airship
/
treasuremap
Code Issues Proposed changes
treasuremap/manifests/type/airship-core/target/generator/secret-template.yaml

55 lines
2.1 KiB
YAML
Raw Blame History

apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
values:
ephemeralCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
targetCluster:
ca:
subj: "/CN=Kubernetes API"
validity: 3650
kubeconfigCert:
subj: "/CN=admin/O=system:masters"
validity: 365
template: |
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: "false"
name: generated-secrets
annotations:
config.kubernetes.io/path: secrets.yaml
{{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj .ephemeralCluster.ca.validity }}
{{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil .ephemeralCluster.kubeconfigCert.validity $ephemeralClusterCa }}
ephemeralClusterCa:
crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
key: {{ $ephemeralClusterCa.Key|b64enc|quote }}
ephemeralKubeconfig:
certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }}
{{- $targetClusterCa := genCAEx .targetCluster.ca.subj .targetCluster.ca.validity }}
{{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil .targetCluster.kubeconfigCert.validity $targetClusterCa }}
targetClusterCa:
tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }}
tls.key: {{ $targetClusterCa.Key|b64enc|quote }}
targetKubeconfig:
certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }}
client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }}
client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }}
isoImage:
passwords:
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
View Git Blame Copy Permalink