1e8f31a160
Keeping secrets separately gives an ability to use other replacements with alternative secret catalogues when current secret replacements are not desired.. Change-Id: I981f14249874bab1547f91a64144ac909c0cc69e Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
21 lines
575 B
YAML
21 lines
575 B
YAML
# These rules inject env vars into the workers.
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: ReplacementTransformer
|
|
metadata:
|
|
name: workers-generated-secret-replacements
|
|
annotations:
|
|
config.kubernetes.io/function: |-
|
|
container:
|
|
image: localhost/replacement-transformer
|
|
replacements:
|
|
- source:
|
|
objref:
|
|
name: generated-secrets
|
|
fieldref: "{.sshKeys.publicKey}"
|
|
target:
|
|
objref:
|
|
kind: KubeadmConfigTemplate
|
|
name: worker-1
|
|
fieldrefs:
|
|
- "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"
|