diff --git a/manifests/site/reference-multi-tenant/ephemeral/bootstrap/baremetalhost.yaml b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/baremetalhost.yaml new file mode 100644 index 000000000..e88f98a7c --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/baremetalhost.yaml @@ -0,0 +1,22 @@ +# This patches the node02 BMH to be suitable for ephemeral purposes +apiVersion: metal3.io/v1alpha1 +kind: BareMetalHost +metadata: + annotations: + labels: + airshipit.org/ephemeral-node: "true" + airshipit.org/deploy-k8s: "false" + # NEWSITE_CHANGEME : ephemeral node name + name: stl3r01s02 +spec: + online: true + bmc: + # NEWSITE_CHANGEME: ephemeral node redhish api endpoint + address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1 +status: + provisioning: +# we need this status to make sure, that the host is not going to be +# reprovisioned by the ephemeral baremetal operator. +# when we have more flexible labeling system in place, we will not +# deliver this document to ephemeral cluster + state: externally provisioned diff --git a/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/host-generation.yaml b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/host-generation.yaml new file mode 100644 index 000000000..58c76f6aa --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/host-generation.yaml @@ -0,0 +1,11 @@ +# Site-level, phase-specific lists of hosts to generate +# This is used by the hostgenerator-m3 function to narrow down the site-level +# host-catalogue to just the hosts needed for a particular phase. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-generation-catalogue +hosts: + m3: + ## NEWSITE_CHANGEME: The ephemeral node name + - stl3r01s02 diff --git a/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/kustomization.yaml new file mode 100644 index 000000000..95cc7af5f --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/hostgenerator/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3 + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example + - ../../catalogues/ + - host-generation.yaml + +transformers: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements + - ../../../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/ephemeral/bootstrap/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/kustomization.yaml new file mode 100644 index 000000000..f4b02fca4 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/bootstrap/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../type/multi-tenant/ephemeral/bootstrap + - ../catalogues + +generators: + - hostgenerator + +patchesStrategicMerge: + - baremetalhost.yaml + +transformers: + - ../../../../type/multi-tenant/ephemeral/bootstrap/replacements diff --git a/manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md b/manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md new file mode 100755 index 000000000..edfffd775 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/catalogues/README.md @@ -0,0 +1,4 @@ +# Catalogue Definitions for Target Cluster + +This inherits Site-level catalogues from the neighboring target cluster's +`catalogues` kustomization, and tweaks a few values for the ephemeral cluster. diff --git a/manifests/site/reference-multi-tenant/ephemeral/catalogues/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/catalogues/kustomization.yaml new file mode 100644 index 000000000..5f99dd8a4 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/catalogues/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../target/catalogues +patchesStrategicMerge: + - networking.yaml diff --git a/manifests/site/reference-multi-tenant/ephemeral/catalogues/networking.yaml b/manifests/site/reference-multi-tenant/ephemeral/catalogues/networking.yaml new file mode 100644 index 000000000..4f006d734 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/catalogues/networking.yaml @@ -0,0 +1,24 @@ +# This makes a couple small networking tweaks that are specific to the +# ephemeral cluster, on top of the target cluster networking definition. +# These values can be overridden at the site, type, etc levels as appropriate. + +## NEWSITE_CHANGEME: update file with ephemeral node ips +apiVersion: airshipit.org/v1alpha1 +kind: NetworkCatalogue +metadata: + name: networking +spec: + kubernetes: + serviceCidr: "10.96.0.0/12" + podCidr: "192.168.0.0/18" + controlPlaneEndpoint: + # NEWSITE_CHANGEME: Ephemeral node oam ip + host: "10.254.125.231" + port: 6443 + # NEWSITE_CHANGEME: ephemeral node calico ip and pxe ip + apiserverCertSANs: "[172.64.0.12, 172.63.0.12]" + ironic: + # NEWSITE_CHANGEME: Ephemeral node PXE network + provisioningInterface: "eno4" + provisioningIp: "172.63.0.12" + dhcpRange: "172.63.0.31,172.63.0.126" diff --git a/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/host-generation.yaml b/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/host-generation.yaml new file mode 100644 index 000000000..3f45ad0d2 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/host-generation.yaml @@ -0,0 +1,11 @@ +# Site-level, phase-specific lists of hosts to generate +# This is used by the hostgenerator-m3 function to narrow down the site-level +# host-catalogue to just the hosts needed for a particular phase. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-generation-catalogue +hosts: + m3: + ## NEWSITE_CHANGEME: Target cluster first node + - stl3r01s01 diff --git a/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/kustomization.yaml new file mode 100644 index 000000000..95cc7af5f --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/controlplane/hostgenerator/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3 + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example + - ../../catalogues/ + - host-generation.yaml + +transformers: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements + - ../../../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/ephemeral/controlplane/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/controlplane/kustomization.yaml new file mode 100644 index 000000000..911dd9d45 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/controlplane/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../type/multi-tenant/ephemeral/controlplane + - ../../target/catalogues # NOTE: use target networking for this phase + # TODO (dukov) It's recocommended to upload BareMetalHost objects separately + # otherwise nodes will hang in 'registering' state for quite a long time + - nodes +transformers: + - ../../../../type/multi-tenant/ephemeral/controlplane/replacements diff --git a/manifests/site/reference-multi-tenant/ephemeral/controlplane/nodes/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/controlplane/nodes/kustomization.yaml new file mode 100644 index 000000000..cb965874e --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/controlplane/nodes/kustomization.yaml @@ -0,0 +1,12 @@ +# Note: this weird extra layer between the .. and ../hostgenerator +# is purely to apply the label below to the generated hosts. +# When can come up with a better way to declare (e.g. via catalogue) +# that the host is a controlplane host, we should get rid of this. +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +generators: + - ../hostgenerator + +commonLabels: + airshipit.org/k8s-role: controlplane-host diff --git a/manifests/site/reference-multi-tenant/ephemeral/initinfra-networking/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/initinfra-networking/kustomization.yaml new file mode 100644 index 000000000..75c3dbd13 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/initinfra-networking/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../type/airship-core/ephemeral/initinfra-networking diff --git a/manifests/site/reference-multi-tenant/ephemeral/initinfra/kustomization.yaml b/manifests/site/reference-multi-tenant/ephemeral/initinfra/kustomization.yaml new file mode 100644 index 000000000..f208ef6b5 --- /dev/null +++ b/manifests/site/reference-multi-tenant/ephemeral/initinfra/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../../type/multi-tenant/ephemeral/initinfra + - ../catalogues +transformers: + - ../../../../type/multi-tenant/ephemeral/initinfra/replacements diff --git a/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/host-generation.yaml b/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/host-generation.yaml new file mode 100644 index 000000000..4bba87f23 --- /dev/null +++ b/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/host-generation.yaml @@ -0,0 +1,18 @@ +# Site-level, phase-specific lists of hosts to generate +# This is used by the hostgenerator-m3 function to narrow down the site-level +# host-catalogue to just the hosts needed for a particular phase. