Skip to content
Snippets Groups Projects
Verified Commit 0cb655b6 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(system-upgrades): Install wiretrustee 

This patch adds wiretrustee to the cluster, allowing to access it from
everywhere through a P2P VPN network based on wireguard.

References:
https://github.com/wiretrustee/wiretrustee
parent 5ec39ce8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
clusters/k8s01/system-upgrades/wiretrustee.yaml 0 → 100644
+ 141
0
View file @ 0cb655b6
apiVersion: v1
kind: Secret
metadata:
name: wire-trustee
namespace: system-upgrade
type: Opaque
stringData:
wiretrustee-setup-key: ENC[AES256_GCM,data:jhTOYXoxzKb4Y6WlPlglI+SQGl3s8qxeIJPUm5nMQp414ceA,iv:UWb9XpEko5Gxwf3ODOC5kWHy/IDWG1wDsXVBDIwd8Zs=,tag:PuNj8RKYw97ht+TE4FvUFg==,type:str]
wiretrustee.repo: ENC[AES256_GCM,data:p2776x+yP1G68jFJB2iAHtFpCP83DOJJWP+8SJL7Q/NkNbEncKDmoOodwXwXfwXwoZ6aIF3xpbEAYNKipvwM3YnxIkZsinYhbmEk7P8rmeINp7SFxQjX2VglY27hDU50ENBqzjyMuxdmba7PQQqOf+AKCgif2a3Hz5pz/Z06gMV84/mfZlNkyb4buA/3LoQ+TSdzPogJ8PS0GTvlHXuoTIp3UTdavncqV6inwqnc,iv:IQy1XN9RzbGqBDMAdVTQWpJbvWqeOlHhEaa2HlBeJfo=,tag:1Akwg0kZs9z5aOkIyljUTQ==,type:str]
install.sh: ENC[AES256_GCM,data:X5JSZTX6FgmAFIraJauox+tRrbOHy4aFv5WxwUg/6oKNNH+fhA+ODr/XeJpbsxxG9YFq+xppZvuZhdp511cLe53OpGLTFnCAJzhdyrURdoMZcKGycxLkdsInUbrbW1i+cjQB1ym2lxLsOc/zaityeZfEXiE/JE+U7Rl3pjXsbiXOUBmQg116r4ckb0nacxRs54M0WlRRJccS/EKuoJeFH3P3hix5O5UrbZN8JFVASuMIAjwps7M8Gszul27FrIf0Jn3uAXYYn4sRTv1dO8Y1df7wG8ivZ+K+1txzHEYk4MXDqSzHNte2z7fd2uqN6cXC4D1n8dlTVkqb0C1Lb8McMX4lfVs4lm7LQ8wp0KAfg5VgmKTIRdCMSQOah1zCNGxNf7ef7B6Jh0DtoU3tUIr+8v0Ms8ZFYgHcysCJbY5gMmKwGGpxA6robQyi/Jl752ToprOylLGp0w2XuC0=,iv:8pxxBrSBX5PJ3bBMprM9s0rtaf79AlrqkgEZDMK3xUY=,tag:phsfTFL52fh7VsgOsoCxrw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-02-04T22:24:54Z"
mac: ENC[AES256_GCM,data:ZtdyhaFGLRgHZz3hBWladIIkevbvE4r3WEDrZVG3/ex1aVW3dW23mUV034rAbzmTd8UF7eh9bsibNXGhNAuLHadZaE9N3sCAla165iofkx5Dg3uGs90I4sQCkB5SMnh0may+sAx9UhzrS01/SgpZffLm5SClZJaTVnO/IS1x8nY=,iv:MEDkHnG0/DMPLFAnZ6nFdFAcvWNlLr1N/z4jfjczmM0=,tag:ui5msQsmKFpMcRNZEl4rGg==,type:str]
pgp:
- created_at: "2022-02-04T22:24:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcARAARXNoNRg5h3NDrTVBMH3gJvcRlZwpvKC7mQbEZ2P2W+zg
Dul2+HCbeSTs3qGQIxL5RNOiTAf83pV/K8Pqwl/5pi0UGc7whjXOpJAMdEDUWJro
x6uoDzYzJ43QrbVUs1kVdUayGqAgVIOvaphHazdVeNT/xBh9csC5ZsfiYmlxyW54
