySHopjSqslHJURCEmYDpKdKjFxKZR9uqaF81388ov3wnbQRFMLFzZZMwMTKVwL9oAeeJugQ6Hd97fwbXp6X/0mYbh8syaFfA7vTtjm/8oc1fPFrlUBTSXERqlyVgzq9j1IrfZeHc9t3e2WbNXmmlDTV5C7VMeLhBjvEVVNTaFVWfP7YQsrSbzrtirzHB3WFIUifdTCF7v3SlfE/VAmVfuI6w0Zi92g5DZl/2v/bfwLay3JETz2LIYb9GSNbfLX0dssUROgGUsS9F6WV0r1KT/27SsOi9EDygqqOxoFgD+YRckf2oDZ94wrT4vTVHlm9bQQEsKsogwofMxR2GnJwsozIJj5unbY1oiHWBdJfsPPtisESZK3SHxIVcF6iu8g8yvhkHKn/xMeUqDOZN28MoELStSFTkQGpOml5gXdXDdK2BEzIKbeDOV0bVIgN6WYZpEeOKgmoHRa1obDrcgUvC6CB9rPL+40CvFwroRQjoOMLHDZfBkxJxDYDo5abhLXiyd4kCG70nMhamlikVEJOQ+Y7PWIdB4ez/emEqG3S7Z7it/NRukfgFJ9xbnt8WkzJiKmbpnojjJTc/8UVSYSZ1y+UA4R3SKcTlr5/qyWn8V2nXrHZsH8wpmScmLQ3NZx3J2RnSrWLveXaksOcbFBebJPXnIvmqVZ33wDQNWJROXjQfCqtZAhXgOW2vHNyQEoi5IjyNtyGIvLEffX2jsHTgD/QOypA3e38EBgLkZ+0ybLa37GvYCH2GPzGf07TcvwXXlv9p1bwByCOCoUxumJ98gptfbQG7OUXPeDkZIs78xIP8mV2irDqawWn+4dqJBgDZAWudY8scn5gWo8L5sE51kGGsDE0MrPPxcmLBNFoTXYrdCuFFQXdxuQ7mSzX04gGabL+d1+SdETPdJLaqVe2WbI7huEd+jFuo0zd/WkYbJwCxs0mOB1xjm1EwIC43hhl2dLLIGYZVu8feoB2H4sEQeke6R1iGKDOpzL5CeY3L0/EA2cPVC9t3H7wjidFG4w/yfmQQZiN1ivoiLGoWTFN+ztGH0FyGS8M6Nk3d8nP/MkPjCodRIUnsppTRYSJgbxa2o0R2b2wftBdDU7oQqWy4XK/H4zVltACaZE06Og1Y+Rvb10NeYUiDxJupat+Z1gh6u/2ISDgZQwIsRQRYdhm1JgxxzUSeNTtGQPkRcNCoWlaT4oiuebSG8fsGPFaqv3KF+lWlORpKTjMC9mlBXPjH7NWeZOiqNI5pZaf1tl9FnOvUwzNdcGLR6Bqoe08+asKoOuh+NbKSEAlALnPnznFRBapHj5C9ppABMYKfqNigM1tflctJFiiqNnpH6Y+qXFzudrkq9VqhaMoccgkqgYcFEEIwJ8goByA2ZBSV4mA7sDtY0fCEirP98j4OOcUpkHLgaRbRW3DhvfGNOJDE0YJjb38kZEZ+KdDcu9CbrXBgNVet04j45VjIonlum+DWFsHD4tdu1CPJiii9retvUWn3uYN0zSKrj1jEL8cO7Ujgmm4A7Szgz6gP2ShvReaT9BtYf5W9I6HXnedjFL0HOT6SdrG6kXPMns6lOkO3CcxrTM2w3vtms6HYMTFSXDr1k9WJQFIPqF16MrahYaEbHC0Hn2f1euhxiwY6Pd/fWa8SOwx6It22sq3RX/Ra1dbRlQ8UkwvPKV12pR7Lcq3WoQr3/blMZBiK1nXgKREndxY2/oUeI8bpw/qgbAViujfyRVPcmfhPBgMPZceUbVLGlxdYzPIKAqYgttBVHDZNdvI4JEkK4FJnL55WrSiOPEEuiGrzOSKQvZ2b2/AiHceAax/Rr0zSxWKZ7numzZKYBrPBgxeMtJABz/alfsRhtKxIH/Tf3YUaMeS7nmYaOgO7nDTuLqSyWpyIqXQHvf9TCeZt3o+0hBx4R6wLlByifj/QOqY2ZbUrqLqp5xa1d8/SD58=,iv:zCKTZ259WSSteALG13EAZaPvEO+FkqwTvaFv6VQ3PRQ=,tag:wtL/ti1jBKK/zjzNR6E/PQ==,type:str]'
targetKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:XQGGPJC6gnZKfIVTEpIFrnu80oB3BrrpGCiI33aKpSPzH7mJn/QLx/Ub22Q8pL4Y/AM7LRTNQ5dkLar6bns3ePLCes7QY0WtB5cp5QFFtlIDHvXWcX6o2yjrWP64cS3UY2Ct9vije4cZLlDHjOerOyI5yCXCbWNKP631EXq8KxmuTRQNJROtvnG37RYgp7nsHu9uXVcrCxf2UH8WH4LhO91yW83rJSThSSZMPBwUfZdvTxdFg1AU9ZzHxQr+FDw8rDIsw7nXbfhlQxvsbp7Sor1rPnu2/pO2wVMGrnrAiFn2qwuxWRCAC4gNZr43LXz1aYgxzwcTVV7Vn56C0G+cXgS9uceOlknYwE9ViupOeqmUJ9OaLldFmoEFmTVE//qamT78/jjBWjb2ZJi8ztjTCFkw9ce2RKAd4RILwzZ9bUMjJKuO397efe5VZ/Tm+94ZDRnrOpNT8NuFlhcyZ1ezYhSEJYG8H3cr+ep7j5wmhse1ThK7IiBaUKlEkBoZEcjd1TI5KGf/1VH5VXdW5FbGH/gfDUeUYH2JuMSKnGuozRlCacjK6lu3kVZpQTXHFtpHKFiEbLgCFcmM9HnPt0KLKlYX+XSgbElQPMHvyK9DrErCrj5KZ91KNOupgzqUJ7Y2GYYSWEGIyXQLO7V+LjDhE4K5PAQzEJ6D7dxK0b/4ze9uQiFtQLPa7qQ1tD8m9JoAUZSPWEzFgsOYJF8Meoff4Kp4vZU+p5+LlK+jOt/MGFF+1Yi7tuOdWY2Ulbzxm5TAt1Z3+HmgzidX01cDxb9zT7iDa5aObDI4BEFlPw8s0dZyvwLNXRL5yq90m9PWMZHmlkwpPXXOqCumbNC+FW1E3hQ1+drIiLcX0uRd1jHW+4RcS3ePYMQzZmt7aLQhRVfLNiJ7kW62XNNHAs6cc0Z2hJudloH5AQpWNwNsUPUzgaFnTPu1PyGhTywy+3C+zsLpfzQFCD4bSyhJrDj9XJKahNAWk435ehGNGCgr8bkj+9fZa/pTX/bmwSFMh/hvULGQB8jhQkCoO1RWCQnLK3iHIc/W0ED19GHxgWT/SOReLeL0TGsqN9FiesCo7pDkVGsbEzPtXjt2w+jaZovTBp2tBuhm9l3eB6qK17PqI3gi1YVQtaDvsDNwq0J0dhez+XwbVu4usrciyQYzJJoF0xHPlGhnyZWN83bp/HWZq7Oau0D/Gzv0eSZNG4TIXxAiXgTNA3EN3bp4uGzszYhzarKRiLo3+Shu85b7oa//UXp4FFUp+lRIqr6HDyhLv/17WaopfaNF/f7h0jym7+gvYj5SVKBLgawAkEfGwx+HWoEYrQxaXkFOPDhuNkCY5w5xaSCfWGHO/zfczvLwPXeqVLTmgt1UpdyOmrVL+WzegnsrPuIOL15VwJpxdjV8cnKMdp0fWRur9FTnDUSE3yQQDIUr/dHKP9wGcwxRoaa099zHkjpJVJk91sbxf8l6MCe8K9H2M7W48ED3DRhpzIbJthHjpZF6a+8E3a/+H45T7JevgZob2DfENYub7c0fiQqMyLU3OEXu90fpPB3450zFF/M6+TB+ezKK3VSxcAJFT9jPX7OfjgZJf0E4q8v0CYHYeOxqvAmoapyaO3Z2+tuP4rPriblu2KsH+5JyP7kVX0e4WvixCN+W/AuSO2O3CqXZTh22F5UxRLSc+p4WDx8DvgGSSsFtKE9ASkGgjpGEV2GBdDu5Ja2rC3qqooCSDtLEuas3zmmcbwVog/ZhHw+us1yyAqDpkllxZ+Hoq8rHdg0Jwep1JUJ7B+/4du60GleqvPbiiM8xnbPFOxrp/lEb23ura4AqH6ZxxBHol8d5WHCh0VxQXPychIsx2Pl/404t0mY0ne4bIudaLsGADwM5WBRczgKroe5ah+7KmujhavPoNQztnSgVTfa6hxjG5EeO1/hYBybXA3gjM1rKaRLUTdGGfcL3TmOf825xM4BLvQ==,iv:lrxOZvtDP49iLxzYfTW2B/ex0vtgmCj154j2xOnJEWM=,tag:ODHDg+Nh1ZF7oAloIlpnZQ==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:wPc4wl2y3CkIciqXl7e3c6XPx9jQz86CBu/hSfIQUc3IkpBeEajlxlbxHnLDvG+/hyXJtqfLFrP1v5JcZCCiUk9lrZPmDT1yWUOMizV1/WLhC/nDuGitVErRWAeHDtxE7f96H5MKQpv43zmxrg3F1+mvYVt1WAc1SBWgcxY1bEmLtV2/RciaIUX90aoE/3zcvCRq4A4nsPGXqT2NCsDcSTngQPTGttYMCz1bNOUSk27kmd9d5RV5twRKtl5X/pcR6Hem0pqlkhnCIqElzMWnKLIOaxi3/KzS/SMIqRHJZhX1fzl0Szc183v+ew1Y63kGabvEJwG83JpGfKSRpLdH85rUydenxTWnGj+2qpZlgTUa/lIGfXR/X6RWNPKzrZbZc6Hq/s3n1Rk+OBSMjepygp+5huj5QII5gdI/YoW/4+nEav+IWvoXmtw7DNDuzPgicsZxZx4QmgkZJk3s+HX+f1TG8eceR20vuaWaSOkq2JR3Uc6+9ebzvuLsXqX34SryRvI6Mrd0bJwrNu8Dbzv4DKqHrUnT1tVoRRkCE33dHyRhWjG6vs4HaDgZuzfQGJMPQ4c7a2RJKVB2e0HYp8xjFmbQCPDfdVQ0y2/E8GNUZjTQhME1B6Nz8egtZjgIAbug++cgErT0PybCeMCHmz+596xlHYjoL1dIONCvzm//Dc7okuxs9D8LCZ5f7r7IjYRFQt6U3i0PLdv1pTds4yvG47VJimZi6SXeq7Z2LPqSVclZCfPlDC643bC9hqpIsDRKDJLFeMoTr62g5Z0W+c5dmMH/6BQrySgr99L0u9JJzaR2Pzfr2QxlsUZibYniNyuu5cEdMxiVbMFAcDaGWyTOjpvay04fkYky/A9AKwAxPStxx/YFZ1su/8SWIwsAUfj4xKEccjxOcfmL6BjdYdj47ElNYQXqIVKl/j3X7rXzDSu0eyVPVTcOwuGtXrV/VfadmisX9cKCSwLozj6GxqM9JN6QZ6GYAxHzU7V1UR7RTtnPN6s7JOhql80KmsN7XnRddmWPZpOmtnwunKSrvK7rBygXkNpX1TE24dfTpWzBOeVE6BFxUuiYGCoxuuxfEo6K2deBj/7jZZ3PLprQyqgIDipKjgeC6R3qx1UBHOleY67Y4ZvUCQSjz07+wo+B3OjNfbCSN0vHJJ9NhvyY4CdOtrgbzOchZPhobhxurH8iMf4UDBgugefpXRwpAFhyjkm0VvDE+UfKJFbsKcsPehzbBOxXJKBbyDze+Ov/oTAhY3JjGiUe3h6Hyac9ctnrUxaGFpLhsjZCDiewSBo+AP6J7dQ2bcg9XMmw3ckOD/hVaT/sOi2qWsrG4Qnr7ZmCXMy+yWQc21TL6JvT3yI56MAlE9TMrG4PWkktmTbw6eAyTOmL3lzBqpXKgdJoWLR/Zv0xUkk8+zZsVchja1kLPJAL6ALkRzL7PE+UEH57K5/vim8BaHzKO4Q/4fb1HjbBX6GA+/4nW0CYw3vKsa8Gpt2Av4XwOpAHRGrezm3w2o9fSxabCTMroJ8dsaR4uJiCpn7jq9O6a24PL54gP+9dLnvnjK07DXvIJI2mA5iDv4CJAgz0rNPz+6yAgGtuUkZvqslBOm5zhKy1TVlRuQT315YeYjHPp1JqmQ96j4RHCCGFFlHsYnzaazY8izu+r59JNxUVRipJs2UmUktJXETWn2zKe0LDs8LkPvObvzM4LLGOamVlaOjNKSQRsiUv2Qd0+ERY6sYJHwh40ObGF6Z8u+91wWglcylkY1+bjhCwh9Zs4Gw7JenOkMsJe0BtpJYCwkDIA4L/+PHtaUpgQmaFCGYAuWysAv8OGkv8gmIaSiLwTfiUxg+dqgicEcKAGoYj2pFduWKldP6dg2HyzCYVcMbMJXNf5KIFLcAnJ4IOYf2bBDR35Gbtq9gKUALudgR2O/xxVkI4+DwY2Tc2EdFnnkh/btYaz+seoCQL1cB9+IrxfldR7CLXUlDt+7DUirSEvNLpWA31wA==,iv:d8/OlgrzqF3u7162nMzKfWtqeeLogcwq2Z4FTxRfxjY=,tag:wI5cko+kBoFUXEJOO1CtOQ==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:DIz0rFlKFLIEQaSlyqSgAiY2KK+a1CRDtAXtu5LKgS8kCr/XqRHq41wVVK44v8V1ih8Ca/i0Lie1pheHgdHQicilcturE8Mxfl8T4Eb/6fVy/soo4M+cdAHaZDa1NMW+0ZYrXB67oQbSnE5y8/Q/PQxg02VzWIm0G4OQkkTXjb2OC4+1pJl2tWezyMhdiudc04dO1z0uK3Z3oSX6huedu5lXEP2u9IlFrEDfdEg9Fpw8+HIPMF8hGblVffZkYob78AzuImW3vzTJV/6TDkNdlKbEnHiPAvqRu07jUa9w0rKGfvPeoRi8KUhCmqI+948lsmV1ZGUFXfTzYu4Ln+cQ+x9JT1cX/g/6DqmWUXiMY3Bh2xPyfW+qm66QypFH+wNTjfbUpPK/Fbjfrbt3Eu5XV0beOh9RQIMVQcV4OgOydwREbxxCfUtCRddtDcRuWp0uju9v6c3m48626LXPyO8iKoFVldpMxEAbYdROOar0FXBNner9t2LRX6oWeZijh3bRB11Tmi6y0H3fWfS7datRO+3ben18xWJJTYNIst3e7dUgjgnTriqKcGIzqsxO0rBH2+oT0gHAgDCKzsp53AOEl8LdJWXB5ua6WQFz9o+p3kkDLC+PLwXg1zY3nkVMYrs8a00JqTphRc5X8R6E/4wpYS0Eka6rXKIyAq6a74nCXjOWUy0sBCpwI/8bdckMF3u9uw8GjMmtQINzJv0Pm7Kx6T7wf7ysdhs0I/kup/l1SeckPoSBm14MSoVT5Co+0xyK72SpyAW5f8QFEv2SRp6c3xke1qOEaPAD7ITXlLt61y74yRcKXaiWkAG4tqxcudehRjnOATrC1y8KmkV+V1ZSP9wm1AVvYkYGldkBNTVaDGSZdaw+u9KFK+tfNbMajMrAEMPylINa9ELh5YGKzj7cHeaPVh3C3bgDNZHUD6osrGXvHYaWVqwAaslZVEauSFXvUAVxajcbaTf7RrdoDU24BP4IrQkmkDoSzsFvXiox+xEYXQMZuJP/Vp47e46eobCUxADxM6zpjyaNTwhSV0aofjMsbTjzlvniYzw4coM5mhfwJ029Fcrk8XlKqS/Mad/pFInjwZE4i0NQRwj5ZxI59mbUIQZUEXdXBtIVr02nE2TsHYQ0iYOeUTKALeZztwY8LKoIyIdCOoS3a89LEIjJgHnyesylxVBj46fDkVCkWcRpo6jwgqEQTzvRBjCJQMvb451kQUk6tBp6iW5G+6gViEbATrkHRWpFjbYiGYH74RTalyTxQA9Z6C0FmTTUxnr/4CP41nO/Wj653LrRL+BuJBi91KbfHQjKCltcFdbrZeEkmCNJk5G+5N7puxYldSLD+XJRTssK1+2qk9xM12LUzQB8pqTulKsbpMn+cnWzFwLmRCBsWdn2xattvqgdFoNXM7svCSroRogGx4pK9k4OgiOtM+Q1sOdTOsntLhSGyW6R723vnZ4OfzNbO/zkdqAT9ZmPl5V6g4sKopM4wibuGsHx7G7QEBz0YbYFxkKtUSH8VmNJH6s+liLCGvc9WtneT1S0HbcQjWYkFbWt0tX0N61NbVYEzTpycgXMnz2VbrkSiGkp0llWXMKAys4YimjKjquPxjXV4Dy19W82UBGo5wYG+WBKqwvwrU174Mb981JfZfhZiKHAreH8hy834pLcMGeJKR7BYeEUPG33gn2Ds/O9P3Hrh/ew2Itxw6LNUzvLb5hSwPGbgYkIjUufFKksiSUBpbpyPMXvTUKBL1eje6JYu3uqkUcmWKGVhfyAldlOoFGpUXiulR90KPXVTR3bwpwTyIYp9O5IhFHUlKb3kjBBXQe7z7yxrzPudJSbHljGPPZfyVgTdgYjiN+v35oppJseN6J3fsiSZIMJX7QanNTqwvsoZU3SGA958Le1154Sti5WlD/jMTovUmFVHNfIo+E3gdB64BEfPKf0R5cuWB05aiaeJJPH61I2W/0mK+zlK0gdNKjrzPDTutgkem5/zxYYu/mcnCk/fbBlOiHlAsgwkwSCs7nVUrJ/1aCAtMH0IVYjatslJMMy9p9q7L1YNjiyzRUgbIRa4g2dn+HkxEcZ/iwm4zWXpRYLZ8PdSl812/y8DG98yVxgjj2CeWxEdrviVlYKxivj6Fx2YvWV7H0GPeGLdvFw2C4OLBjrgTEriLFpwYhwE3jqpUh3Ceknoas+p76QYoqa+vJhYS1TeGzuZcsToBZ+Tie1C83MrIcJfp5DRXT0vffhP217YkD17/mQ8f2WBTEDckb1PeT/Tbspk+AAK3p33+yTqRUKppkRN7SU6ZAT2sRPlSA20fdC8ucBlTJWpsZsrnmnDLc/oacV8LGyxaEquDfKzYlunj3MAKLVibCnKxbtoLATOcRcb5XwGMqVrcrnr0KFNWFivV6IGeTGVOyEf3fgyfl6ahn3q7EoSM/QKTjp61+CMWzFsJvsJsVPXYWqy+QRZhiD6lJbezjRcfRVaeu9ZGMGPsgfbHCqUS0u+66QI/uXvUwfG+MZZaxBEpaSyHWSYtP9UGTeB8l1t1sK3qrLp1WMV3EwIevPJtpedDKxcfNBRrtW9G4b2HHqDsOTCPAH6A2FJTtDXqJtJx77IvBTV+z6DMoEJ/H9+F39pDIhKO7QlfQbCr4bL7cW/JeYSXeOPi4Z4y+uLfcC6glyl+ILRK+0u/bDVRk3W5B7uWXHyCwIUmxfEqrYJNKqz5O0LPp8jFzuSnRMLMtGk2vjxYctFLlprajjPuLk6VPZlLhbYV0bqDIPWuQ3XjKwQjfKWiOm0u3KCZSyhe68ImT07mddMgIHtwB39hbXOlhfPKppEnmc/qmr4F4EQMvztvwox8TuHrRip47ChkpOjcC7YlZOccZYR/8rorv/3Jl5V2ozmg/Gb7jV0YY/B4/kabpDQuXCnT0SFA4jQZys3CSBqO6AQOxZ4amZIFm9zbMnc3VLzJGBylsX9BbenLV1ffltLhI3eLpv8l19Yb660fNVu4R5Sw==,iv:d0V7thVsBXSYoEVaC/saH6WpX242EjiJjUpO6gpabxg=,tag:GNKcO01sISM3J/0Hjzkntw==,type:str]'
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
lastmodified: '2021-04-06T15:20:22Z'
mac: 'ENC[AES256_GCM,data:xR6t/C0I8eyJqi9HbodbjYWP/5dunzylUx77/aHqAqU3/zDfznH4jpN4oBE5+HD2AEtqWLavIJ5QjVilHIIp3q9FbDp28JnVWc4tcShceIJzn/E3EkGJohzbVkCVsEUnZ7U70sEfS/15IaJzfDnlZdxRnCLYdTYjCjaXXVaeOr8=,iv:2ksNc3zAY+OfMxgeEghCmy3u+ITiI4OqDVm9pbxzSFA=,tag:h7q+iyfTrtkZ3oiZNqATPQ==,type:str]'
pgp:
- created_at: '2021-04-06T15:20:22Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQf/ekiqVj5BDD2h1DEiKX0kz3sSU2Bem9EblObv+mEkIVzj
5aAMmcFF5W5f+5yNDeb9sN0eWMIl99IeY8Z4GZ/JgkLd1Hf2eDpyYhD522tTewOJ
IgJT21Tv29w+GE1S4erz1ncF2C8b1r5qzHLVKWomX+rj5/Ix29he42+6bXFO0f43
/GX43VWeuRenJ8p2UxeWaANzEdI354UCYCOuOx6vXytsljQ5Qd2tidaI/rmCfiIE
PjZvnbHmwPy4R2jtwtC+yEOs4EFzFB1DFZXl0vvQTcu9ztOTEgibziJZs2EYNcCm
RALZu8lSjLRbSbjGs28mTSCFEAeZkCcldOXWf1fljdJeAUmA87yTpVyFqdh4QYDz
h9OLOgO3YBaKfq/7+YT7wUMh4zXC/BCOKNRCYeAFzKk1GMCgwS2h/1j98Lo8KviR
AoiwcnomoTATIRs/7715GhroBvjHdrdDPQg0FwMB5g==
=3Y4v
-----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
unencrypted_regex: ^(kind|apiVersion|group|metadata)$
version: 3.6.1