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-generation-catalogue +hosts: + m3: + # Note: this list should be kept up to date with + # the full list of hosts in the cluster + ## NEWSITE_CHANGEME: list of all the hosts + - stl3r01s01 + - stl3r01s02 + - stl3r01s03 + - stl3r01s04 + - stl3r01s05 + - stl3r01s06 diff --git a/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/kustomization.yaml b/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/kustomization.yaml new file mode 100644 index 000000000..2acaa1c03 --- /dev/null +++ b/manifests/site/reference-multi-tenant/host-inventory/hostgenerator/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../airshipctl/manifests/function/hostgenerator-m3/ + - ../../target/catalogues + - host-generation.yaml + +transformers: + - ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements + - ../../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/host-inventory/kustomization.yaml b/manifests/site/reference-multi-tenant/host-inventory/kustomization.yaml new file mode 100644 index 000000000..0c3b6f854 --- /dev/null +++ b/manifests/site/reference-multi-tenant/host-inventory/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +generators: + - hostgenerator diff --git a/manifests/site/reference-multi-tenant/kubeconfig/kubeconfig.yaml b/manifests/site/reference-multi-tenant/kubeconfig/kubeconfig.yaml new file mode 100644 index 000000000..31ffc958d --- /dev/null +++ b/manifests/site/reference-multi-tenant/kubeconfig/kubeconfig.yaml @@ -0,0 +1,40 @@ +apiVersion: airshipit.org/v1alpha1 +kind: KubeConfig +metadata: + name: default + labels: + airshipit.org/deploy-k8s: "false" +config: + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t + ## NEWSITE_CHANGEME: update ip with the vrrp k8s ip + server: https://10.254.125.239:6443 + name: target-cluster + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + ## NEWSITE_CHANGEME: update ip with the ephemeral node oam ip + server: https://10.254.125.231:6443 + name: ephemeral-cluster + contexts: + - context: + cluster: target-cluster + user: target-cluster-admin + name: target-cluster + - context: + cluster: ephemeral-cluster + user: ephemeral-cluster-admin + name: ephemeral-cluster + current-context: "" + kind: Config + preferences: {} + users: + - name: ephemeral-cluster-admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K + - name: target-cluster-admin + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== diff --git a/manifests/site/reference-multi-tenant/kubeconfig/kustomization.yaml b/manifests/site/reference-multi-tenant/kubeconfig/kustomization.yaml new file mode 100644 index 000000000..bae56b0ba --- /dev/null +++ b/manifests/site/reference-multi-tenant/kubeconfig/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - kubeconfig.yaml + - ../target/catalogues + +transformers: + - update-target.yaml + - ../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/kubeconfig/update-target.yaml b/manifests/site/reference-multi-tenant/kubeconfig/update-target.yaml new file mode 100644 index 000000000..f47e28ba2 --- /dev/null +++ b/manifests/site/reference-multi-tenant/kubeconfig/update-target.yaml @@ -0,0 +1,69 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: k8scontrol-cluster-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2.0.2 +replacements: +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.certificate-authority-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.client-certificate-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.targetKubeconfig.client-key-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.certificate-authority-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-certificate-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"] +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.ephemeralKubeconfig.client-key-data}" + target: + objref: + kind: KubeConfig + name: default + fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"] diff --git a/manifests/site/reference-multi-tenant/metadata.yaml b/manifests/site/reference-multi-tenant/metadata.yaml new file mode 100644 index 000000000..41b721e75 --- /dev/null +++ b/manifests/site/reference-multi-tenant/metadata.yaml @@ -0,0 +1,6 @@ +phase: + docEntryPointPrefix: manifests/site/reference-multi-tenant + path: manifests/site/reference-multi-tenant/phases + +inventory: + path: manifests/site/reference-multi-tenant/host-inventory diff --git a/manifests/site/reference-multi-tenant/phases/kustomization.yaml b/manifests/site/reference-multi-tenant/phases/kustomization.yaml new file mode 100644 index 000000000..aaa757c13 --- /dev/null +++ b/manifests/site/reference-multi-tenant/phases/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../kubeconfig + - ../../../type/multi-tenant/phases +## TODO Consider making a catalogue combined with variable substitution instead +patchesStrategicMerge: + - phase-patch.yaml diff --git a/manifests/site/reference-multi-tenant/phases/phase-patch.yaml b/manifests/site/reference-multi-tenant/phases/phase-patch.yaml new file mode 100644 index 000000000..eb575453b --- /dev/null +++ b/manifests/site/reference-multi-tenant/phases/phase-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: airshipit.org/v1alpha1 +kind: BaremetalManager +metadata: + name: RemoteDirectEphemeral +spec: + hostSelector: + ## NEWSITE_CHANGEME: ephemeral node + name: stl3r01s02 + operationOptions: + remoteDirect: + ## NEWSITE_CHANGEME: URL to the ephemeral node iso + isoURL: http://10.254.195.209/ephemeral.iso diff --git a/manifests/site/reference-multi-tenant/target/catalogues/README.md b/manifests/site/reference-multi-tenant/target/catalogues/README.md new file mode 100755 index 000000000..2cf4557b1 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/README.md @@ -0,0 +1,5 @@ +# Catalogue Definitions for Target Cluster + +This inherits Type-level catalogues, and adds in Site-specific values. +The neighboring ephemeral cluster's `catalogues` entrypoint applies further +customizations on top of this for ephemeral use. diff --git a/manifests/site/reference-multi-tenant/target/catalogues/hosts.yaml b/manifests/site/reference-multi-tenant/target/catalogues/hosts.yaml new file mode 100644 index 000000000..b0a39c666 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/hosts.yaml @@ -0,0 +1,96 @@ +# Site-level host catalogue. This info feeds the Templater +# kustomize plugin config in the hostgenerator-m3 function. + +## NEWSITE_CHANGEME: update the whole file with the site specific host details +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-catalogue + labels: + airshipit.org/deploy-k8s: "false" + +hosts: + # NEWSITE_CHANGEME: update with the site specific host details for all hosts + m3: + stl3r01s01: + bootMode: legacy + macAddress: E4:43:4B:EE:F4:CB + bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.230 + pxe-ipv4: 172.63.0.11 + storage-ipv4: 172.62.0.11 + calico-ipv4: 172.64.0.11 + hardwareProfile: default # defined in the hostgenerator-m3 function + stl3r01s02: + bootMode: legacy + macAddress: E4:43:4B:EE:B0:43 + bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.231 + pxe-ipv4: 172.63.0.12 + storage-ipv4: 172.62.0.12 + calico-ipv4: 172.64.0.12 + hardwareProfile: example # defined in the hardwareprofile-example function + stl3r01s03: + bootMode: legacy + #macAddress: E4:43:4B:EE:D7:B8 + macAddress: E4:43:4B:EE:D7:D9 + bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.232 + pxe-ipv4: 172.63.0.13 + storage-ipv4: 172.62.0.13 + calico-ipv4: 172.64.0.13 + hardwareProfile: default # defined in the hardwareprofile-example function + stl3r01s04: + bootMode: legacy + #macAddress: E4:43:4B:EE:D7:B8 + macAddress: E4:43:4B:EE:DD:0F + bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.233 + pxe-ipv4: 172.63.0.14 + storage-ipv4: 172.62.0.14 + calico-ipv4: 172.64.0.14 + hardwareProfile: default # defined in the hardwareprofile-example function + stl3r01s05: + bootMode: legacy + #macAddress: E4:43:4B:EE:D7:B8 + macAddress: E4:43:4B:EE:D7:2F + bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.234 + pxe-ipv4: 172.63.0.15 + storage-ipv4: 172.62.0.15 + calico-ipv4: 172.64.0.15 + hardwareProfile: default # defined in the hardwareprofile-example function + stl3r01s06: + bootMode: legacy + #macAddress: E4:43:4B:EE:D7:B8 + macAddress: E4:43:4B:EE:F3:B7 + bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1 + bmcUsername: root + bmcPassword: WWTwwt1! + disableCertificateVerification: true + ipAddresses: + oam-ipv4: 10.254.125.235 + pxe-ipv4: 172.63.0.16 + storage-ipv4: 172.62.0.16 + calico-ipv4: 172.64.0.16 + hardwareProfile: default # defined in the hardwareprofile-example function diff --git a/manifests/site/reference-multi-tenant/target/catalogues/kustomization.yaml b/manifests/site/reference-multi-tenant/target/catalogues/kustomization.yaml new file mode 100644 index 000000000..9627d48f8 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../../type/multi-tenant/shared/catalogues + - hosts.yaml + - ../generator/results + - storage.yaml + +patchesStrategicMerge: + - versions-airshipctl.yaml + - networking.yaml + - networking-ha.yaml diff --git a/manifests/site/reference-multi-tenant/target/catalogues/networking-ha.yaml b/manifests/site/reference-multi-tenant/target/catalogues/networking-ha.yaml new file mode 100644 index 000000000..305bee7a1 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/networking-ha.yaml @@ -0,0 +1,19 @@ +# This catalogue alone needs to be overriden at site level based on the +# networkign requirement like HA + +## NEWSITE_CHANGEME: Update the file with the vrrp ips +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: networking-ha + labels: + airshipit.org/deploy-k8s: "false" +vrrp: + # NEWSITE_CHANGEME: Update kubernetes virtual ip and OAM interface + kubernetes: + interface: bond0.61 + virtual_ipaddress: 10.254.125.239 + # NEWSITE_CHANGEME: Update ingress virtual ip and OAM interface + ingress: + interface: bond0.61 + virtual_ipaddress: 10.254.125.240 diff --git a/manifests/site/reference-multi-tenant/target/catalogues/networking.yaml b/manifests/site/reference-multi-tenant/target/catalogues/networking.yaml new file mode 100644 index 000000000..974216d52 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/networking.yaml @@ -0,0 +1,120 @@ +# This makes a couple small networking tweaks that are specific to the +# ephemeral cluster, on top of the target cluster networking definition. +# These values can be overridden at the site, type, etc levels as appropriate. + +apiVersion: airshipit.org/v1alpha1 +kind: NetworkCatalogue +metadata: + name: networking + +spec: + # The catalogue should be overridden as appropriate for different kubernetes + # clusters, e.g. ephemeral vs target vs tenant + kubernetes: + serviceCidr: "10.96.0.0/12" + podCidr: "192.168.0.0/18" + controlPlaneEndpoint: + # NEWSITE_CHANGEME: below is the vrrp kubernetes virtual ip + host: "10.254.125.239" + port: 6443 + # NEWSITE_CHANGEME: first controller node calico ip and pxe ip + apiserverCertSANs: "[172.64.0.11, 172.63.0.11]" + ironic: + # NEWSITE_CHANGEME: update the first controller node PXE network information + provisioningInterface: "eno4" + provisioningIp: "172.63.0.11" + dhcpRange: "172.63.0.31,172.63.0.126" + commonHostNetworking: + links: + # NEWSITE_CHANGEME: PXE network, untagged + - id: eno4 + name: eno4 + type: phy + mtu: "1500" + # NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 1 port 2; the first NIC in the bonded interface + - id: enp94s0f1 + name: enp94s0f1 + type: phy + mtu: "9100" + # NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 2 port 1; the second NIC in the bonded interface + - id: enp134s0f0 + name: enp134s0f0 + type: phy + mtu: 9100 + - id: bond0 + name: bond0 + type: bond + # NEWSITE_CHANGEME: update the bond link interface name + bond_links: ["enp94s0f1", "enp134s0f0"] + bond_mode: 802.3ad + bond_xmit_hash_policy: layer3+4 + bond_miimon: 100 + mtu: 9100 + # NEWSITE_CHANGEME: OAM network + - id: bond0.61 + name: bond0.61 + type: vlan + vlan_link: bond0 + vlan_id: 61 + mtu: 9100 + vlan_mac_address: null + # NEWSITE_CHANGEME: Storage network + - id: bond0.62 + name: bond0.62 + type: vlan + vlan_link: bond0 + vlan_id: 62 + mtu: 9100 + vlan_mac_address: null + # NEWSITE_CHANGEME: Calico network + - id: bond0.64 + name: bond0.64 + type: vlan + vlan_link: bond0 + vlan_id: 64 + mtu: 9100 + vlan_mac_address: null + # unused for now + - id: bond0.65 + name: bond0.65 + type: vlan + vlan_link: bond0 + vlan_id: 65 + mtu: 9100 + vlan_mac_address: null + networks: + # NEWSITE_CHANGEME: OAM network + - id: oam-ipv4 + type: ipv4 + link: bond0.61 + # ip_address: + netmask: 255.255.255.224 + routes: + - network: 0.0.0.0 + netmask: 0.0.0.0 + gateway: 10.254.125.225 + # NEWSITE_CHANGEME: PXE network + - id: pxe-ipv4 + type: ipv4 + link: eno4 + # ip_address: + netmask: 255.255.255.128 + # NEWSITE_CHANGEME: Storage network + - id: storage-ipv4 + type: ipv4 + link: bond0.62 + # ip_address: + netmask: 255.255.255.128 + # NEWSITE_CHANGEME: Calico network + - id: calico-ipv4 + type: ipv4 + link: bond0.64 + # ip_address: + netmask: 255.255.255.128 + services: + # NEWSITE_CHANGEME: DNS servers + - address: 8.8.8.8 + type: dns + - address: 8.8.4.4 + type: dns + diff --git a/manifests/site/reference-multi-tenant/target/catalogues/storage.yaml b/manifests/site/reference-multi-tenant/target/catalogues/storage.yaml new file mode 100644 index 000000000..fa6998c27 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/storage.yaml @@ -0,0 +1,16 @@ +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: storage + labels: + airshipit.org/deploy-k8s: "false" +spec: + storage: + useAllNodes: false # We define per node/per device configuration below + useAllDevices: false # We define per node/per device configuration below + nodes: + - name: stl3r01s05 + deviceFilter: "^/dev/sd[bc]" + - name: stl3r01s06 + deviceFilter: "^/dev/sd[bc]" +--- diff --git a/manifests/site/reference-multi-tenant/target/catalogues/versions-airshipctl.yaml b/manifests/site/reference-multi-tenant/target/catalogues/versions-airshipctl.yaml new file mode 100644 index 000000000..a948d69a6 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/catalogues/versions-airshipctl.yaml @@ -0,0 +1,16 @@ +# Override default controlplane image location + +## NEWSITE_CHANGEME: update the file with the ephemeral node pxe ip +apiVersion: airshipit.org/v1alpha1 +kind: VersionsCatalogue +metadata: + name: versions-airshipctl + +spec: + files: + k8scontrol: + # Host the image in a locally served location for CI + # NEWSITE_CHANGEME: update the url with the ephemeral node pxe ip + cluster_controlplane_image: + url: http://172.63.0.12/images/control-plane.qcow2 + checksum: http://172.63.0.12/images/control-plane.qcow2.md5sum diff --git a/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/host-generation.yaml b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/host-generation.yaml new file mode 100644 index 000000000..317c26f47 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/host-generation.yaml @@ -0,0 +1,13 @@ +# Site-level, phase-specific lists of hosts to generate +# This is used by the hostgenerator-m3 function to narrow down the site-level +# host-catalogue to just the hosts needed for a particular phase. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-generation-catalogue +hosts: + m3: + ## NEWSITE_CHANGEME: update with the list of controlplane hosts + - stl3r01s01 + - stl3r01s04 + - stl3r01s05 diff --git a/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/kustomization.yaml b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/kustomization.yaml new file mode 100644 index 000000000..45d84a80c --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3 + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example + - ../../catalogues + - host-generation.yaml + + +transformers: + - ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements + - ../../../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/patchesstrategicmerge.yaml b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/patchesstrategicmerge.yaml new file mode 100644 index 000000000..55983d57b --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/hostgenerator/patchesstrategicmerge.yaml @@ -0,0 +1,41 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: smp +patches: |- + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: hardwareprofile-example + $patch: delete + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: host-catalogue + $patch: delete + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: host-generation-catalogue + $patch: delete + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: networking + $patch: delete + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: env-vars-catalogue + $patch: delete + --- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: versions-airshipctl + $patch: delete diff --git a/manifests/site/reference-multi-tenant/target/controlplane/kustomization.yaml b/manifests/site/reference-multi-tenant/target/controlplane/kustomization.yaml new file mode 100644 index 000000000..ae8fcf2aa --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - nodes + #- ../../../../../../airshipctl/manifests/function/k8scontrol + - ../../../../function/k8scontrol-ha + - ../catalogues + - metal3machinetemplate.yaml + +patchesStrategicMerge: + #- versions-catalogue-patch.yaml + - patch_controlplane.yaml + +transformers: + #- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements + - ../../../../type/multi-tenant/ephemeral/controlplane/replacements diff --git a/manifests/site/reference-multi-tenant/target/controlplane/metal3machinetemplate.yaml b/manifests/site/reference-multi-tenant/target/controlplane/metal3machinetemplate.yaml new file mode 100644 index 000000000..2b8f3500b --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/metal3machinetemplate.