JdhLzFEefIQdWB/AVM/9WN637GfU6XCnh8sGb2gHEdraauMtisbn/ScJU8LMlhYf
+gAQDpO4t72kXHxrV2zQxMzsHUIX6BT6dT/qVj6FCYb89HRr4Aj9qiJMKDoItiBJ
DBsw4iDkMJPHlwS8rqbwagLeD5wA1hfh9YFCKyeHVV7eb80Hd5SjtNpHHnnasPOJ
4RkCFUCxefjwVBzz/8MtQxtgy4QT1+7oaGK0zI/JIWmvFP9sQGyIgLSp8ambvD+B
A1vhu25kUREER+wL+TmpGbXGC8yJ9Id5uMouWrZPWsvV1k1UXT793IBZxOH/fW/M
TCCMAh8HQyb/q7bpsJ+hLVGy+P4o+UWZDqTWGjAY/Ohrc/O/SlA5SQvC31ybRvRo
B9cQZMK4oDnTbtZM0W526FnVCaDPF54E6e8ZA/VaYvvwcjkAa6dsNHI0skoQz26a
DQSfmevDQASxYOmjozEQ/Iqaxpo68m3JgxsQm1ygq15GPIhnkUfdrHTq0uw/ZOrS
5gGDKtX506Ldo9Fb/Xm+HZgAcWj8MNSryZIZPaId0oqMmOAJGtn8QV9AWUo3MFlE
+S7TS7VQkzc0O3POa3lry5XktniZkVTWPazN0V9ChGXqj+JE/29FAA==
=8vJ3
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-02-04T22:24:53Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAyva5uIcr5tTJxGp8/zWcuR21zkA9udtpNFlscLwmzg1X
ewoWE3Dhf/iVCWuwRaG1Na/dXCE1ejxPv2nkI28gZwV1y9ryjdTpbmSkOUxhm+SY
dy0GQrxOqxV3N4fyFTneAwSGyrubqmwHJtU+bf2O56ybXqMGpSda1R95OM9TX7p+
a1/Lc5+2hrOqUCm4+wrfpUGosQeLxSu5mMRVypC7Q02tCgq34/VWGtBD9Y+bCfKH
L1N5w6ZFpNJSD7cUXgQXvIsWcEF/r3udQnZxN5gcRgBoTiu2s+PBIAEbOB7jz0Mb
2/QmItfrJPeEjwLu5WPU7O8Hy4QHMCgY//dTlGACo5qc+pwFhSynQ1WYWqfUfD0T
BVMKdoK67v9jX7YgKuk0GeHRdw9sSsMpNCSdQ8S8gb7pZo+y2EzJp5oxNtCrgO4Z
sY8G2ECffE/3B4AMCgObfSUNOZYpHYImDXa99Ua7hJAwa5SXdVhcOcfMBFTQKFmv
1gwBD+wZF5PZG8aldJaz6utarijCkAje/d4HJQ5rWt5DCZbPre6Q0uKqASOb3L7s
pUNJ0FJNjY56kQ9uq75ykPoUDyuxOp/3h4DbKe9N/SS/dK8YPv5I9EI6hLi5aH2a
szv6CnzD5M1aXT0eIQ/r1qrBCuYGzaky8sDdK3FvXTc9JLMNUwq3O7F3sKgRFRnU
ZgEJAhC4vNwH1LzjoVzdETEZ7xqmvgrTvFBbPghuN0qlaf90XJRxPmcI42zTBYjl
c8QFgm+c9V6g9z8U54OuJ+4J9HRmCAa9TiFNE65d4o0MNY2YpaJw2bt7f5Idqipb
SBpEaj00Rg==
=uAqR
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain|password|subjects)$
version: 3.7.1
---
apiVersion: upgrade.cattle.io/v1
kind: Plan
metadata:
name: wiretrustee
namespace: system-upgrade
spec:
concurrency: 1
nodeSelector:
matchExpressions:
- key: feature.node.kubernetes.io/system-os_release.ID
operator: In
values:
- fedora
serviceAccountName: system-upgrade
secrets:
- name: wiretrustee
path: /host/run/system-upgrade/secrets/wiretrustee
version: 1.0.0
upgrade:
image: registry.fedoraproject.org/fedora:35
command:
- chroot
- /host
args:
- sh
- /run/system-upgrade/secrets/wiretrustee/install.sh
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-02-04T22:24:54Z"
