64 lines
2.4 KiB
YAML
64 lines
2.4 KiB
YAML
apiVersion: airshipit.org/v1alpha1
|
|
kind: Templater
|
|
metadata:
|
|
name: secret-template
|
|
annotations:
|
|
config.kubernetes.io/function: |
|
|
container:
|
|
image: localhost/templater
|
|
values:
|
|
sshKeyGen:
|
|
encBit: 4096
|
|
ephemeralCluster:
|
|
ca:
|
|
subj: "/CN=Kubernetes API"
|
|
validity: 3650
|
|
kubeconfigCert:
|
|
subj: "/CN=admin/O=system:masters"
|
|
validity: 365
|
|
targetCluster:
|
|
ca:
|
|
subj: "/CN=Kubernetes API"
|
|
validity: 3650
|
|
kubeconfigCert:
|
|
subj: "/CN=admin/O=system:masters"
|
|
validity: 365
|
|
template: |
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: VariableCatalogue
|
|
metadata:
|
|
labels:
|
|
airshipit.org/deploy-k8s: "false"
|
|
name: generated-secrets
|
|
annotations:
|
|
config.kubernetes.io/path: secrets.yaml
|
|
{{- $ephemeralClusterCa := genCAEx .ephemeralCluster.ca.subj (int .ephemeralCluster.ca.validity) }}
|
|
{{- $ephemeralKubeconfigCert := genSignedCertEx .ephemeralCluster.kubeconfigCert.subj nil nil (int .ephemeralCluster.kubeconfigCert.validity) $ephemeralClusterCa }}
|
|
ephemeralClusterCa:
|
|
crt: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
|
|
key: {{ $ephemeralClusterCa.Key|b64enc|quote }}
|
|
ephemeralKubeconfig:
|
|
certificate-authority-data: {{ $ephemeralClusterCa.Cert|b64enc|quote }}
|
|
client-certificate-data: {{ $ephemeralKubeconfigCert.Cert|b64enc|quote }}
|
|
client-key-data: {{ $ephemeralKubeconfigCert.Key|b64enc|quote }}
|
|
{{- $targetClusterCa := genCAEx .targetCluster.ca.subj (int .targetCluster.ca.validity) }}
|
|
{{- $targetKubeconfigCert := genSignedCertEx .targetCluster.kubeconfigCert.subj nil nil (int .targetCluster.kubeconfigCert.validity) $targetClusterCa }}
|
|
targetClusterCa:
|
|
tls.crt: {{ $targetClusterCa.Cert|b64enc|quote }}
|
|
tls.key: {{ $targetClusterCa.Key|b64enc|quote }}
|
|
targetKubeconfig:
|
|
certificate-authority-data: {{ $targetClusterCa.Cert|b64enc|quote }}
|
|
client-certificate-data: {{ $targetKubeconfigCert.Cert|b64enc|quote }}
|
|
client-key-data: {{ $targetKubeconfigCert.Key|b64enc|quote }}
|
|
isoImage:
|
|
passwords:
|
|
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
|
|
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
|
|
{{- $sshKey := genSSHKeyPair (int .sshKeyGen.encBit) }}
|
|
sshKeys:
|
|
privateKey: {{ $sshKey.Private|quote }}
|
|
publicKey: {{ $sshKey.Public|quote }}
|
|
dex:
|
|
oidc:
|
|
clientSecret: {{ regexGen "^[a-zA-Z0-9]{34}$" 34|quote }}
|