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 +kind: Metal3MachineTemplate +metadata: + annotations: + config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml + name: cluster-controlplane-2 +spec: + template: + spec: + hostSelector: + matchLabels: + airshipit.org/k8s-role: controlplane-host + image: + ## NEWSITE_CHANGEME: update the below ips with the first target node pxe ips + url: http://172.63.0.11/images/control-plane.qcow2 + checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum + + diff --git a/manifests/site/reference-multi-tenant/target/controlplane/nodes/kustomization.yaml b/manifests/site/reference-multi-tenant/target/controlplane/nodes/kustomization.yaml new file mode 100644 index 000000000..512dc07c8 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/nodes/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +generators: + - ../hostgenerator + +commonLabels: + airshipit.org/k8s-role: controlplane-host diff --git a/manifests/site/reference-multi-tenant/target/controlplane/patch_controlplane.yaml b/manifests/site/reference-multi-tenant/target/controlplane/patch_controlplane.yaml new file mode 100644 index 000000000..e0e8727d5 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/patch_controlplane.yaml @@ -0,0 +1,11 @@ +kind: KubeadmControlPlane +apiVersion: controlplane.cluster.x-k8s.io/v1alpha3 +metadata: + name: cluster-controlplane +spec: + replicas: 3 + infrastructureTemplate: + kind: Metal3MachineTemplate + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 + name: cluster-controlplane-2 + diff --git a/manifests/site/reference-multi-tenant/target/controlplane/versions-catalogue-patch.yaml b/manifests/site/reference-multi-tenant/target/controlplane/versions-catalogue-patch.yaml new file mode 100644 index 000000000..ebf276bb4 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/controlplane/versions-catalogue-patch.yaml @@ -0,0 +1,15 @@ +# Patch the versions catalogue to use the site-specific local image URL +# TODO: patch this in from a site-networking catalogue in the future +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: versions-airshipctl +spec: + files: + k8scontrol: + # Host the image in a locally served location for CI + cluster_controlplane_image: + ## NEWSITE_CHANGEME: update with the first target node pxe ip + url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img + checksum: "e0d74d3d37e70e4eec1b204f8402ed3c" + diff --git a/manifests/site/reference-multi-tenant/target/generator/README.md b/manifests/site/reference-multi-tenant/target/generator/README.md new file mode 100644 index 000000000..633ba6e85 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/README.md @@ -0,0 +1,32 @@ +# Secrets generator/encrypter/decrypter + +This directory contains an utility that helps generate, encrypt and decrypt +secrects. These secrects can be used anywhere in manifests. + +For example we can use PGP key from SOPS example. +To get the key we need to run: +`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc` + +and import this key as environment variable: +`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"` + +## Generator + +To generate secrets we use [template](secret-template.yaml) that will be passed +to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate` +execution. + +## Encrypter + +To encrypt the secrets that have been generated we use generic container executor. +To start the secrets generate phase we need to execute following phase: +`airshipctl phase run secret-generate` +The executor run SOPS container and pass the pre-generated secrets to this container. +This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated). + +## Decrypter + +To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml). +It will run the decrypt sops function when we run +`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins +manifests/site/test-site/target/catalogues/` diff --git a/manifests/site/reference-multi-tenant/target/generator/kustomization.yaml b/manifests/site/reference-multi-tenant/target/generator/kustomization.yaml new file mode 100644 index 000000000..dd34750a4 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/kustomization.yaml @@ -0,0 +1,2 @@ +generators: + - override diff --git a/manifests/site/reference-multi-tenant/target/generator/override/kustomization.yaml b/manifests/site/reference-multi-tenant/target/generator/override/kustomization.yaml new file mode 100644 index 000000000..3c7828449 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/override/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- ../../../../../type/multi-tenant/target/generator/ diff --git a/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/configurable-decryption.yaml b/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/configurable-decryption.yaml new file mode 100644 index 000000000..92bb4a337 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/configurable-decryption.yaml @@ -0,0 +1,28 @@ +apiVersion: airshipit.org/v1alpha1 +kind: Templater +metadata: + name: secret-template + annotations: + config.kubernetes.io/function: | + container: + image: quay.io/airshipit/templater:v2.0.2 + envs: + - TOLERATE_DECRYPTION_FAILURES +template: | + {{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }} + apiVersion: v1 + kind: ConfigMap + metadata: + name: my-config2 + annotations: + config.k8s.io/function: | + container: + image: gcr.io/kpt-fn-contrib/sops:v0.1.0 + envs: + - SOPS_IMPORT_PGP + data: + ignore-mac: true + cmd: decrypt + {{- if eq $tolerate "true" }} + cmd-tolerate-failures: true + {{- end }} diff --git a/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/kustomization.yaml b/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/kustomization.yaml new file mode 100644 index 000000000..4a4ef5320 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/results/decrypt-secrets/kustomization.yaml @@ -0,0 +1,2 @@ +generators: + - configurable-decryption.yaml diff --git a/manifests/site/reference-multi-tenant/target/generator/results/generated/secrets.yaml b/manifests/site/reference-multi-tenant/target/generator/results/generated/secrets.yaml new file mode 100644 index 000000000..eca222558 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/results/generated/secrets.yaml @@ -0,0 +1,49 @@ +apiVersion: airshipit.org/v1alpha1 +ephemeralClusterCa: + crt: 'ENC[AES256_GCM,data:6uQzsPDu52M507lC9AWv/j70+JefIZ1N/R5ZKTtKMYxwQWVTFn6vXJrT1Sn62gqS3BrtXD6ZXOH3g5ISETgVNHfG5c8VuXlx3cg5MVDPJl8aGWD2MnoG3mcfAiotoKMF1cPTIJFVw8C1GFOINTM9AmVYzxURs5CHsi4pkSSYShLivy5OEm1dSMyV5X+uAndEyAChMQoBp2fq0cuMu16o80s0SpRo0KB3CfVCKjaaajLZtKadpGt90UgpTUdTRIofQyNucaEmqLQbEZw/SwN1jK88ulC/vtHoKZuxDZtk4clITqiTqTAiepjHlmyTpo6PK+HvM2K+ZIWRCzKy3NTtS4iOEL1kVfWtbE5Zemqwh6hDuHH/IuvjIxcx6twZFOEy7+iqsAhxYZYMXqaUHPIMbAw0jguqMc0Li5pjlwGR8pIxT+VdZ/oQV6E4t/enpEVJ/8vrIJ5fu/1rbV8s2vHgxFHO/r740Do1UVNjbq9CMxEAqi4sTUaNNYBxRIqfXGsjOsosolIMy1YmTfoDJ7iqf5do1eVOId6gWeBJQYwQR3YLzk2j+MzN+GRZUMXYAspE/FmAbytaKnk8AVHL5AqklsbDHmDimc4hee3VmNSQBiNDUbIj6vD9R9PuyPDO7IDs4cZxcyFwfgq/z6LT5GwEh/pmT8bIIb96fTAeWkkLA/XvaTuT3xqzrT7NBl8trlLLGsqct5/07o4QdbGBRtFc4wL6LDyq8MF5pHU/PRcgOl41E+2KECSdrJBJltRvOE73sd78nkkCq2O/dMSRKpb2sPW9K3IQYlCurpShYGP1a+p2H50O7/GGz7+E+4rymzJ933IWA4T0YNFWZ4EFDsGccDxDC3r71iX/9xd19xvZZWU1JowQ1OcPzTdpa1YhDIuqgKeIekatKEtLDhXHsaIbA5CXKg4Ew6BOx2lBLMgx1RnlReIAzzWnYyYb03awHJIKpfM+mKDSN1kQ6Oc5iLmKshFqCB270+KMna+r2hdvnXqhtTkM/pZge5QCIrtGkPc0jqHXF+0UutVuTVk5dejhqdeT3ITYP6eZj+/CPBm1a1Ms/haPJc9SA6r9yJUWKthJQCGReey7glzVzHs8FtbcZqr/xDDMYCDT84GNIo4RlsCqm4EXR8cpumkP8YVMQOzCSuWmS6NYDk7JrSRYiO5cdl99PDrSGNyVj6LSEJuDkkfuiFHR1SbqLhwNDtSoheHMtBJ6rmqPsGRe6UhkOETU5RkNiPAubJfqAGGl4OgWNcKIM+Wea5d+MYJPpXPbLCvN8eWIo3VyhO+lhnwUxle2Vp0sR3XoPNsnU013O6GmsmNvTnqa/CHGjDinL7hQioBZpzx14+IeHPMoHLjoL7bStJqoSYoC4sPnI1F7Zo7KEXaybwqW2A7oIoCOsLkqO3PP+LaR8aZBtWmQZ/buchWVOT1D6vwowAjbrfYmGuU0VZiY74TuX53JS3KCJ+sn04CwHZBpoHoAAmy9Yo1bfuzOlI0XGxWP8jGBwzQtJddoBEV5ziussvfYSHDDLF6CL1IRWwjj9YHz2w+8IzA232aMO2eRR4+TbbmOzI57WzlVsd7nBN63lPfPtne6MBtxiQuq2pALqHP897a0DocuuAI0xfaO5YYrLQ215lb4DxIR8764T6bNMdcHBo7/TgZfs+QS4B72WM1p19jCHRxAan0cJ+knKUERE5koJyshdbl8cRJ4kL2amk5mT27Q5Ek5mNHnwE6nrrHQXK4VrDG3v4IfgRQ6wP6525RUsjrWGvxCj8Am8JXtO13JfwMpEcWTZK86cMDAYXXLiu1KOlx295qnrWaJzknRzY+Nb2DYsoDe92zs7fgy3A7d4JRGZkjsCV45EYxXdUpSlRaMCj16urJ/BrdmbJ6ccw/PKDqxnWY7JQ4NFAoEC/BrgHpSKBT53xku2Nxmz8ktt4AvTb59rjjfAEkMDjCaLmGz+RKIBQ==,iv:aKqk4ruA0/QtbBFnr6mBidCrnEY2uQ64swqO+SysFkc=,tag:Uzt+Eu7l1mf8DzJr4E+KWw==,type:str]' + key: 'ENC[AES256_GCM,data:U0U76Jf7YNIqMRoWrlYcOpi74tYKflDwE6wh85Mj85f/bBMrY2WdmOFmqiL61v02SBahXnBCHrQw1wSBxmqAdP26W4kSLL94NYBFUvwJIQwbKU/Cz7sQpiEYFWRuc2De0N4ibzS6//vINSMV+yi/G1aSbpOlxzfSH2upFcH2yGa36erkLgdY7AsoW/YOOUMYWLWsgsXUkXnkzu0+44nLyGOJwnuLW5gb6/Ci+RWKklKfI69pe1Wkb8Av6zNhI29CnzwFclkVX6I1PWkvouayLusrzo7nwy7mHxbI8j4Xfq9YNb8jSg9nS2ibK9LtQ5BzcPAa7BlP6NGavCu0OJauQ0sgw124kaWsG77QmpxFiT0TdvqnTVu3vEI3f/XZG2c/sWXVA8FGZ31F38mM68KsDMlusXs3hUOJf7QaUw+0MeK8lmz8t3vI0UANXRMSt2fEVBaho4JoTsbgZSvTD/RZ6YwI2a1uoPdNKPh7F8i0rLOaCNgPLVoKAcV3M2mEhodJNZAI0ifa7sdQuWNQ0fbPwGh+dXLKQ8PNjdXMgn9JINLYRKDRD+eRFWPV/WuwepSjtD88LGJmQ66GjnCqXAOFo5RcHmPEIYM5o0x5wqf/ibmgheuUUBJVnNvgH2ZVqMH8oNyr3OfGxfgEItvA7LgQ6ao1ympnCnXZvpu0m04UqNmebsuEnqH2EB/MIBk/5UjyMHTt4X52S0RpmXU8CDZKj9Xk9VFDCcmWnEowMHl9i2CjRwMb0g0b8fC9A4N6P9SbzKX7usUJsa1tSkra+Dn3C7vprOunvE1fQiQM++K2KixP0OjeP7TbAyMkHTszrfxdvJT7V6Rb90behJaaDb1pZAva1SMQ0vudV844t+NLi96VsqpNptx7AKhzSsRrzz2kuhdVf1dr1JinR4h4cVSwQCjZCcxLDt8do/d6BgHuvHWQBBGOM4AqMOyIKGm3G0ZiW6j3WiCPmiWou/6cRFu2AqgVWgRludtcgZaTs/p5k5gVFVzNtkocfg4hluP0zk/zJeOdU2zZ/XuxDuNeA4MBHTZ4qzzKgMLVMiMWsQ927d7J2h9w6kvmoXKrKZH/oB0R4a2pDYiBpag8DOm8P76uLeaKlgj9EQH2eK1KO2998mZwDGS91HWl4O58SjSENBZFr/thgzqFk+2C80/abMjofziXrsefuJOYP8L5LXTGyV11qsjV0HDRZhlcvsIW2q66t91lW7WNzYoxDBNQJPq1nSEewF3tvDT4BhtDAjioO5fVVyUyI7bAxRcCZ+E3wjDF7uw7yngbyHP4spYU6xi4kJhQEXvBOqFt1N/aY7etlfCn4daMNQK6u385XIcSAq/HgC0D3jqJTil7HyxF21fwQCorK/G24ELzjW0SfYUFDHAeUKj1VkU2GqAO0uCGklcx3wpcH6QvSQMGid8yRbEketsXw+H0CBloWAptdLOZj9LhwR0lXlvooYuDGTEoQ4SXx37kscRDcpWggW6NA21wIwQM5aX4kuhvvsdEpOEd4lUdH4LGdnRTHCdldFK0NxTuGuf8swEDYbVUjUHwMHIzmtNG5SmKahPMwEzg2YIV1BU8z+nXbT2XaOUD7hXfpWdGx0BkQIeIZL6bNJMDuvmjtaoDq5CywmyOIkrQqSEGDNyCQJLGBGPD1QjfkRbtmtB2gVyyQTuPqI3hjOuSZ8ZBiTExkXYQvK3eNrij7B9n6q43pOjJ9zaoHjHx6sMcBMF8qcSNo7xoD5Xd0Owv6USL+tz+n5zcnu4PKnYg1ZdfzxcQbwKUZ21SEVGW+ZU8KpNtHjWB7oQ8MTD5wjpqsUzgYdkBypNcRWBgmzCsZwcxR0LU3qRGDGe9eSHyk9JRgzDuWfmlFsOb4UHZQW3SRY16xokFaXcpcu002GX0n/puS60fLsUr5/raEBF9vCPC4miucCQ7wJ7cCzsRc2fBx2osiMiTCDPmVK9QpxmQ/4fMnOZo4ocAF7cSesqZvPsOo086K2OeU3vr0kQhtFTYojFGM04zhd+d87V9GiYUR8ABwAqaqg4Xk1gh/oputa7e/y7NsByv0DCKOQxw4uKDNBf02WvmUnGK0w6ka6ZQmT5+GndTY/DdUvxXTUZqoGZf0TPZS7PrJFWmkUn9hwqIlSTNtY1WwkwWSbvKTswe1sgfL4Zs6u0tecPiIebRIYopNlDSMbk0LnKLo68Xg2zxV0bKU1iyMzyobh8/mhLIVAo7NS1za6ksH2km9dG1IUjVJIxtHjZqQ2BgOcbLEqEA1+J2tuKxc/lHqR39OxwDObei4bpXJqfWPEG4mHVGFMNWkj7H11cnBmX+GWEbEBXarQCZezRh++WROFmmylfdy+QlzD+bwxT4A37a/djWY0n27XdRwVA2nVGdBzi8aBSFws/lOaaGHJnpotFw9xjUuXI8uiN1eGhaWCzU2VBWYNutjKBJOefLYf7ahpjphUv6W7uYX+15leuWK5RuCwL1G/PmjdLNMzynhxgNmW+xvmNI7WrqLrfGciOqkxPirUq2tzvXdCAHDanS7Ckui04tEswwuxyaY0PMf11ku9XzVX7rn/OhxjYjck7D7O9S5SYWI+5u20Vjrv+gIYPI/YSLPNxacmk4GYWUGkafSRgDg180JUtKDmquaz/rZVUBC7wVnJV/Tv2aTs+iZbWhiGqY/4wepo19Lxzd6wBQNPfrN+d+BjTDVmPaCy88lloXWJBsTIuWz7mmANV/LMkNYSA5poCL7rRlbvgaOsaxBQ1yslmJ25G9oaLU0mj6SEfoK9/aZchAmBB8u9s7DzQLaW9HmfgHcLuU1XyWRm1nIeFFqrbBnS0fdEOTkExXI92+vRlM4DbqdMOtpZcZsUMiXvKKFRGhuZRxbY8HujqLHD+298Fk6y+GjcH8+Yfm5euDLp97/tImUqjUb2Fqdw/7aJKrR7zzWHPp/rbJtDUKoW1lvHaK37+eT9MF23Dl4Dteu6ouPGjaY3z/EUINU2J8E7HuwNjdQiw=,iv:x2TJ7k9fVfblb/WZrUP6lgc4xWg4Fop2T6oNfI6G7rY=,tag:MTLldXBFI16om6D5cDNcuA==,type:str]' +ephemeralKubeconfig: + certificate-authority-data: 'ENC[AES256_GCM,data:Mx3R3AOO/a51bRTZ0lrp2KoSsQHaiVByXi8OuRkL+Ka2h0dt0PuJ+0XmvJNPUjc8Iw2DQ5MsvZ4AhbrNcaTV63ZH7HpeR1V/bFbqj2T0QzHVCzuZlpjW2GFkzMaDBFSCFmeLhB7KsK0chTkvIccd9VhSrwA4wukgY2Wy9r9WSBeZghV6yteVwIANz5qLTL2qalq73IYFbMGkQhhsc0sKw1X6CLSfz/1Cm5r5MNWtGnrnZTAVLQeF7ZcryqloMwRlDUBblWoM4oDIiA1UmpLmzCzOgNxAkNF2p3ci0WXxYtCDyX21lcYhDFOk83lYmIzUl/ufjJYdEWCfEoUk0Tsz8LusCsjm03vn3pPCpwaBfboFw4DisAkfh/nmvKd1rO7nrcWK0yrSjaNuqoGxW7I+GpFoeXtiyYKMk8konHy8r+U91kLW419lQ8iWxiQ1RyK2tgNj/3mzx6EZ6VnKbz7D0IA5+1KVXPOtF4TGQJD7VHb/xZhkTAy+XxoDgbMMS1EqfgFVS+/Rqp+V19VUjOiQg4WMleQoWT59xh78oBZFKXElK2neDmym2YLASeLs8nKprjWAVdlUAb4zX/AqRdky/+am402ifzzWDXe6IOh9Q6l0ZUPM+S2D99yG+JVlTtvtcmtmGu1ZneS8DgpEMMh70kGv0nr24YbhL0eJMmkZbIayiWMjsNkMk4JGzkZi0a4OpopUkrO4R5l+smVkNHtWxhxUy/8sUqzqNyGtzS6b8ygB6NEd1uTf52CqltyV1+ZOZdl/Qkb8a4BtwYdbb/kOteO9SFUv6kaUabaFyUCAo/EoxqraIREnmuJCFnIp8h1TzWN8om8UdBsZdPKlg1nv71WqxL1ZnZ8LgRClD/6dtSCcq8caECH0l2sP5dmctx6IPQJd/YUDW4RbLX9NQqCRlx6LR0jv5lN5I5Qr//07k5KDieNku6+uBnS3LMzgKKbN6swMjT1TMje4XEuolaiDjKAcsMb/tEJFwDYfSROcs5vylLJDwZ/DIo5m/c46i9hJJgzKHs1PpNXX0bbWR/M3Pk7fARF+hirdk7971FoILWcRTQZo2UMF8QJPh3MQRs3dOKIPMugDNTan6ftnjA0+hzwr94TknYGCEv+XH4Y61nWGZiTcv2tCt9JCGdXNARZLc3RtporxCtiAE8fMol9oso7x5sMqmuALl+iLfjpqzUHoXNJ9slipLH1RWDisGJXSQkEgrQ9h6bhUaOzuUeauYxnZBETfBZBmSoah2NDOOGcywGDDo03sRleaRVguxSZvftWtUb6RhHSj96qDbh+urbdW1PhfKs6M//XBMmLw5zlulYXqMaDvHeBRL4mSf+ZKNCFFCC/RJxGuT6hcuWOBwe0ZdCugvkVaJgqx32Fyd/YpHDPlFZEQb8/T0wP9M55jLg5Vm3voDzA02+UIZZFkSqbT5ZrmP+ScXE7HCFXLFBA3TBh8N1f5obuH0rbENvYFkBlEtIaAU2FkhPCpHJworrrIdpq/byQB9Jj8X+yhBh4y2vdSGT9faUDUB0S0v1fiD92IXJKzPKlpId3a4/bXXGl9tTVSQ01lPGSJf9/s2WyrRf6lhPuKY+bapWcs8ydNWGYhCccmZ4OHaOPbwGwks7l9RLTjDJzTr3ntnDI2DnbVENKdhuAEkavoElmgGSMscA/8sseX9FeuZLBvI4fKyNE4F9ZzAhUWe8JYulnw+oimizCLCAC+t9Inixda+dLZWJLbUEg17zvB5dS/aMZhO3dFUjn1/jGO2zbZo/SxjaHyi/WQFr5mZcLvwU+Zdyt+TRAbcV9sOy2tWUDp/xlRYAYqdeRBMly0lAoItUfa+jftUtR17l23i7UcMLs68hZ1NyuoEhKKDteRW8epgsbjmPfq8a04SPBW1XBZ8ujubf+UxMhTlvXdXKCQ5lIvlZE81Ezk3PuRfKXiK2ckCHjzyxE09pWkZXESAmdqKg==,iv:1WkqcxzVLVfrmBMCTZ48q9JLRpEkBgioGatSU3j+WQ4=,tag:VmKsG18InwFczeME1PUlZw==,type:str]' + client-certificate-data: 'ENC[AES256_GCM,data:85hKBjZyixCRv4c7zptdAeh0p8a4F+yYXssxGUfhYNwfYAY4DTHAxoLsYeNcy2ZdNUDoIBrQu8BuqYxRnMkY4RcT+SzWwGEKN2yQe+Wm9pGRcXAB9xz9A1nPHgxRO0ogVcDR93bJYEfsIhx2ws0pSTw+Zn7LGFoDwMRve7xXmMoxyYKHj7L00dDb+fp0a2rghC4Mcsy/0rijSWcvnm1mC084oMl/J5dj6tHIR2zEpgWtX8wRH34vxxkh8nyghuDQfOElheZ2q1Mho3deHtDxJJ4Kk9nscCULYU0HRjBghsexvWvGEWn+kDUCFAvSe9o/nkWxYiTt3+dM1ifDusj0+NzjBbLJvZ24ZkLjqgW6jIxVVCiD8Ky4kTAOfvlFMoRsLiezGvGbkPj5eTtcJOR+ukhMLpabKqpK6GDxohQfpD+SNYmKEmS3Z94K7oJ3d0OAPCE/qgac1AZTbDv1/buqWexT+zus9CjsWbgmIeJppWtWPHsUoqVmM5teB8zs3Qfd7IJj8ZtHZj1l3zLf1lIE7GBgToCwVPjc3opSX2lmekOt6gMmAfXYKNwOypvRhe2Fm7BAjrck3GZYj08rEffDHdO2/2qFq9qknKHmS7mJZgm3aZZh/+eDr6HVSLYztTXMjHKdzIthnsSvtX94Mr6nkjJMnMnOuFGnC0b5VKrw7ZHktLiaqorerVaYsCXr+TdQrIYkEguKlzQbnmpztGjCxN9JiaJ45Qxzzijxdy5ahlNmpQbrgBWBgZjjqdOuBJrBKNkzKyWikFk+jBsfKZkiHHT2Rw2+uu3Xz/LTc51vNLfFvwKr0XTa1i/hQnxtI0YlsRm4SVornTsSdQjmadCrz/NvuPwJ2lyFZirxeZsajBHUJ/Obk7ssevFXY0Sel2kajkS9lNu/CfMBz18PNb/+1T7wCP7RJzfFnnuLYrRLbCw9ihKNtRqkfBZA4X5Hf6ZKjmM8ifYqg17YWDk5SFUDJvVt59Hyfr1uazdHIWlovr5bju9TfGXH9ylWm8Ms+AB6935fBNnwsnN1tu4yOO9voD2dc3X97xqlqcr0fOhTIkFXlyAlILRAb0wywFAqDX8yrpIdtXzlY+iobSj/phXcHCb5mdvgrcKCrkOmRMhIhHmXZ8g+fBh52gpxVjkEwcmI5/vls63UbwC7NF/fnDUZeW8sq7aExFL7a53ApVoeXTRC+eDrLecI87Ehfz7aGGKIHa9CU81eM/W9BOsM/ZFLsx4fK3Tgp6ZVHYXvGc2geJskovhJuEyk41OYtGVYXZ/OPECrHFaj7za5zFxS2/GeEHkI8qau37d8gtMJCn/SuEP3hBJPkMt9S0OIYgl6jnKx66+TY808GtlDaOGr8U94oGhsnzw6zzTMWYSMKyoK7yIQwOvZKsoS/G7nI8wa9gm2EG0+Mn6Q+2pZL81EucvbTufDqUwnrV7KJeEF5wR1cM56BvZefi9Y67FeF8NNJV1RClzcZwg520qXKUU35PdYyivuKe4UqfkaKfltOUmLoEPp1fTad+2HoeeZFQr/b+6zAI/If9Z5j50IlncnaBOuGMsm1qxUrtpNR99gCswM5VJm7G0Rq7/ykB9cCcgdPJ1Yem5Ktu3+nRQNi2LviY49h8xrM8bPd3YvpVIpIks7d8dX6vV2jHF6CpIqfLvqWePiNeplLJ/C9kB01E3LxDgi0n7Vm1zQoBNzFjZMtHIYJX6abZAQUPwtN5qmJ56FFL7TZTNk0Oskw3khDj9NVphb85nDHGCt1LL5r45uVhsEXU+OaIB5tZZIZRs3kLpt3GLRHomOJKbxpExdjw1e1GqK4JFN6v7Rr8BmSZi+4nCGrg6rdFE0iopmsEla4R309mS2XYrMn2UJEcUDnnsmZD/UVeS27xQl1f3EK4fruRobbEQszWkDSYQ8RuJIOihyjCpIfMuW4N4G+znepub8kEMNg/eLgFw5X9uEoVJg8RW2Q6nJE+coMt/sKPILVlfnSFLy,iv:X/ONxuQJ3EVMe2RZLlR+mwu2cKtP2JFGztWNjOklP/I=,tag:9a6KFR/WldtUasiA1iBmuA==,type:str]' + client-key-data: 'ENC[AES256_GCM,data:hPeSh6qEUcnok6HgHm0eVB98kOqwjVYDM571D/kAvttm4XFX52/eNez/Mc8zyvOwv6P7QCOmJQTH1BQwyaJS5rD8CeuFWP+igCF4KLIo+8rqhLu6FWZzRblSKWnZhb/LHeyEl6EDZz7aA5njbEdXrlC8UkiJMu2xAuAE7a65YVag53AWcvF4K50BqRxNtGnSCMA88vLSXEagCGbyZeMRgJmA8neJTzsFCNXCMpGGEiGIKCsotm2xyBqGClZxcI1+sqCZag4s61rlttBYlrlKm+F0eF8vhoM9vWlHu2HRshFYEy3x/e/CMnULByGfFWqwrqstkIVjT4nX/txQdp6SaYrG/K71pPATEAIGbAERFh+APmfhVa1fmg4XSn4P4RzPThH7O771GRsrXkskbVs9icwKPxwpBSzepn89kUYj+/dq1AWo8lMrRI+T+s3vBif3BBGd/sNBZAyxSY9PJFtrAgaE+wYCJG5Gezg/L6Bu0GyormxwtRCAKHTuvcIQiwXWigJpL4oobKONOiYIfrooOeRGIogmCMdFLoNj3A+NQn8g9yN7ybe38/X4b6iF6a1mjWBhKJHDVPsFBXRsPp5DzIreVJL7+cw7OlwTSaZ4oNpGXM25a3NbMjfjYz/QylC9fKvE+HEpbKhWG21aTLbwtSm7wDRlx7lEofhpzR0/oEHsXtEk9qLupG3jTj029DaprStvKd4V1uQV+jjiuQWH8WXJO5ZrIY5IvT/4i9LWI74Bmdfm1uxFO0rX54xlrmLt8TVO6JnSijNM+miWLZMrhezT6DJutuugVx7DuS7CXUo3QMfu9NRQB2Al8DQS9DBrej2DXJ0cnCZu752vS4j/rRnC2SHYtLRUEzJuIkGWsMQIq9nnmSSMWpD/cdWEufLeOzRU6OibJQ9lcu+gaGWHBHd2MRyBoh74YHVOIH7HYop4CUqZfpnxc3oN0d4Y6B6Y0/qO+94wsAgp9b/CXbjrxxsVJwJQlAlHN+xFHNb5HLCXlXGTDBoseHARjbWaqPsv6+HWFkhzwnxtsSJCdcCrOpKJFlonO/ujWvDM99Uve8NGkZkgoII+FraeSVdBQIogUnRVtUTi3Aeqi6tn4Tt5K6gNqVX4O+jQtMrNZaDdD3AM+7zwZdgwHfgNYrFn10HUlgcqISuj0cJGBT5DGFxavGD1Shx/uBcVqOHzv4IKGfjpqjqPwHlqOuXGosZtgpbmLd8RnacLAb/WJRbGoZhM7r4AZEV8815JktZsD6fY+iH0Gq1+OubnfqWmzinNiifnuhirzPFLDOmFw0sK0s21Xr45pTQX0Kj4T+kcOwjNX1D6BJo4s11Uk8D4rfe2eBfFIoGnE9OEEWvvj8MLA0A0i7nUPhxxq0lKu5faCYNNw8w12+T1F6corMECtgqtphDvu6PleLf9b/aFTp5vYefRz/eifx6h/NIn7Z8qq3vI6zWmGv9zRZiKtDedNwYyOIC34KCYL7X/UsjsbhrpXsT605MnyzxyKOMLuxmaYPc4nj2M4xm1GJCBqxjxVkW295vO/e4WCxTyyjNHzNI3Cjqzy+dhyV/tq9Q6C57iawAoOroSVl1RPAzTqxf8slt4b4tdRzO4d9XoZgxTM0qiG83qD96QDhzi7wxY81ztDaAv9KFez6yIx5B5QLCZXoVapf3wPR8DLv7RzcKmdCKpinfSwhvgC2GpUnEDyQCIJTz9WY5AckbsLbsDmefMuLAda7K18kzR4MIrk3Vvv0MhM1CfeOndxG7EdIyDmUqjKc/A6KQM5L3u+qoQozuKRCWlveQPaG/ByBnf4uN9LXkrJkND1MtDvXssQJHRTgzTe+3mfmhq2aWy7l1tojTSUr06X4XV0ay4PSScxzdTVTf936nigmiU8L4qgk8NJmd64XJprH+mmxpU0tOdslsXSOxk2TP1+7R9Wbyx9Z/1SIhdyWjsFCfOgDOFL0y8zn4jaGehXVqt9FL3VDodI8hd2QFb6ckGTn5iW+zMMk1ZkCOizmhxC5oCLP4MlVtIEgqLwqclqevsAYVpSIxCLeAHr/2IoPawAgxUgOHgtA6LHJbv3oN+XPo6+nd8sPkXJZ8VlY5GouBwzf67JtLQjd8Y2VL+RjVozUkOcLTBBLWHBMxWjwp4+hsRc0lP1Z4/pK4CXuANacYPkmXOMozJpTJYYoaNv6WylLLFKCyj49yW+gl1HAkeyb8PSNY9LgjqEIZB+RZ9Xn7Utt66Mhqap0o6pCdAUuLK9uv2CR9rCGEeR8j8dsBQ9KJisxwBUjz9b6cBMT8XuOIUkWv1ESZhFmKJ1sCXhVKFOzOq5CgjU+QRMGOu+LIw4bUh3ZOB1DsA2P7LcZiWSVvtcQ11K20qkNK0Kkl9tZh5Y7qpRgh+SmIQE+X0QvZmWC7K1gWrlFEbtv3mw/9IBazy2GjA5ULKYz3ZzfNOwNrd4++rH6YHrwYn/o7slG18bb8oHElCzENwQC1nst5cmbTfHpeX/YET3tycL+EOHL16Kfg1DKzi8hbNZhAI3PWcV8rsuFcyMbtVXa3MI6y8dfLVfBETUlgPULJ5w/HFarKwXpRmU0v5YKpg0gy4JafVyqFO6bhmYAMvqKvZzt4WQUAEqJdPDEhyWj8ZQLAYwgAW1w+Lr5oIful4omz4AmDg4jA2aAB+/o9S42rM5nLLfgDZVBMeCU4QgUE9kM6S7lPWXdkaZUgoiUrD8OWyKy8KiAsMt+nkbuY5G5X57IoOApCd+smXT405+UatpL9VxQAHUaPqqX1raqDVmJHlJb2TB7rB8TL9q+S3AdOSQOMEfB/FxFYlIO7MyIayIyr7+7ZLBvJEnCMae9kjgbuHRCkelA7Qn2WCLzHRuPftgfs+cKExDVEmTsGkGEUy7erO00muI1Kt47HzIt0emR/RXG0arl31aYP8nBSt+cmkA3inWK9PaB9/Vc9gZul5Scqus1GCZ6CvjxhCMgUx91YrGYuVFGybcmUocXFVnWfoJ65E7n8=,iv:Um9mAPVzbSdF7D7IzmztYODkyCtgVwAexya0uYyxRFY=,tag:OYU+Wm0fBpQ/GPQpNC/hvQ==,type:str]' +isoImage: + passwords: + deployer: 'ENC[AES256_GCM,data:5gHuzx1UgSmscTZVHCw=,iv:aaONFJ1W6FlQWWYwl+th7yDCRB71qhRDtpeP3verayI=,tag:wXdqB/VZYpeIDw7cxTYYBw==,type:str]' + root: 'ENC[AES256_GCM,data:0ViR7nN7r2HXAJ9Pxxw=,iv:bzqgGxK00NAkCJQlIt4x3V56tv3kiKipiUremZyOvf8=,tag:fC9RVyo8nObI26ERKFlj6Q==,type:str]' +kind: VariableCatalogue +metadata: + labels: + airshipit.org/deploy-k8s: 'false' + name: generated-secrets +targetClusterCa: + tls.crt: 