+ 5
- 0
manifests/site/reference-multi-tenant/target/generator/results/kustomization.yaml View File

@ -0,0 +1,5 @@
resources:
- generated/secrets.yaml
transformers:
- decrypt-secrets

+ 2
- 0
manifests/site/reference-multi-tenant/target/initinfra-networking/kustomization.yaml View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/target/initinfra-networking

+ 7
- 0
manifests/site/reference-multi-tenant/target/initinfra/kustomization.yaml View File

@ -0,0 +1,7 @@
resources:
- ../../../../type/airship-core/target/initinfra
- ../catalogues
transformers:
- ../../../../type/airship-core/target/initinfra/replacements
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements

+ 4
- 0
manifests/site/reference-multi-tenant/target/lma-configs/kustomization.yaml View File

@ -0,0 +1,4 @@
resources:
- ../../../../function/lma-configs
namespace: lma-infra

+ 9
- 0
manifests/site/reference-multi-tenant/target/lma-infra/kustomization.yaml View File

@ -0,0 +1,9 @@
resources:
- ../../../../composite/lma-infra
- ../catalogues
- lma-infra-object-store.yaml
transformers:
- ../../../../composite/lma-infra/replacements
namespace: lma-infra

+ 17
- 0
manifests/site/reference-multi-tenant/target/lma-infra/lma-infra-object-store.yaml View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: lma-infra-object-store
type: Opaque
stringData:
fluentd-accesskey: admin
fluentd-secretkey: changeme
thanos-config.yaml: |
type: s3
config:
insecure: true
endpoint: minio.lma-infra.svc.cluster.local:9000
bucket: metrics
region: lma-infra
access_key: admin
secret_key: changeme

+ 14
- 0
manifests/site/reference-multi-tenant/target/lma-stack/kustomization.yaml View File

@ -0,0 +1,14 @@
resources:
- ../../../../composite/monitoring-stack
- ../../../../function/minio
- ../catalogues
- minio-admin-secret.yaml
transformers:
- ../../../../composite/monitoring-stack/replacements
- ../../../../function/minio/replacements
namespace: lma-infra
patches:
- path: patches/minio.yaml

+ 8
- 0
manifests/site/reference-multi-tenant/target/lma-stack/minio-admin-secret.yaml View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-admin-secret
type: Opaque
stringData:
accesskey: admin
secretkey: changeme

+ 17
- 0
manifests/site/reference-multi-tenant/target/lma-stack/patches/minio.yaml View File

@ -0,0 +1,17 @@
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: minio
spec:
values:
replicas: 1
persistence:
enabled: false
existingSecret: minio-admin-secret
buckets:
- name: logs
policy: none
purge: false
- name: metrics
policy: none
purge: false

+ 19
- 0
manifests/site/reference-multi-tenant/target/network-policies/README.md View File

@ -0,0 +1,19 @@
# Network Policy in calico
Restricting traffic between hosts and the outside world can be achieved
using the following Calico features:
* HostEndpoint resource
* GlobalNetworkPolicy
* FelixConfiguration resource with parameters:
-FailsafeInboundHostPorts
-FailsafeOutboundHostPorts
Generally a cluster-wide policy is applied to every host.
This site based manifest is designed to override the default global
FelixConfiguration based in function directory.
For more information on failsafe rules please refer below.
[Host Protection in Calico](https://docs.projectcalico.org/security/protect-hosts)

+ 43
- 0
manifests/site/reference-multi-tenant/target/network-policies/calico_failsafe_rules_patch.yaml View File

@ -0,0 +1,43 @@
apiVersion: projectcalico.org/v3
kind: FelixConfiguration
metadata:
name: default
spec:
failsafeInboundHostPorts:
- protocol: tcp
port: 22
- protocol: udp
port: 68
- protocol: tcp
port: 179
- protocol: tcp
port: 2379
- protocol: tcp
port: 2380
- protocol: tcp
port: 5473
- protocol: tcp
port: 6443
- protocol: tcp
port: 6666
- protocol: tcp
port: 6667
failsafeOutboundHostPorts:
- protocol: udp
port: 53
- protocol: udp
port: 67
- protocol: tcp
port: 179
- protocol: tcp
port: 2379
- protocol: tcp
port: 2380
- protocol: tcp
port: 5473
- protocol: tcp
port: 6443
- protocol: tcp
port: 6666
- protocol: tcp
port: 6667

