Vladislav Kuzmin 8dba799c18 Add secrets generator phase
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.

Usage:
    1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
       Copy existing key from sops project
    2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
    3. `airshipctl phase run secret-generate`
        It will generate and encrypt secret in
        manifests/site/test-site/target/generator/results/generated/
    4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
        manifests/site/test-site/target/catalogues/ > output.txt`
	It will decrypt encrypted secret

Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
2021-01-14 18:57:15 +00:00

239 lines
5.4 KiB
YAML

apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: bootstrap-iso
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: IsoConfiguration
name: isogen
documentEntryPoint: ephemeral/bootstrap
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: ephemeral/initinfra
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-networking-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply-nowait
documentEntryPoint: ephemeral/initinfra-networking
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: controlplane-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: ephemeral/controlplane
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-target
clusterName: target-cluster
config:
cluster: target-cluster
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/initinfra
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-networking-target
clusterName: target-cluster
config:
cluster: target-cluster
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply-nowait
documentEntryPoint: target/initinfra-networking
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: controlplane-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/controlplane
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workers-target
clusterName: target-cluster
config:
cluster: target-cluster
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workers
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workers-classification
clusterName: target-cluster
config:
cluster: target-cluster
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workers/provision
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: clusterctl-init-ephemeral
clusterName: ephemeral-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
name: clusterctl_init
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: clusterctl-init-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
name: clusterctl_init
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: clusterctl-move
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
name: clusterctl_move
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workload-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workload
---
# This phase triggers the deployment of an ephemeral cluster
# on Azure Cloud platform
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-az-genesis
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-az-genesis
---
# This phase triggers the deletion of an ephemeral cluster
# on Azure Cloud platform
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-az-cleanup
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-az-cleanup
---
# This phase triggers the deployment of an ephemeral cluster
# on Google Cloud platform
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-gcp-genesis
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-gcp-genesis
---
# This phase triggers the deletion of an ephemeral cluster
# on Google Cloud platform
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-gcp-cleanup
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-gcp-cleanup
---
# This phase triggers the deployment of an ephemeral cluster
# on Openstack
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-os-genesis
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-os-genesis
---
# This phase triggers the deletion of an ephemeral cluster
# on Openstack
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: ephemeral-os-cleanup
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: BootConfiguration
name: ephemeral-os-cleanup
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: secret-generate
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: GenericContainer
name: encrypter
documentEntryPoint: target/generator