'ENC[AES256_GCM,data:WsmzwpV2WvfLHUb88aMI0cBFhOUvmywUtzLNQ9vpEyA+a/hzOkCt2hH6IGDg6rOg/DLCExMrRk8edXV8SropAl1jfa183igRPNKVYnswgtXZVOsjrXeoumDA4GeYsxh+J5y2V3uWoAzfepShTRyJZLLWOTiubgffLmY2c4hFoPjkvp5IdiLh19VYDLnLUhxPdJDneey5QwN1wdZ5RjKOD7tB0boDiENHxfzhUzWRHIok3TC1kScUqKbKNtqoQnl5R2ghTFVGyMtDCaBThdUfGWItnbO/F1ICvMKDkWCHEkh1XhVRi9WCVZxZHBzkbcRh+WTSgfjKnRAJmz78qgVo38F0cE4irqjoV9gDoCubQsplRyqOqmR5FY49g4599y5cRCyN/Pg2KZ4Qow2BO65EAQuDarjado7eB6LdBPCFKRFvJPJf3LxCt88esv6MTdJUTBuWWNDha0EqdMgPe76/xIoMNv2LxVHSzBArRz2jWayREV5FrE3xECnO80BUZGa4P+E2VgqkmijfQANm4fxAlomh0Hgy5V3LFa2NAfHnK70pXz05nwl6+q33lEGgQ9UGWG92o0ZK66bQDKSGA7AuS786fr9WiFhydGW0Ot0pE7Db51OL2Ln1S/SJCSyUi8QP7FViSreanwtz9dbXbXjnZUjQysAcQufuwSnX9Iott07PadiCCooumT4nBOGru8xi01SKiusOEk6qjscoTfpdfElpAHFQrWLgwGuS399cBFPcfu9YbGqzB6t+xRq48KBxvLGf04uVppNdcf3V4opy3LGDeNETcMfKea0fsNkSKMYOah0jqBoUcA3Qpo2uTo7qJ5wnO0lXYpn5RwxYgTKHIgomiFPOn7BptVAMz49EtcxJQpdpOf+LzjZLRHvZIqDlbrBrdSpQOZqsi2MXpkTG4b+ZEyP4+8helKe2kgOAgKzKQkgOjGWN2fbGsDqcLqVCaz08kvtqjyzO5bF+IwezaKl1abUAm0YEH2A34IZr2lkTvhIPN9YKjjWGZk3GCofNOFwMKLZ/Z4c/dGrjW8BtszQKAnpl33wyXunCTxjZiO3mpWgI7ffmXABSHzNLc6nElVn7Na3lwvxlSIGY+dVIekWSV2Rf0SdU5mBRh72UQ+rXwEq7C/ZvgP4mAyxzGZE0kd458Tnjzt0oqNMPPaZnAv/dZW0CYFQIyQuTFKKxbW0IgjN2lf+Q5RpbgfoGLhNEqN0gg2D3YIjOdOE0y3dDWx7iTQ4p574VIhxeCdoxkUIhuhh3P1cIqyjCdCsjmsEVG5QBFo/XIPjoffk8IN8DklVCp8AwIz8CFrMySRzgOOoK91XhhXo6BsZsIkP6Xk9zWvN4op4VR4zM3eqlcc5stBg4KepxxUvQTp2OpDokc5JsKxhUp3qM/uHjYWsDlflfaZukJ2xLcaRRniPLDaRbDH/9L86so/9ztCaCRB3OEtogEjgPFb4KOFiPG7TqUtvrisygwXno10DnI8Q2VR916hO1Gfyc3hdTpHzQK95rx3n/CVclyxibnwpH9S8DlU4QHT0X2NQXrO7t4aKCIg4NXbYMifN1Sp0lEHr1EapqkuL7lqc0PSOTonNt8OhBZ4NPvHsgndQ/+r4aFizZ/56k4n4Fs7Ki9Qvrgkk2ZJuX0amp+cdWwMQmDWC9OIOHRruHjtquX7gcZuQf3ibEU94K14XZB0mSbwmuTQajkBIKxFmtPbe3aCchvBhfaA5Tg3qm0nQS1dpMSzKYH7+kBwuGKKW4l+FTpW1OakPFM22r5oCH+5IY+Eh830Xvzxm/3zZdVD+S/3Dk0S9CSG8moPpDxxjwZ4DPcc5j0fEUweML8SpjeoHdVqyaU3spvuFryzu9poYukFMthvdh6xGzCHzM3889RZhOcG7bUfFlZxYQ015ZSXlYek8TGlaG6oAlrOIjrxRn+guqHUsAOlt1FnRe51WCBh6zMwxKWhVC+Q==,iv:VnSbM6xsMFMeMFf0PkflNnA2SK5cJsQ/HNmN3duawEM=,tag:pMk/noJNqGwTFalvR+Ar2Q==,type:str]' + tls.key: 'ENC[AES256_GCM,data:kvyc7MnG165YbHWCltMw4EPzZ3iC4nGOFeQ1z37s5/92f5Sc0pKnoi1tyC9YvgQrN2hbCMJH4H4thQ1RDEO8QNgAPilblNLW8m9qbSQ4SW4dbXILhokKb/eEN2dRfbEzLr+b2SBMDFi4KSWkO/u7JjCeFNTN9JifFddnqHlnaHkRFPRH7uXDf2ZziXcVbLD9y6JP3ZexTAGGy8W8kZhA/xLAdWGsLpyAC6qLbS3Ggv77JeRFTUTjLp9waoDootSA2BDBmC/KhoQKZIvxEDxdafe1qYqwtgl4L5X9xo6afiZXH1y3oBiNrASfZhE/yDe9oxVJBgQJRBj6zshTJ3ueoS66BdJY0gc508gEkEvOv1i7ZEqmhSTVaw9PJuABROHVhwTcpMYcOhhngdEh8/TqmPOzl8T5wRARgzN1jPECrh5ZcSrV6Guntc6SJBR9olVtt88QpNu5SwLJCTj9Xf5UgW3/cBUmsLpPylXY88B//5RSDiAtw4XIcEKMkk3g8czouAEWwU4APa5C8WtuF75C8VDQdFqmoVVHxshRhB1Y1j2laAhKAwq1I2jWUc24MLvCk2SA+o3SMukE0GcRSIx5rwh6bDaLbutgUXFtju3rYrbo9riFPhDBZ05wPB6lrST6+ZBcPwwvmMx0ty1WeFXwX5ddEBWnMLCHfDbTsi3hjNVOBG7OSmINe47YOC0+8Vf09LcL+C4NCiXFO8V06tmz1nbSIUmPBZRAvCaXTKHTE35dVtkkkmQy1wPk7dR69ALTFWhnceSi+LMxcQOKpafIU9KlgbrjhbjGR3gMYL33yeaMMR6OB/ghXROaopww8uoANxUmyf13VMYJBaJ4OVVd7M8b/vT6RfMw8fytIQBPB3I9xVvYMSoC1dpZ/N53LEIo0vq9suLoVYnFMhILVhxy1U/JChKR1tRv4lFKYYVKcZKoze9I5rl6FXyzld/ql+2EM0lJSAXe55mnmdbYPnQlUHPj5wq5AfqXW6ADnIqWHqdbEBo5UEvu9S6ElkMViNv9gD+iX5dD6DTk5Bx7R+lBmsvtySHopjSqslHJURCEmYDpKdKjFxKZR9uqaF81388ov3wnbQRFMLFzZZMwMTKVwL9oAeeJugQ6Hd97fwbXp6X/0mYbh8syaFfA7vTtjm/8oc1fPFrlUBTSXERqlyVgzq9j1IrfZeHc9t3e2WbNXmmlDTV5C7VMeLhBjvEVVNTaFVWfP7YQsrSbzrtirzHB3WFIUifdTCF7v3SlfE/VAmVfuI6w0Zi92g5DZl/2v/bfwLay3JETz2LIYb9GSNbfLX0dssUROgGUsS9F6WV0r1KT/27SsOi9EDygqqOxoFgD+YRckf2oDZ94wrT4vTVHlm9bQQEsKsogwofMxR2GnJwsozIJj5unbY1oiHWBdJfsPPtisESZK3SHxIVcF6iu8g8yvhkHKn/xMeUqDOZN28MoELStSFTkQGpOml5gXdXDdK2BEzIKbeDOV0bVIgN6WYZpEeOKgmoHRa1obDrcgUvC6CB9rPL+40CvFwroRQjoOMLHDZfBkxJxDYDo5abhLXiyd4kCG70nMhamlikVEJOQ+Y7PWIdB4ez/emEqG3S7Z7it/NRukfgFJ9xbnt8WkzJiKmbpnojjJTc/8UVSYSZ1y+UA4R3SKcTlr5/qyWn8V2nXrHZsH8wpmScmLQ3NZx3J2RnSrWLveXaksOcbFBebJPXnIvmqVZ33wDQNWJROXjQfCqtZAhXgOW2vHNyQEoi5IjyNtyGIvLEffX2jsHTgD/QOypA3e38EBgLkZ+0ybLa37GvYCH2GPzGf07TcvwXXlv9p1bwByCOCoUxumJ98gptfbQG7OUXPeDkZIs78xIP8mV2irDqawWn+4dqJBgDZAWudY8scn5gWo8L5sE51kGGsDE0MrPPxcmLBNFoTXYrdCuFFQXdxuQ7mSzX04gGabL+d1+SdETPdJLaqVe2WbI7huEd+jFuo0zd/WkYbJwCxs0mOB1xjm1EwIC43hhl2dLLIGYZVu8feoB2H4sEQeke6R1iGKDOpzL5CeY3L0/EA2cPVC9t3H7wjidFG4w/yfmQQZiN1ivoiLGoWTFN+ztGH0FyGS8M6Nk3d8nP/MkPjCodRIUnsppTRYSJgbxa2o0R2b2wftBdDU7oQqWy4XK/H4zVltACaZE06Og1Y+Rvb10NeYUiDxJupat+Z1gh6u/2ISDgZQwIsRQRYdhm1JgxxzUSeNTtGQPkRcNCoWlaT4oiuebSG8fsGPFaqv3KF+lWlORpKTjMC9mlBXPjH7NWeZOiqNI5pZaf1tl9FnOvUwzNdcGLR6Bqoe08+asKoOuh+NbKSEAlALnPnznFRBapHj5C9ppABMYKfqNigM1tflctJFiiqNnpH6Y+qXFzudrkq9VqhaMoccgkqgYcFEEIwJ8goByA2ZBSV4mA7sDtY0fCEirP98j4OOcUpkHLgaRbRW3DhvfGNOJDE0YJjb38kZEZ+KdDcu9CbrXBgNVet04j45VjIonlum+DWFsHD4tdu1CPJiii9retvUWn3uYN0zSKrj1jEL8cO7Ujgmm4A7Szgz6gP2ShvReaT9BtYf5W9I6HXnedjFL0HOT6SdrG6kXPMns6lOkO3CcxrTM2w3vtms6HYMTFSXDr1k9WJQFIPqF16MrahYaEbHC0Hn2f1euhxiwY6Pd/fWa8SOwx6It22sq3RX/Ra1dbRlQ8UkwvPKV12pR7Lcq3WoQr3/blMZBiK1nXgKREndxY2/oUeI8bpw/qgbAViujfyRVPcmfhPBgMPZceUbVLGlxdYzPIKAqYgttBVHDZNdvI4JEkK4FJnL55WrSiOPEEuiGrzOSKQvZ2b2/AiHceAax/Rr0zSxWKZ7numzZKYBrPBgxeMtJABz/alfsRhtKxIH/Tf3YUaMeS7nmYaOgO7nDTuLqSyWpyIqXQHvf9TCeZt3o+0hBx4R6wLlByifj/QOqY2ZbUrqLqp5xa1d8/SD58=,iv:zCKTZ259WSSteALG13EAZaPvEO+FkqwTvaFv6VQ3PRQ=,tag:wtL/ti1jBKK/zjzNR6E/PQ==,type:str]' +targetKubeconfig: + certificate-authority-data: 'ENC[AES256_GCM,data:XQGGPJC6gnZKfIVTEpIFrnu80oB3BrrpGCiI33aKpSPzH7mJn/QLx/Ub22Q8pL4Y/AM7LRTNQ5dkLar6bns3ePLCes7QY0WtB5cp5QFFtlIDHvXWcX6o2yjrWP64cS3UY2Ct9vije4cZLlDHjOerOyI5yCXCbWNKP631EXq8KxmuTRQNJROtvnG37RYgp7nsHu9uXVcrCxf2UH8WH4LhO91yW83rJSThSSZMPBwUfZdvTxdFg1AU9ZzHxQr+FDw8rDIsw7nXbfhlQxvsbp7Sor1rPnu2/pO2wVMGrnrAiFn2qwuxWRCAC4gNZr43LXz1aYgxzwcTVV7Vn56C0G+cXgS9uceOlknYwE9ViupOeqmUJ9OaLldFmoEFmTVE//qamT78/jjBWjb2ZJi8ztjTCFkw9ce2RKAd4RILwzZ9bUMjJKuO397efe5VZ/Tm+94ZDRnrOpNT8NuFlhcyZ1ezYhSEJYG8H3cr+ep7j5wmhse1ThK7IiBaUKlEkBoZEcjd1TI5KGf/1VH5VXdW5FbGH/gfDUeUYH2JuMSKnGuozRlCacjK6lu3kVZpQTXHFtpHKFiEbLgCFcmM9HnPt0KLKlYX+XSgbElQPMHvyK9DrErCrj5KZ91KNOupgzqUJ7Y2GYYSWEGIyXQLO7V+LjDhE4K5PAQzEJ6D7dxK0b/4ze9uQiFtQLPa7qQ1tD8m9JoAUZSPWEzFgsOYJF8Meoff4Kp4vZU+p5+LlK+jOt/MGFF+1Yi7tuOdWY2Ulbzxm5TAt1Z3+HmgzidX01cDxb9zT7iDa5aObDI4BEFlPw8s0dZyvwLNXRL5yq90m9PWMZHmlkwpPXXOqCumbNC+FW1E3hQ1+drIiLcX0uRd1jHW+4RcS3ePYMQzZmt7aLQhRVfLNiJ7kW62XNNHAs6cc0Z2hJudloH5AQpWNwNsUPUzgaFnTPu1PyGhTywy+3C+zsLpfzQFCD4bSyhJrDj9XJKahNAWk435ehGNGCgr8bkj+9fZa/pTX/bmwSFMh/hvULGQB8jhQkCoO1RWCQnLK3iHIc/W0ED19GHxgWT/SOReLeL0TGsqN9FiesCo7pDkVGsbEzPtXjt2w+jaZovTBp2tBuhm9l3eB6qK17PqI3gi1YVQtaDvsDNwq0J0dhez+XwbVu4usrciyQYzJJoF0xHPlGhnyZWN83bp/HWZq7Oau0D/Gzv0eSZNG4TIXxAiXgTNA3EN3bp4uGzszYhzarKRiLo3+Shu85b7oa//UXp4FFUp+lRIqr6HDyhLv/17WaopfaNF/f7h0jym7+gvYj5SVKBLgawAkEfGwx+HWoEYrQxaXkFOPDhuNkCY5w5xaSCfWGHO/zfczvLwPXeqVLTmgt1UpdyOmrVL+WzegnsrPuIOL15VwJpxdjV8cnKMdp0fWRur9FTnDUSE3yQQDIUr/dHKP9wGcwxRoaa099zHkjpJVJk91sbxf8l6MCe8K9H2M7W48ED3DRhpzIbJthHjpZF6a+8E3a/+H45T7JevgZob2DfENYub7c0fiQqMyLU3OEXu90fpPB3450zFF/M6+TB+ezKK3VSxcAJFT9jPX7OfjgZJf0E4q8v0CYHYeOxqvAmoapyaO3Z2+tuP4rPriblu2KsH+5JyP7kVX0e4WvixCN+W/AuSO2O3CqXZTh22F5UxRLSc+p4WDx8DvgGSSsFtKE9ASkGgjpGEV2GBdDu5Ja2rC3qqooCSDtLEuas3zmmcbwVog/ZhHw+us1yyAqDpkllxZ+Hoq8rHdg0Jwep1JUJ7B+/4du60GleqvPbiiM8xnbPFOxrp/lEb23ura4AqH6ZxxBHol8d5WHCh0VxQXPychIsx2Pl/404t0mY0ne4bIudaLsGADwM5WBRczgKroe5ah+7KmujhavPoNQztnSgVTfa6hxjG5EeO1/hYBybXA3gjM1rKaRLUTdGGfcL3TmOf825xM4BLvQ==,iv:lrxOZvtDP49iLxzYfTW2B/ex0vtgmCj154j2xOnJEWM=,tag:ODHDg+Nh1ZF7oAloIlpnZQ==,type:str]' + client-certificate-data: 'ENC[AES256_GCM,data:wPc4wl2y3CkIciqXl7e3c6XPx9jQz86CBu/hSfIQUc3IkpBeEajlxlbxHnLDvG+/hyXJtqfLFrP1v5JcZCCiUk9lrZPmDT1yWUOMizV1/WLhC/nDuGitVErRWAeHDtxE7f96H5MKQpv43zmxrg3F1+mvYVt1WAc1SBWgcxY1bEmLtV2/RciaIUX90aoE/3zcvCRq4A4nsPGXqT2NCsDcSTngQPTGttYMCz1bNOUSk27kmd9d5RV5twRKtl5X/pcR6Hem0pqlkhnCIqElzMWnKLIOaxi3/KzS/SMIqRHJZhX1fzl0Szc183v+ew1Y63kGabvEJwG83JpGfKSRpLdH85rUydenxTWnGj+2qpZlgTUa/lIGfXR/X6RWNPKzrZbZc6Hq/s3n1Rk+OBSMjepygp+5huj5QII5gdI/YoW/4+nEav+IWvoXmtw7DNDuzPgicsZxZx4QmgkZJk3s+HX+f1TG8eceR20vuaWaSOkq2JR3Uc6+9ebzvuLsXqX34SryRvI6Mrd0bJwrNu8Dbzv4DKqHrUnT1tVoRRkCE33dHyRhWjG6vs4HaDgZuzfQGJMPQ4c7a2RJKVB2e0HYp8xjFmbQCPDfdVQ0y2/E8GNUZjTQhME1B6Nz8egtZjgIAbug++cgErT0PybCeMCHmz+596xlHYjoL1dIONCvzm//Dc7okuxs9D8LCZ5f7r7IjYRFQt6U3i0PLdv1pTds4yvG47VJimZi6SXeq7Z2LPqSVclZCfPlDC643bC9hqpIsDRKDJLFeMoTr62g5Z0W+c5dmMH/6BQrySgr99L0u9JJzaR2Pzfr2QxlsUZibYniNyuu5cEdMxiVbMFAcDaGWyTOjpvay04fkYky/A9AKwAxPStxx/YFZ1su/8SWIwsAUfj4xKEccjxOcfmL6BjdYdj47ElNYQXqIVKl/j3X7rXzDSu0eyVPVTcOwuGtXrV/VfadmisX9cKCSwLozj6GxqM9JN6QZ6GYAxHzU7V1UR7RTtnPN6s7JOhql80KmsN7XnRddmWPZpOmtnwunKSrvK7rBygXkNpX1TE24dfTpWzBOeVE6BFxUuiYGCoxuuxfEo6K2deBj/7jZZ3PLprQyqgIDipKjgeC6R3qx1UBHOleY67Y4ZvUCQSjz07+wo+B3OjNfbCSN0vHJJ9NhvyY4CdOtrgbzOchZPhobhxurH8iMf4UDBgugefpXRwpAFhyjkm0VvDE+UfKJFbsKcsPehzbBOxXJKBbyDze+Ov/oTAhY3JjGiUe3h6Hyac9ctnrUxaGFpLhsjZCDiewSBo+AP6J7dQ2bcg9XMmw3ckOD/hVaT/sOi2qWsrG4Qnr7ZmCXMy+yWQc21TL6JvT3yI56MAlE9TMrG4PWkktmTbw6eAyTOmL3lzBqpXKgdJoWLR/Zv0xUkk8+zZsVchja1kLPJAL6ALkRzL7PE+UEH57K5/vim8BaHzKO4Q/4fb1HjbBX6GA+/4nW0CYw3vKsa8Gpt2Av4XwOpAHRGrezm3w2o9fSxabCTMroJ8dsaR4uJiCpn7jq9O6a24PL54gP+9dLnvnjK07DXvIJI2mA5iDv4CJAgz0rNPz+6yAgGtuUkZvqslBOm5zhKy1TVlRuQT315YeYjHPp1JqmQ96j4RHCCGFFlHsYnzaazY8izu+r59JNxUVRipJs2UmUktJXETWn2zKe0LDs8LkPvObvzM4LLGOamVlaOjNKSQRsiUv2Qd0+ERY6sYJHwh40ObGF6Z8u+91wWglcylkY1+bjhCwh9Zs4Gw7JenOkMsJe0BtpJYCwkDIA4L/+PHtaUpgQmaFCGYAuWysAv8OGkv8gmIaSiLwTfiUxg+dqgicEcKAGoYj2pFduWKldP6dg2HyzCYVcMbMJXNf5KIFLcAnJ4IOYf2bBDR35Gbtq9gKUALudgR2O/xxVkI4+DwY2Tc2EdFnnkh/btYaz+seoCQL1cB9+IrxfldR7CLXUlDt+7DUirSEvNLpWA31wA==,iv:d8/OlgrzqF3u7162nMzKfWtqeeLogcwq2Z4FTxRfxjY=,tag:wI5cko+kBoFUXEJOO1CtOQ==,type:str]' + client-key-data: 