treasuremap/manifests/type/airship-core/target/generator/secret-template.yaml

64 lines
2.4 KiB
YAML

apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: localhost/templater
values:
sshKeyGen:
encBit: 4096
ephemeralCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
targetCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
template: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: generated-secrets
annotations:
config.kubernetes.io/path: secrets.yaml
{{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj .ephemeralCluster.ca.validity }}
{{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil .ephemeralCluster.kubeconfigCert.validity $ephemeralClusterCa }}
ephemeralClusterCa:
crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
key: {{ $ephemeralClusterCa.Key|b64enc|quote }}
ephemeralKubeconfig:
certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }}
{{- $targetClusterCa := genCAEx .targetCluster.ca.subj .targetCluster.ca.validity }}
{{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil .targetCluster.kubeconfigCert.validity $targetClusterCa }}
targetClusterCa:
tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }}
tls.key: {{ $targetClusterCa.Key|b64enc|quote }}
targetKubeconfig:
certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }}
isoImage:
passwords:
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
{{- $sshKey := genSSHKeyPair .sshKeyGen.encBit }}
sshKeys:
privateKey: {{ $sshKey.Private|quote }}
publicKey: {{ $sshKey.Public|quote }}
dex:
oidc:
clientSecret: {{ regexGen "^[a-zA-Z0-9]{34}$" 34|quote }}