e2c56108ee
1. Extending templater with kyaml functions and creating combined catalogue to be able to request/update the existing resources. This is based on 'everything is transformer' concept introduced in kustomize 4.x That includes gathering all secrets into 1 variable catalogue and special mechanism to regenerate/merge with manual secrets. 2. Implementing 'catalogue per cluster' approach for secrets. 3. Rearranging secrets so it's possible to use: pgp (each person may have his own key), age, Hachicorp Vault and etc and the list of people who can decrypt documents is set in a special file. Since in some cases there should be a separate list of people who can decrypt data - this list is set for each cluster (ephemeral and target) separatelly. Closes: #586 Change-Id: I038f84dd138d5ad4a35f4862c61ff2124c2fd530
16 lines
353 B
YAML
16 lines
353 B
YAML
apiVersion: airshipit.org/v1alpha1
|
|
kind: VariableCatalogue
|
|
metadata:
|
|
labels:
|
|
airshipit.org/deploy-k8s: 'false'
|
|
name: combined-ephemeral-secrets-import
|
|
secretGroups: []
|
|
---
|
|
apiVersion: airshipit.org/v1alpha1
|
|
kind: VariableCatalogue
|
|
metadata:
|
|
labels:
|
|
airshipit.org/deploy-k8s: 'false'
|
|
name: combined-target-secrets-import
|
|
secretGroups: []
|