'ENC[AES256_GCM,data:DIz0rFlKFLIEQaSlyqSgAiY2KK+a1CRDtAXtu5LKgS8kCr/XqRHq41wVVK44v8V1ih8Ca/i0Lie1pheHgdHQicilcturE8Mxfl8T4Eb/6fVy/soo4M+cdAHaZDa1NMW+0ZYrXB67oQbSnE5y8/Q/PQxg02VzWIm0G4OQkkTXjb2OC4+1pJl2tWezyMhdiudc04dO1z0uK3Z3oSX6huedu5lXEP2u9IlFrEDfdEg9Fpw8+HIPMF8hGblVffZkYob78AzuImW3vzTJV/6TDkNdlKbEnHiPAvqRu07jUa9w0rKGfvPeoRi8KUhCmqI+948lsmV1ZGUFXfTzYu4Ln+cQ+x9JT1cX/g/6DqmWUXiMY3Bh2xPyfW+qm66QypFH+wNTjfbUpPK/Fbjfrbt3Eu5XV0beOh9RQIMVQcV4OgOydwREbxxCfUtCRddtDcRuWp0uju9v6c3m48626LXPyO8iKoFVldpMxEAbYdROOar0FXBNner9t2LRX6oWeZijh3bRB11Tmi6y0H3fWfS7datRO+3ben18xWJJTYNIst3e7dUgjgnTriqKcGIzqsxO0rBH2+oT0gHAgDCKzsp53AOEl8LdJWXB5ua6WQFz9o+p3kkDLC+PLwXg1zY3nkVMYrs8a00JqTphRc5X8R6E/4wpYS0Eka6rXKIyAq6a74nCXjOWUy0sBCpwI/8bdckMF3u9uw8GjMmtQINzJv0Pm7Kx6T7wf7ysdhs0I/kup/l1SeckPoSBm14MSoVT5Co+0xyK72SpyAW5f8QFEv2SRp6c3xke1qOEaPAD7ITXlLt61y74yRcKXaiWkAG4tqxcudehRjnOATrC1y8KmkV+V1ZSP9wm1AVvYkYGldkBNTVaDGSZdaw+u9KFK+tfNbMajMrAEMPylINa9ELh5YGKzj7cHeaPVh3C3bgDNZHUD6osrGXvHYaWVqwAaslZVEauSFXvUAVxajcbaTf7RrdoDU24BP4IrQkmkDoSzsFvXiox+xEYXQMZuJP/Vp47e46eobCUxADxM6zpjyaNTwhSV0aofjMsbTjzlvniYzw4coM5mhfwJ029Fcrk8XlKqS/Mad/pFInjwZE4i0NQRwj5ZxI59mbUIQZUEXdXBtIVr02nE2TsHYQ0iYOeUTKALeZztwY8LKoIyIdCOoS3a89LEIjJgHnyesylxVBj46fDkVCkWcRpo6jwgqEQTzvRBjCJQMvb451kQUk6tBp6iW5G+6gViEbATrkHRWpFjbYiGYH74RTalyTxQA9Z6C0FmTTUxnr/4CP41nO/Wj653LrRL+BuJBi91KbfHQjKCltcFdbrZeEkmCNJk5G+5N7puxYldSLD+XJRTssK1+2qk9xM12LUzQB8pqTulKsbpMn+cnWzFwLmRCBsWdn2xattvqgdFoNXM7svCSroRogGx4pK9k4OgiOtM+Q1sOdTOsntLhSGyW6R723vnZ4OfzNbO/zkdqAT9ZmPl5V6g4sKopM4wibuGsHx7G7QEBz0YbYFxkKtUSH8VmNJH6s+liLCGvc9WtneT1S0HbcQjWYkFbWt0tX0N61NbVYEzTpycgXMnz2VbrkSiGkp0llWXMKAys4YimjKjquPxjXV4Dy19W82UBGo5wYG+WBKqwvwrU174Mb981JfZfhZiKHAreH8hy834pLcMGeJKR7BYeEUPG33gn2Ds/O9P3Hrh/ew2Itxw6LNUzvLb5hSwPGbgYkIjUufFKksiSUBpbpyPMXvTUKBL1eje6JYu3uqkUcmWKGVhfyAldlOoFGpUXiulR90KPXVTR3bwpwTyIYp9O5IhFHUlKb3kjBBXQe7z7yxrzPudJSbHljGPPZfyVgTdgYjiN+v35oppJseN6J3fsiSZIMJX7QanNTqwvsoZU3SGA958Le1154Sti5WlD/jMTovUmFVHNfIo+E3gdB64BEfPKf0R5cuWB05aiaeJJPH61I2W/0mK+zlK0gdNKjrzPDTutgkem5/zxYYu/mcnCk/fbBlOiHlAsgwkwSCs7nVUrJ/1aCAtMH0IVYjatslJMMy9p9q7L1YNjiyzRUgbIRa4g2dn+HkxEcZ/iwm4zWXpRYLZ8PdSl812/y8DG98yVxgjj2CeWxEdrviVlYKxivj6Fx2YvWV7H0GPeGLdvFw2C4OLBjrgTEriLFpwYhwE3jqpUh3Ceknoas+p76QYoqa+vJhYS1TeGzuZcsToBZ+Tie1C83MrIcJfp5DRXT0vffhP217YkD17/mQ8f2WBTEDckb1PeT/Tbspk+AAK3p33+yTqRUKppkRN7SU6ZAT2sRPlSA20fdC8ucBlTJWpsZsrnmnDLc/oacV8LGyxaEquDfKzYlunj3MAKLVibCnKxbtoLATOcRcb5XwGMqVrcrnr0KFNWFivV6IGeTGVOyEf3fgyfl6ahn3q7EoSM/QKTjp61+CMWzFsJvsJsVPXYWqy+QRZhiD6lJbezjRcfRVaeu9ZGMGPsgfbHCqUS0u+66QI/uXvUwfG+MZZaxBEpaSyHWSYtP9UGTeB8l1t1sK3qrLp1WMV3EwIevPJtpedDKxcfNBRrtW9G4b2HHqDsOTCPAH6A2FJTtDXqJtJx77IvBTV+z6DMoEJ/H9+F39pDIhKO7QlfQbCr4bL7cW/JeYSXeOPi4Z4y+uLfcC6glyl+ILRK+0u/bDVRk3W5B7uWXHyCwIUmxfEqrYJNKqz5O0LPp8jFzuSnRMLMtGk2vjxYctFLlprajjPuLk6VPZlLhbYV0bqDIPWuQ3XjKwQjfKWiOm0u3KCZSyhe68ImT07mddMgIHtwB39hbXOlhfPKppEnmc/qmr4F4EQMvztvwox8TuHrRip47ChkpOjcC7YlZOccZYR/8rorv/3Jl5V2ozmg/Gb7jV0YY/B4/kabpDQuXCnT0SFA4jQZys3CSBqO6AQOxZ4amZIFm9zbMnc3VLzJGBylsX9BbenLV1ffltLhI3eLpv8l19Yb660fNVu4R5Sw==,iv:d0V7thVsBXSYoEVaC/saH6WpX242EjiJjUpO6gpabxg=,tag:GNKcO01sISM3J/0Hjzkntw==,type:str]' +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + lastmodified: '2021-04-06T15:20:22Z' + mac: 'ENC[AES256_GCM,data:xR6t/C0I8eyJqi9HbodbjYWP/5dunzylUx77/aHqAqU3/zDfznH4jpN4oBE5+HD2AEtqWLavIJ5QjVilHIIp3q9FbDp28JnVWc4tcShceIJzn/E3EkGJohzbVkCVsEUnZ7U70sEfS/15IaJzfDnlZdxRnCLYdTYjCjaXXVaeOr8=,iv:2ksNc3zAY+OfMxgeEghCmy3u+ITiI4OqDVm9pbxzSFA=,tag:h7q+iyfTrtkZ3oiZNqATPQ==,type:str]' + pgp: + - created_at: '2021-04-06T15:20:22Z' + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMAyUpShfNkFB/AQf/ekiqVj5BDD2h1DEiKX0kz3sSU2Bem9EblObv+mEkIVzj + 5aAMmcFF5W5f+5yNDeb9sN0eWMIl99IeY8Z4GZ/JgkLd1Hf2eDpyYhD522tTewOJ + IgJT21Tv29w+GE1S4erz1ncF2C8b1r5qzHLVKWomX+rj5/Ix29he42+6bXFO0f43 + /GX43VWeuRenJ8p2UxeWaANzEdI354UCYCOuOx6vXytsljQ5Qd2tidaI/rmCfiIE + PjZvnbHmwPy4R2jtwtC+yEOs4EFzFB1DFZXl0vvQTcu9ztOTEgibziJZs2EYNcCm + RALZu8lSjLRbSbjGs28mTSCFEAeZkCcldOXWf1fljdJeAUmA87yTpVyFqdh4QYDz + h9OLOgO3YBaKfq/7+YT7wUMh4zXC/BCOKNRCYeAFzKk1GMCgwS2h/1j98Lo8KviR + AoiwcnomoTATIRs/7715GhroBvjHdrdDPQg0FwMB5g== + =3Y4v + -----END PGP MESSAGE----- + fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 + unencrypted_regex: ^(kind|apiVersion|group|metadata)$ + version: 3.6.1 diff --git a/manifests/site/reference-multi-tenant/target/generator/results/kustomization.yaml b/manifests/site/reference-multi-tenant/target/generator/results/kustomization.yaml new file mode 100644 index 000000000..1ec2d51e7 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/generator/results/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - generated/secrets.yaml + +transformers: + - decrypt-secrets diff --git a/manifests/site/reference-multi-tenant/target/initinfra-networking/kustomization.yaml b/manifests/site/reference-multi-tenant/target/initinfra-networking/kustomization.yaml new file mode 100644 index 000000000..411ba4f89 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/initinfra-networking/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../type/airship-core/target/initinfra-networking diff --git a/manifests/site/reference-multi-tenant/target/initinfra/kustomization.yaml b/manifests/site/reference-multi-tenant/target/initinfra/kustomization.yaml new file mode 100644 index 000000000..5669403d8 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/initinfra/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - ../../../../type/airship-core/target/initinfra + - ../catalogues +transformers: + - ../../../../type/airship-core/target/initinfra/replacements + - ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements + - ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements diff --git a/manifests/site/reference-multi-tenant/target/lma-configs/kustomization.yaml b/manifests/site/reference-multi-tenant/target/lma-configs/kustomization.yaml new file mode 100644 index 000000000..0e3d56cc3 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-configs/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - ../../../../function/lma-configs + +namespace: lma-infra \ No newline at end of file diff --git a/manifests/site/reference-multi-tenant/target/lma-infra/kustomization.yaml b/manifests/site/reference-multi-tenant/target/lma-infra/kustomization.yaml new file mode 100644 index 000000000..c1060237c --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-infra/kustomization.yaml @@ -0,0 +1,9 @@ +resources: + - ../../../../composite/lma-infra + - ../catalogues + - lma-infra-object-store.yaml + +transformers: + - ../../../../composite/lma-infra/replacements + +namespace: lma-infra diff --git a/manifests/site/reference-multi-tenant/target/lma-infra/lma-infra-object-store.yaml b/manifests/site/reference-multi-tenant/target/lma-infra/lma-infra-object-store.yaml new file mode 100644 index 000000000..95ad88e9e --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-infra/lma-infra-object-store.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: lma-infra-object-store +type: Opaque +stringData: + fluentd-accesskey: admin + fluentd-secretkey: changeme + thanos-config.yaml: | + type: s3 + config: + insecure: true + endpoint: minio.lma-infra.svc.cluster.local:9000 + bucket: metrics + region: lma-infra + access_key: admin + secret_key: changeme diff --git a/manifests/site/reference-multi-tenant/target/lma-stack/kustomization.yaml b/manifests/site/reference-multi-tenant/target/lma-stack/kustomization.yaml new file mode 100644 index 000000000..ea0c71c90 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-stack/kustomization.yaml @@ -0,0 +1,14 @@ +resources: + - ../../../../composite/monitoring-stack + - ../../../../function/minio + - ../catalogues + - minio-admin-secret.yaml + +transformers: + - ../../../../composite/monitoring-stack/replacements + - ../../../../function/minio/replacements + +namespace: lma-infra + +patches: + - path: patches/minio.yaml diff --git a/manifests/site/reference-multi-tenant/target/lma-stack/minio-admin-secret.yaml b/manifests/site/reference-multi-tenant/target/lma-stack/minio-admin-secret.yaml new file mode 100644 index 000000000..1538e9304 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-stack/minio-admin-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: minio-admin-secret +type: Opaque +stringData: + accesskey: admin + secretkey: changeme diff --git a/manifests/site/reference-multi-tenant/target/lma-stack/patches/minio.yaml b/manifests/site/reference-multi-tenant/target/lma-stack/patches/minio.yaml new file mode 100644 index 000000000..97f0631ae --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/lma-stack/patches/minio.yaml @@ -0,0 +1,17 @@ +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: minio +spec: + values: + replicas: 1 + persistence: + enabled: false + existingSecret: minio-admin-secret + buckets: + - name: logs + policy: none + purge: false + - name: metrics + policy: none + purge: false diff --git a/manifests/site/reference-multi-tenant/target/network-policies/README.md b/manifests/site/reference-multi-tenant/target/network-policies/README.md new file mode 100644 index 000000000..c0617656a --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/network-policies/README.md @@ -0,0 +1,19 @@ +# Network Policy in calico + +Restricting traffic between hosts and the outside world can be achieved +using the following Calico features: + +* HostEndpoint resource +* GlobalNetworkPolicy +* FelixConfiguration resource with parameters: + -FailsafeInboundHostPorts + -FailsafeOutboundHostPorts +Generally a cluster-wide policy is applied to every host. + +This site based manifest is designed to override the default global +FelixConfiguration based in function directory. + +For more information on failsafe rules please refer below. + +[Host Protection in Calico](https://docs.projectcalico.org/security/protect-hosts) + diff --git