From 0cb655b690d19ad9e15b05a59a2691c665bc6cc7 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Fri, 4 Feb 2022 23:27:16 +0100 Subject: [PATCH] feat(system-upgrades): Install wiretrustee This patch adds wiretrustee to the cluster, allowing to access it from everywhere through a P2P VPN network based on wireguard. References: https://github.com/wiretrustee/wiretrustee --- .../k8s01/system-upgrades/wiretrustee.yaml | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 clusters/k8s01/system-upgrades/wiretrustee.yaml diff --git a/clusters/k8s01/system-upgrades/wiretrustee.yaml b/clusters/k8s01/system-upgrades/wiretrustee.yaml new file mode 100644 index 000000000..70da02570 --- /dev/null +++ b/clusters/k8s01/system-upgrades/wiretrustee.yaml @@ -0,0 +1,141 @@ +apiVersion: v1 +kind: Secret +metadata: + name: wire-trustee + namespace: system-upgrade +type: Opaque +stringData: + wiretrustee-setup-key: ENC[AES256_GCM,data:jhTOYXoxzKb4Y6WlPlglI+SQGl3s8qxeIJPUm5nMQp414ceA,iv:UWb9XpEko5Gxwf3ODOC5kWHy/IDWG1wDsXVBDIwd8Zs=,tag:PuNj8RKYw97ht+TE4FvUFg==,type:str] + wiretrustee.repo: ENC[AES256_GCM,data:p2776x+yP1G68jFJB2iAHtFpCP83DOJJWP+8SJL7Q/NkNbEncKDmoOodwXwXfwXwoZ6aIF3xpbEAYNKipvwM3YnxIkZsinYhbmEk7P8rmeINp7SFxQjX2VglY27hDU50ENBqzjyMuxdmba7PQQqOf+AKCgif2a3Hz5pz/Z06gMV84/mfZlNkyb4buA/3LoQ+TSdzPogJ8PS0GTvlHXuoTIp3UTdavncqV6inwqnc,iv:IQy1XN9RzbGqBDMAdVTQWpJbvWqeOlHhEaa2HlBeJfo=,tag:1Akwg0kZs9z5aOkIyljUTQ==,type:str] + install.sh: ENC[AES256_GCM,data:X5JSZTX6FgmAFIraJauox+tRrbOHy4aFv5WxwUg/6oKNNH+fhA+ODr/XeJpbsxxG9YFq+xppZvuZhdp511cLe53OpGLTFnCAJzhdyrURdoMZcKGycxLkdsInUbrbW1i+cjQB1ym2lxLsOc/zaityeZfEXiE/JE+U7Rl3pjXsbiXOUBmQg116r4ckb0nacxRs54M0WlRRJccS/EKuoJeFH3P3hix5O5UrbZN8JFVASuMIAjwps7M8Gszul27FrIf0Jn3uAXYYn4sRTv1dO8Y1df7wG8ivZ+K+1txzHEYk4MXDqSzHNte2z7fd2uqN6cXC4D1n8dlTVkqb0C1Lb8McMX4lfVs4lm7LQ8wp0KAfg5VgmKTIRdCMSQOah1zCNGxNf7ef7B6Jh0DtoU3tUIr+8v0Ms8ZFYgHcysCJbY5gMmKwGGpxA6robQyi/Jl752ToprOylLGp0w2XuC0=,iv:8pxxBrSBX5PJ3bBMprM9s0rtaf79AlrqkgEZDMK3xUY=,tag:phsfTFL52fh7VsgOsoCxrw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-02-04T22:24:54Z" + mac: ENC[AES256_GCM,data:ZtdyhaFGLRgHZz3hBWladIIkevbvE4r3WEDrZVG3/ex1aVW3dW23mUV034rAbzmTd8UF7eh9bsibNXGhNAuLHadZaE9N3sCAla165iofkx5Dg3uGs90I4sQCkB5SMnh0may+sAx9UhzrS01/SgpZffLm5SClZJaTVnO/IS1x8nY=,iv:MEDkHnG0/DMPLFAnZ6nFdFAcvWNlLr1N/z4jfjczmM0=,tag:ui5msQsmKFpMcRNZEl4rGg==,type:str] + pgp: + - created_at: "2022-02-04T22:24:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAARXNoNRg5h3NDrTVBMH3gJvcRlZwpvKC7mQbEZ2P2W+zg + Dul2+HCbeSTs3qGQIxL5RNOiTAf83pV/K8Pqwl/5pi0UGc7whjXOpJAMdEDUWJro + x6uoDzYzJ43QrbVUs1kVdUayGqAgVIOvaphHazdVeNT/xBh9csC5ZsfiYmlxyW54 + JdhLzFEefIQdWB/AVM/9WN637GfU6XCnh8sGb2gHEdraauMtisbn/ScJU8LMlhYf + +gAQDpO4t72kXHxrV2zQxMzsHUIX6BT6dT/qVj6FCYb89HRr4Aj9qiJMKDoItiBJ + DBsw4iDkMJPHlwS8rqbwagLeD5wA1hfh9YFCKyeHVV7eb80Hd5SjtNpHHnnasPOJ + 4RkCFUCxefjwVBzz/8MtQxtgy4QT1+7oaGK0zI/JIWmvFP9sQGyIgLSp8ambvD+B + A1vhu25kUREER+wL+TmpGbXGC8yJ9Id5uMouWrZPWsvV1k1UXT793IBZxOH/fW/M + TCCMAh8HQyb/q7bpsJ+hLVGy+P4o+UWZDqTWGjAY/Ohrc/O/SlA5SQvC31ybRvRo + B9cQZMK4oDnTbtZM0W526FnVCaDPF54E6e8ZA/VaYvvwcjkAa6dsNHI0skoQz26a + DQSfmevDQASxYOmjozEQ/Iqaxpo68m3JgxsQm1ygq15GPIhnkUfdrHTq0uw/ZOrS + 5gGDKtX506Ldo9Fb/Xm+HZgAcWj8MNSryZIZPaId0oqMmOAJGtn8QV9AWUo3MFlE + +S7TS7VQkzc0O3POa3lry5XktniZkVTWPazN0V9ChGXqj+JE/29FAA== + =8vJ3 + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-02-04T22:24:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAyva5uIcr5tTJxGp8/zWcuR21zkA9udtpNFlscLwmzg1X + ewoWE3Dhf/iVCWuwRaG1Na/dXCE1ejxPv2nkI28gZwV1y9ryjdTpbmSkOUxhm+SY + dy0GQrxOqxV3N4fyFTneAwSGyrubqmwHJtU+bf2O56ybXqMGpSda1R95OM9TX7p+ + a1/Lc5+2hrOqUCm4+wrfpUGosQeLxSu5mMRVypC7Q02tCgq34/VWGtBD9Y+bCfKH + L1N5w6ZFpNJSD7cUXgQXvIsWcEF/r3udQnZxN5gcRgBoTiu2s+PBIAEbOB7jz0Mb + 2/QmItfrJPeEjwLu5WPU7O8Hy4QHMCgY//dTlGACo5qc+pwFhSynQ1WYWqfUfD0T + BVMKdoK67v9jX7YgKuk0GeHRdw9sSsMpNCSdQ8S8gb7pZo+y2EzJp5oxNtCrgO4Z + sY8G2ECffE/3B4AMCgObfSUNOZYpHYImDXa99Ua7hJAwa5SXdVhcOcfMBFTQKFmv + 1gwBD+wZF5PZG8aldJaz6utarijCkAje/d4HJQ5rWt5DCZbPre6Q0uKqASOb3L7s + pUNJ0FJNjY56kQ9uq75ykPoUDyuxOp/3h4DbKe9N/SS/dK8YPv5I9EI6hLi5aH2a + szv6CnzD5M1aXT0eIQ/r1qrBCuYGzaky8sDdK3FvXTc9JLMNUwq3O7F3sKgRFRnU + ZgEJAhC4vNwH1LzjoVzdETEZ7xqmvgrTvFBbPghuN0qlaf90XJRxPmcI42zTBYjl + c8QFgm+c9V6g9z8U54OuJ+4J9HRmCAa9TiFNE65d4o0MNY2YpaJw2bt7f5Idqipb + SBpEaj00Rg== + =uAqR + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain|password|subjects)$ + version: 3.7.1 +--- +apiVersion: upgrade.cattle.io/v1 +kind: Plan +metadata: + name: wiretrustee + namespace: system-upgrade +spec: + concurrency: 1 + nodeSelector: + matchExpressions: + - key: feature.node.kubernetes.io/system-os_release.ID + operator: In + values: + - fedora + serviceAccountName: system-upgrade + secrets: + - name: wiretrustee + path: /host/run/system-upgrade/secrets/wiretrustee + version: 1.0.0 + upgrade: + image: registry.fedoraproject.org/fedora:35 + command: + - chroot + - /host + args: + - sh + - /run/system-upgrade/secrets/wiretrustee/install.sh +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-02-04T22:24:54Z" + mac: ENC[AES256_GCM,data:ZtdyhaFGLRgHZz3hBWladIIkevbvE4r3WEDrZVG3/ex1aVW3dW23mUV034rAbzmTd8UF7eh9bsibNXGhNAuLHadZaE9N3sCAla165iofkx5Dg3uGs90I4sQCkB5SMnh0may+sAx9UhzrS01/SgpZffLm5SClZJaTVnO/IS1x8nY=,iv:MEDkHnG0/DMPLFAnZ6nFdFAcvWNlLr1N/z4jfjczmM0=,tag:ui5msQsmKFpMcRNZEl4rGg==,type:str] + pgp: + - created_at: "2022-02-04T22:24:53Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAARXNoNRg5h3NDrTVBMH3gJvcRlZwpvKC7mQbEZ2P2W+zg + Dul2+HCbeSTs3qGQIxL5RNOiTAf83pV/K8Pqwl/5pi0UGc7whjXOpJAMdEDUWJro + x6uoDzYzJ43QrbVUs1kVdUayGqAgVIOvaphHazdVeNT/xBh9csC5ZsfiYmlxyW54 + JdhLzFEefIQdWB/AVM/9WN637GfU6XCnh8sGb2gHEdraauMtisbn/ScJU8LMlhYf + +gAQDpO4t72kXHxrV2zQxMzsHUIX6BT6dT/qVj6FCYb89HRr4Aj9qiJMKDoItiBJ + DBsw4iDkMJPHlwS8rqbwagLeD5wA1hfh9YFCKyeHVV7eb80Hd5SjtNpHHnnasPOJ + 4RkCFUCxefjwVBzz/8MtQxtgy4QT1+7oaGK0zI/JIWmvFP9sQGyIgLSp8ambvD+B + A1vhu25kUREER+wL+TmpGbXGC8yJ9Id5uMouWrZPWsvV1k1UXT793IBZxOH/fW/M + TCCMAh8HQyb/q7bpsJ+hLVGy+P4o+UWZDqTWGjAY/Ohrc/O/SlA5SQvC31ybRvRo + B9cQZMK4oDnTbtZM0W526FnVCaDPF54E6e8ZA/VaYvvwcjkAa6dsNHI0skoQz26a + DQSfmevDQASxYOmjozEQ/Iqaxpo68m3JgxsQm1ygq15GPIhnkUfdrHTq0uw/ZOrS + 5gGDKtX506Ldo9Fb/Xm+HZgAcWj8MNSryZIZPaId0oqMmOAJGtn8QV9AWUo3MFlE + +S7TS7VQkzc0O3POa3lry5XktniZkVTWPazN0V9ChGXqj+JE/29FAA== + =8vJ3 + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-02-04T22:24:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAyva5uIcr5tTJxGp8/zWcuR21zkA9udtpNFlscLwmzg1X + ewoWE3Dhf/iVCWuwRaG1Na/dXCE1ejxPv2nkI28gZwV1y9ryjdTpbmSkOUxhm+SY + dy0GQrxOqxV3N4fyFTneAwSGyrubqmwHJtU+bf2O56ybXqMGpSda1R95OM9TX7p+ + a1/Lc5+2hrOqUCm4+wrfpUGosQeLxSu5mMRVypC7Q02tCgq34/VWGtBD9Y+bCfKH + L1N5w6ZFpNJSD7cUXgQXvIsWcEF/r3udQnZxN5gcRgBoTiu2s+PBIAEbOB7jz0Mb + 2/QmItfrJPeEjwLu5WPU7O8Hy4QHMCgY//dTlGACo5qc+pwFhSynQ1WYWqfUfD0T + BVMKdoK67v9jX7YgKuk0GeHRdw9sSsMpNCSdQ8S8gb7pZo+y2EzJp5oxNtCrgO4Z + sY8G2ECffE/3B4AMCgObfSUNOZYpHYImDXa99Ua7hJAwa5SXdVhcOcfMBFTQKFmv + 1gwBD+wZF5PZG8aldJaz6utarijCkAje/d4HJQ5rWt5DCZbPre6Q0uKqASOb3L7s + pUNJ0FJNjY56kQ9uq75ykPoUDyuxOp/3h4DbKe9N/SS/dK8YPv5I9EI6hLi5aH2a + szv6CnzD5M1aXT0eIQ/r1qrBCuYGzaky8sDdK3FvXTc9JLMNUwq3O7F3sKgRFRnU + ZgEJAhC4vNwH1LzjoVzdETEZ7xqmvgrTvFBbPghuN0qlaf90XJRxPmcI42zTBYjl + c8QFgm+c9V6g9z8U54OuJ+4J9HRmCAa9TiFNE65d4o0MNY2YpaJw2bt7f5Idqipb + SBpEaj00Rg== + =uAqR + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain|password|subjects)$ + version: 3.7.1 -- GitLab