8dba799c18
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.
Usage:
1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
Copy existing key from sops project
2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
3. `airshipctl phase run secret-generate`
It will generate and encrypt secret in
manifests/site/test-site/target/generator/results/generated/
4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/ > output.txt`
It will decrypt encrypted secret
Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
239 lines
5.4 KiB
YAML
239 lines
5.4 KiB
YAML
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: bootstrap-iso
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: IsoConfiguration
|
|
name: isogen
|
|
documentEntryPoint: ephemeral/bootstrap
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: initinfra-ephemeral
|
|
clusterName: ephemeral-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: ephemeral/initinfra
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: initinfra-networking-ephemeral
|
|
clusterName: ephemeral-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply-nowait
|
|
documentEntryPoint: ephemeral/initinfra-networking
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: controlplane-ephemeral
|
|
clusterName: ephemeral-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: ephemeral/controlplane
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: initinfra-target
|
|
clusterName: target-cluster
|
|
config:
|
|
cluster: target-cluster
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: target/initinfra
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: initinfra-networking-target
|
|
clusterName: target-cluster
|
|
config:
|
|
cluster: target-cluster
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply-nowait
|
|
documentEntryPoint: target/initinfra-networking
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: controlplane-target
|
|
clusterName: target-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: target/controlplane
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: workers-target
|
|
clusterName: target-cluster
|
|
config:
|
|
cluster: target-cluster
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: target/workers
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: workers-classification
|
|
clusterName: target-cluster
|
|
config:
|
|
cluster: target-cluster
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: target/workers/provision
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: clusterctl-init-ephemeral
|
|
clusterName: ephemeral-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Clusterctl
|
|
name: clusterctl_init
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: clusterctl-init-target
|
|
clusterName: target-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Clusterctl
|
|
name: clusterctl_init
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: clusterctl-move
|
|
clusterName: target-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Clusterctl
|
|
name: clusterctl_move
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: workload-target
|
|
clusterName: target-cluster
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: KubernetesApply
|
|
name: kubernetes-apply
|
|
documentEntryPoint: target/workload
|
|
---
|
|
# This phase triggers the deployment of an ephemeral cluster
|
|
# on Azure Cloud platform
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-az-genesis
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-az-genesis
|
|
---
|
|
# This phase triggers the deletion of an ephemeral cluster
|
|
# on Azure Cloud platform
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-az-cleanup
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-az-cleanup
|
|
---
|
|
# This phase triggers the deployment of an ephemeral cluster
|
|
# on Google Cloud platform
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-gcp-genesis
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-gcp-genesis
|
|
---
|
|
# This phase triggers the deletion of an ephemeral cluster
|
|
# on Google Cloud platform
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-gcp-cleanup
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-gcp-cleanup
|
|
---
|
|
# This phase triggers the deployment of an ephemeral cluster
|
|
# on Openstack
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-os-genesis
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-os-genesis
|
|
---
|
|
# This phase triggers the deletion of an ephemeral cluster
|
|
# on Openstack
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: ephemeral-os-cleanup
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: BootConfiguration
|
|
name: ephemeral-os-cleanup
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: Phase
|
|
metadata:
|
|
name: secret-generate
|
|
config:
|
|
executorRef:
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: GenericContainer
|
|
name: encrypter
|
|
documentEntryPoint: target/generator
|