a/manifests/site/reference-multi-tenant/target/network-policies/calico_failsafe_rules_patch.yaml b/manifests/site/reference-multi-tenant/target/network-policies/calico_failsafe_rules_patch.yaml new file mode 100644 index 000000000..78573e0dc --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/network-policies/calico_failsafe_rules_patch.yaml @@ -0,0 +1,43 @@ +apiVersion: projectcalico.org/v3 +kind: FelixConfiguration +metadata: + name: default +spec: + failsafeInboundHostPorts: + - protocol: tcp + port: 22 + - protocol: udp + port: 68 + - protocol: tcp + port: 179 + - protocol: tcp + port: 2379 + - protocol: tcp + port: 2380 + - protocol: tcp + port: 5473 + - protocol: tcp + port: 6443 + - protocol: tcp + port: 6666 + - protocol: tcp + port: 6667 + failsafeOutboundHostPorts: + - protocol: udp + port: 53 + - protocol: udp + port: 67 + - protocol: tcp + port: 179 + - protocol: tcp + port: 2379 + - protocol: tcp + port: 2380 + - protocol: tcp + port: 5473 + - protocol: tcp + port: 6443 + - protocol: tcp + port: 6666 + - protocol: tcp + port: 6667 diff --git a/manifests/site/reference-multi-tenant/target/network-policies/kustomization.yaml b/manifests/site/reference-multi-tenant/target/network-policies/kustomization.yaml new file mode 100644 index 000000000..1410f37d2 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/network-policies/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../../type/multi-tenant/network-policies + +patchesStrategicMerge: + - calico_failsafe_rules_patch.yaml diff --git a/manifests/site/reference-multi-tenant/target/workers/hostgenerator/host-generation.yaml b/manifests/site/reference-multi-tenant/target/workers/hostgenerator/host-generation.yaml new file mode 100644 index 000000000..b1d801ce1 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/hostgenerator/host-generation.yaml @@ -0,0 +1,12 @@ +# Site-level, phase-specific lists of hosts to generate +# This is used by the hostgenerator-m3 function to narrow down the site-level +# host-catalogue to just the hosts needed for a particular phase. +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: host-generation-catalogue +hosts: + m3: + ## NEWSITE_CHANGEME: update with the worker hosts + - stl3r01s06 + - stl3r01s02 diff --git a/manifests/site/reference-multi-tenant/target/workers/hostgenerator/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workers/hostgenerator/kustomization.yaml new file mode 100644 index 000000000..39673a7ce --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/hostgenerator/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3 + - ../../catalogues/ + - host-generation.yaml + +transformers: + - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements + - ../../../../../function/treasuremap-cleanup diff --git a/manifests/site/reference-multi-tenant/target/workers/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workers/kustomization.yaml new file mode 100644 index 000000000..e168397b1 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - nodes diff --git a/manifests/site/reference-multi-tenant/target/workers/nodes/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workers/nodes/kustomization.yaml new file mode 100644 index 000000000..af9467527 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/nodes/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +generators: + - ../hostgenerator + +commonLabels: + airshipit.org/k8s-role: worker diff --git a/manifests/site/reference-multi-tenant/target/workers/provision/kubeadmconfigtemplate.yaml b/manifests/site/reference-multi-tenant/target/workers/provision/kubeadmconfigtemplate.yaml new file mode 100644 index 000000000..2e79b57f1 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/provision/kubeadmconfigtemplate.yaml @@ -0,0 +1,31 @@ +apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 +kind: KubeadmConfigTemplate +metadata: + name: worker-1 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.name }}' + kubeletExtraArgs: + node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker' + provider-id: 'metal3://{{ ds.meta_data.uuid }}' + feature-gates: "IPv6DualStack=true" + files: + - path: "/etc/systemd/system/docker.service.d/http-proxy.conf" + content: | + [Service] + Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY" + Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY" + Environment="NO_PROXY=REPLACEMENT_NO_PROXY" + preKubeadmCommands: + # Restart docker to apply any proxy settings + - export HOME=/root + - systemctl daemon-reload + - systemctl restart docker + users: + - name: deployer + sshAuthorizedKeys: + - REPLACE_HOST_SSH_KEY + sudo: ALL=(ALL) NOPASSWD:ALL diff --git a/manifests/site/reference-multi-tenant/target/workers/provision/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workers/provision/kustomization.yaml new file mode 100644 index 000000000..c22310b07 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/provision/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../catalogues + - kubeadmconfigtemplate.yaml + - metal3machinetemplate.yaml + - machinedeployment.yaml + +transformers: + - ../replacements diff --git a/manifests/site/reference-multi-tenant/target/workers/provision/machinedeployment.yaml b/manifests/site/reference-multi-tenant/target/workers/provision/machinedeployment.yaml new file mode 100644 index 000000000..9fce21028 --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/provision/machinedeployment.yaml @@ -0,0 +1,30 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: MachineDeployment +metadata: + name: worker-1 + labels: + cluster.x-k8s.io/cluster-name: target-cluster +spec: + clusterName: target-cluster + ## NEWSITE_CHANGEME: update the below with the total number of worker nodes + replicas: 2 + selector: + matchLabels: + cluster.x-k8s.io/cluster-name: target-cluster + template: + metadata: + labels: + cluster.x-k8s.io/cluster-name: target-cluster + spec: + clusterName: target-cluster + version: v1.18.3 + bootstrap: + configRef: + name: worker-1 + apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 + kind: KubeadmConfigTemplate + infrastructureRef: + name: worker-1 + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: Metal3MachineTemplate +--- diff --git a/manifests/site/reference-multi-tenant/target/workers/provision/metal3machinetemplate.yaml b/manifests/site/reference-multi-tenant/target/workers/provision/metal3machinetemplate.yaml new file mode 100644 index 000000000..9bddee0ed --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/provision/metal3machinetemplate.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 +kind: Metal3MachineTemplate +metadata: + name: worker-1 +spec: + template: + spec: + hostSelector: + matchLabels: + airshipit.org/k8s-role: worker + image: + ## NEWSITE_CHANGEME: update the below ips with the first target node pxe ip + url: http://172.63.0.11/images/control-plane.qcow2 + checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum + + diff --git a/manifests/site/reference-multi-tenant/target/workers/replacements/generated-secrets.yaml b/manifests/site/reference-multi-tenant/target/workers/replacements/generated-secrets.yaml new file mode 100644 index 000000000..0e452fafa --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/replacements/generated-secrets.yaml @@ -0,0 +1,20 @@ +# These rules inject env vars into the workers. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: workers-generated-secret-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2.0.2 +replacements: +- source: + objref: + name: generated-secrets + fieldref: "{.sshKeys.publicKey}" + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%" diff --git a/manifests/site/reference-multi-tenant/target/workers/replacements/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workers/replacements/kustomization.yaml new file mode 100644 index 000000000..13e5a5f7f --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/replacements/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - workers-env-vars.yaml + - generated-secrets.yaml diff --git a/manifests/site/reference-multi-tenant/target/workers/replacements/workers-env-vars.yaml b/manifests/site/reference-multi-tenant/target/workers/replacements/workers-env-vars.yaml new file mode 100644 index 000000000..aa4eece3e --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workers/replacements/workers-env-vars.yaml @@ -0,0 +1,41 @@ +# These rules inject env vars into the workers. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: workers-env-vars-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2.0.2 +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTP_PROXY%" +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTPS_PROXY%" +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_NO_PROXY%" diff --git a/manifests/site/reference-multi-tenant/target/workload/kustomization.yaml b/manifests/site/reference-multi-tenant/target/workload/kustomization.yaml new file mode 100644 index 000000000..ed3e2b79c --- /dev/null +++ b/manifests/site/reference-multi-tenant/target/workload/kustomization.yaml @@ -0,0 +1,8 @@ +resources: + - ../../../../type/multi-tenant/target/workload + - ../catalogues +transformers: + - ../../../../function/ingress/replacements + - ../../../../function/sip/replacements + - ../../../../function/synclabeller/replacements + - ../../../../function/vino/replacements