mac: ENC[AES256_GCM,data:ZtdyhaFGLRgHZz3hBWladIIkevbvE4r3WEDrZVG3/ex1aVW3dW23mUV034rAbzmTd8UF7eh9bsibNXGhNAuLHadZaE9N3sCAla165iofkx5Dg3uGs90I4sQCkB5SMnh0may+sAx9UhzrS01/SgpZffLm5SClZJaTVnO/IS1x8nY=,iv:MEDkHnG0/DMPLFAnZ6nFdFAcvWNlLr1N/z4jfjczmM0=,tag:ui5msQsmKFpMcRNZEl4rGg==,type:str]
pgp:
- created_at: "2022-02-04T22:24:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcARAARXNoNRg5h3NDrTVBMH3gJvcRlZwpvKC7mQbEZ2P2W+zg
Dul2+HCbeSTs3qGQIxL5RNOiTAf83pV/K8Pqwl/5pi0UGc7whjXOpJAMdEDUWJro
x6uoDzYzJ43QrbVUs1kVdUayGqAgVIOvaphHazdVeNT/xBh9csC5ZsfiYmlxyW54
JdhLzFEefIQdWB/AVM/9WN637GfU6XCnh8sGb2gHEdraauMtisbn/ScJU8LMlhYf
+gAQDpO4t72kXHxrV2zQxMzsHUIX6BT6dT/qVj6FCYb89HRr4Aj9qiJMKDoItiBJ
DBsw4iDkMJPHlwS8rqbwagLeD5wA1hfh9YFCKyeHVV7eb80Hd5SjtNpHHnnasPOJ
4RkCFUCxefjwVBzz/8MtQxtgy4QT1+7oaGK0zI/JIWmvFP9sQGyIgLSp8ambvD+B
A1vhu25kUREER+wL+TmpGbXGC8yJ9Id5uMouWrZPWsvV1k1UXT793IBZxOH/fW/M
TCCMAh8HQyb/q7bpsJ+hLVGy+P4o+UWZDqTWGjAY/Ohrc/O/SlA5SQvC31ybRvRo
B9cQZMK4oDnTbtZM0W526FnVCaDPF54E6e8ZA/VaYvvwcjkAa6dsNHI0skoQz26a
DQSfmevDQASxYOmjozEQ/Iqaxpo68m3JgxsQm1ygq15GPIhnkUfdrHTq0uw/ZOrS
5gGDKtX506Ldo9Fb/Xm+HZgAcWj8MNSryZIZPaId0oqMmOAJGtn8QV9AWUo3MFlE
+S7TS7VQkzc0O3POa3lry5XktniZkVTWPazN0V9ChGXqj+JE/29FAA==
=8vJ3
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-02-04T22:24:53Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAyva5uIcr5tTJxGp8/zWcuR21zkA9udtpNFlscLwmzg1X
ewoWE3Dhf/iVCWuwRaG1Na/dXCE1ejxPv2nkI28gZwV1y9ryjdTpbmSkOUxhm+SY
dy0GQrxOqxV3N4fyFTneAwSGyrubqmwHJtU+bf2O56ybXqMGpSda1R95OM9TX7p+
a1/Lc5+2hrOqUCm4+wrfpUGosQeLxSu5mMRVypC7Q02tCgq34/VWGtBD9Y+bCfKH
L1N5w6ZFpNJSD7cUXgQXvIsWcEF/r3udQnZxN5gcRgBoTiu2s+PBIAEbOB7jz0Mb
2/QmItfrJPeEjwLu5WPU7O8Hy4QHMCgY//dTlGACo5qc+pwFhSynQ1WYWqfUfD0T
BVMKdoK67v9jX7YgKuk0GeHRdw9sSsMpNCSdQ8S8gb7pZo+y2EzJp5oxNtCrgO4Z
sY8G2ECffE/3B4AMCgObfSUNOZYpHYImDXa99Ua7hJAwa5SXdVhcOcfMBFTQKFmv
1gwBD+wZF5PZG8aldJaz6utarijCkAje/d4HJQ5rWt5DCZbPre6Q0uKqASOb3L7s
pUNJ0FJNjY56kQ9uq75ykPoUDyuxOp/3h4DbKe9N/SS/dK8YPv5I9EI6hLi5aH2a
szv6CnzD5M1aXT0eIQ/r1qrBCuYGzaky8sDdK3FvXTc9JLMNUwq3O7F3sKgRFRnU
ZgEJAhC4vNwH1LzjoVzdETEZ7xqmvgrTvFBbPghuN0qlaf90XJRxPmcI42zTBYjl
c8QFgm+c9V6g9z8U54OuJ+4J9HRmCAa9TiFNE65d4o0MNY2YpaJw2bt7f5Idqipb
SBpEaj00Rg==
=uAqR
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain|password|subjects)$
version: 3.7.1
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment