b51e7559b6
This patchset introduces a generated with template [1] and encrypted VariableCatalogue generated-secrets that contains steps to generate: ephemeral and target CA+admin key/cert and passwords for users in ephemeral bootstrap iso. It also introduces the way how these secrets are used in manifests: They're decrypted by kustomize and incorporated into the folders `catalogues` in the site, so they can be used by replacement plugin. This patchset contains modifications in replacement plugin configurations to put the decrypted values from VariableCatalogue in place. Since k8s secrets were substituted with generated values this patchset removes pre-generated k8s secrets. [1] manifests/type/gating/target/generator/secret-template.yaml Change-Id: I0898c74012833f0e171d36bb8145acf358510b69
Function: ephemeral
This function defines the configuration for a bare metal ephemeral
bootstrapping image, which can be built via airshipctl image build
and delivered over the WAN to a remote
host via redfish using airshipctl baremetal remotedirect.
REQUIRED: a networking VariableCatalogue must be used to
override some Kubernetes networking configuration.
A base example for this catalogue can be found in the airshipctl-base-catalogues
function. If using the catalogue, apply the replacements/ entrypoint
at the site level, as a Kustomize transformer.
Alternately, the entire text payload of the ephemeral secret may be overridden via normal Kustomize patching.