+ 5
- 0
manifests/site/reference-multi-tenant/target/network-policies/kustomization.yaml View File

@ -0,0 +1,5 @@
resources:
- ../../../../type/multi-tenant/network-policies
patchesStrategicMerge:
- calico_failsafe_rules_patch.yaml

+ 12
- 0
manifests/site/reference-multi-tenant/target/workers/hostgenerator/host-generation.yaml View File

@ -0,0 +1,12 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: update with the worker hosts
- stl3r01s06
- stl3r01s02

+ 10
- 0
manifests/site/reference-multi-tenant/target/workers/hostgenerator/kustomization.yaml View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../function/treasuremap-cleanup

+ 4
- 0
manifests/site/reference-multi-tenant/target/workers/kustomization.yaml View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes

+ 8
- 0
manifests/site/reference-multi-tenant/target/workers/nodes/kustomization.yaml View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: worker

+ 31
- 0
manifests/site/reference-multi-tenant/target/workers/provision/kubeadmconfigtemplate.yaml View File

@ -0,0 +1,31 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: worker-1
spec:
template:
spec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.name }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
feature-gates: "IPv6DualStack=true"
files:
- path: "/etc/systemd/system/docker.service.d/http-proxy.conf"
content: |
[Service]
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
preKubeadmCommands:
# Restart docker to apply any proxy settings
- export HOME=/root
- systemctl daemon-reload
- systemctl restart docker
users:
- name: deployer
sshAuthorizedKeys:
- REPLACE_HOST_SSH_KEY
sudo: ALL=(ALL) NOPASSWD:ALL

+ 10
- 0
manifests/site/reference-multi-tenant/target/workers/provision/kustomization.yaml View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../catalogues
- kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml
- machinedeployment.yaml
transformers:
- ../replacements

+ 30
- 0
manifests/site/reference-multi-tenant/target/workers/provision/machinedeployment.yaml View File

@ -0,0 +1,30 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: worker-1
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
## NEWSITE_CHANGEME: update the below with the total number of worker nodes
replicas: 2
selector:
matchLabels:
cluster.x-k8s.io/cluster-name: target-cluster
template:
metadata:
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
version: v1.18.3
bootstrap:
configRef:
name: worker-1
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
infrastructureRef:
name: worker-1
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
---

+ 17
- 0
manifests/site/reference-multi-tenant/target/workers/provision/metal3machinetemplate.yaml View File

@ -0,0 +1,17 @@
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: Metal3MachineTemplate
metadata:
name: worker-1
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: worker
image:
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ip
url: http://172.63.0.11/images/control-plane.qcow2
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum

+ 20
- 0
manifests/site/reference-multi-tenant/target/workers/replacements/generated-secrets.yaml View File

@ -0,0 +1,20 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-generated-secret-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
- source:
objref:
name: generated-secrets
fieldref: "{.sshKeys.publicKey}"
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"

+ 5
- 0
manifests/site/reference-multi-tenant/target/workers/replacements/kustomization.yaml View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- workers-env-vars.yaml
- generated-secrets.yaml

+ 41
- 0
manifests/site/reference-multi-tenant/target/workers/replacements/workers-env-vars.yaml View File

@ -0,0 +1,41 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-env-vars-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTP_PROXY%"
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTPS_PROXY%"
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_NO_PROXY%"

+ 8
- 0
manifests/site/reference-multi-tenant/target/workload/kustomization.yaml View File

@ -0,0 +1,8 @@
resources:
- ../../../../type/multi-tenant/target/workload
- ../catalogues
transformers:
- ../../../../function/ingress/replacements
- ../../../../function/sip/replacements
- ../../../../function/synclabeller/replacements
- ../../../../function/vino/replacements

Loading…
Cancel
Save