a84f980a21
Some phase entrypoints were missing in the multi-tenant type when the baremetal reference-multi-tenant-site was created. When the multi-tenant type was disassociated from the airship-core type [0], those entrypoints were created and added to all virtual sites; however, the reference multi-tenant site was not updated. This change fixes those references in the reference-multi-tenant site. [0] https://review.opendev.org/c/airship/treasuremap/+/786888 Signed-off-by: Drew Walters <andrew.walters@att.com> Change-Id: Icc346615a1a6de9cfd4a93e9b8a89a4cd0a640e0 |
||
|---|---|---|
| .. | ||
| generator | ||
| importer | ||
| results | ||
| README.md | ||
README.md
Secrets generator/encrypter/decrypter
This directory contains an utility that helps generate, encrypt and decrypt secrects. These secrects can be used anywhere in manifests.
For example we can use PGP key from SOPS example.
To get the key we need to run:
curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
and import this key as environment variable:
export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
Generator
To generate secrets we use template that will be passed
to kustomize as generators during airshipctl phase run secret-generate
execution.
Encrypter
To encrypt the secrets that have been generated we use generic container executor.
To start the secrets generate phase we need to execute following phase:
airshipctl phase run secret-generate
The executor run SOPS container and pass the pre-generated secrets to this container.
This container encrypt the secrets and write it to directory specified in kustomizeSinkOutputDir(results/generated).
Decrypter
To decrypt previously encrypted secrets we use decrypt-secrets.yaml.
It will run the decrypt sops function when we run
KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins manifests/site/test-site/target/catalogues/