Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add flavor to run Gardener in the mini-lab #202

Merged
merged 34 commits into from
Jan 15, 2025
Merged

Add flavor to run Gardener in the mini-lab #202

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
c64e43e
[skip ci] Next attempt to run Gardener in mini-lab.
Gerrit91 Nov 13, 2024
c0ec9e6
[skip ci] Merge remote-tracking branch 'origin/master' into gardener-…
Gerrit91 Nov 20, 2024
a1f220a
Move to PowerDNS extension.
Gerrit91 Nov 20, 2024
1f6d8a6
No override.
Gerrit91 Nov 20, 2024
056336c
Merge branch 'master' into gardener-local
Gerrit91 Nov 25, 2024
ef5a679
Progress.
Gerrit91 Dec 12, 2024
47a074d
Merge remote-tracking branch 'origin/master' into gardener-local
Gerrit91 Dec 13, 2024
91fe624
Adaptions.
Gerrit91 Dec 13, 2024
cd17756
Unused var.
Gerrit91 Dec 13, 2024
40a6844
Merge branch 'master' into gardener-local
Gerrit91 Jan 8, 2025
c890d9b
metal-roles was merged.
Gerrit91 Jan 8, 2025
41fc464
Merge remote-tracking branch 'origin/gardener-local' into gardener-local
Gerrit91 Jan 8, 2025
869dcd0
Merge branch 'master' into gardener-local
Gerrit91 Jan 13, 2025
936af29
Add module to patch istio ingress gateway svc.
Gerrit91 Jan 13, 2025
17e5126
Add retries.
Gerrit91 Jan 13, 2025
e8e185a
Not required anymore to overwrite DNS extension.
Gerrit91 Jan 13, 2025
c914dd0
Fix wait condition.
Gerrit91 Jan 13, 2025
c2c9b9c
Default to false.
Gerrit91 Jan 14, 2025
412d17b
Fix on wait condition.
Gerrit91 Jan 14, 2025
f67fbe2
Fix.
Gerrit91 Jan 14, 2025
84b9a80
Wait until seed is ready.
Gerrit91 Jan 14, 2025
9470eba
Test the flavor.
Gerrit91 Jan 14, 2025
065c579
Remove certs.
Gerrit91 Jan 14, 2025
17c0bb9
Generate certs dynamically.
Gerrit91 Jan 14, 2025
4d31ec6
Revert.
Gerrit91 Jan 14, 2025
64ec848
Rename orgs.
Gerrit91 Jan 14, 2025
3c09002
Deps.
Gerrit91 Jan 14, 2025
e55b150
Remove vault stuff.
Gerrit91 Jan 14, 2025
5a8affd
Add target to roll certs.
Gerrit91 Jan 14, 2025
c10a73d
Remove mariadb from PowerDNS.
Gerrit91 Jan 15, 2025
ece939d
Reduce PowerDNS requests.
Gerrit91 Jan 15, 2025
21a5cb9
Improve roll_certs shell script.
Gerrit91 Jan 15, 2025
1c12183
Fix cumulus repos.
Gerrit91 Jan 15, 2025
d92a628
Update 2.3.8.
Gerrit91 Jan 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,4 @@ requirements.yaml
.extra_vars.yaml
sonic-vs.img
*.bak
.ansible
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ansible caches git clones here, which are happening in the Gardener role.

24 changes: 24 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@ else ifeq ($(MINI_LAB_FLAVOR),capms)
LAB_MACHINES=machine01,machine02,machine03
LAB_TOPOLOGY=mini-lab.capms.yaml
VRF=Vrf20
else ifeq ($(MINI_LAB_FLAVOR),gardener)
GARDENER_ENABLED=true
# usually gardener restricts the maximum version for k8s:
K8S_VERSION=1.30.6
LAB_MACHINES=machine01,machine02
LAB_TOPOLOGY=mini-lab.sonic.yaml
VRF=Vrf20
else
$(error Unknown flavor $(MINI_LAB_FLAVOR))
endif
Expand Down Expand Up @@ -272,3 +279,20 @@ dev-env:
@echo "export METALCTL_API_URL=http://api.172.17.0.1.nip.io:8080/metal"
@echo "export METALCTL_HMAC=metal-admin"
@echo "export KUBECONFIG=$(KUBECONFIG)"

## Gardener integration

.PHONY: fetch-virtual-kubeconfig
fetch-virtual-kubeconfig:
kubectl config unset users.virtual-garden
kubectl config unset contexts.virtual-garden
kubectl config unset clusters.virtual-garden
kubectl get secret -n garden garden-kubeconfig-for-admin -o jsonpath='{.data.kubeconfig}' | base64 -d > .virtual-kubeconfig
kubectl --kubeconfig=.virtual-kubeconfig config rename-context garden virtual-garden
sed -i 's/name: garden/name: virtual-garden/g' .virtual-kubeconfig
sed -i 's/name: admin/name: virtual-garden/g' .virtual-kubeconfig
kubectl --kubeconfig=.virtual-kubeconfig config set contexts.virtual-garden.cluster virtual-garden
kubectl --kubeconfig=.virtual-kubeconfig config set contexts.virtual-garden.user virtual-garden
KUBECONFIG=$$KUBECONFIG:.virtual-kubeconfig kubectl config view --flatten > .merged-kubeconfig
rm .virtual-kubeconfig
mv .merged-kubeconfig .kubeconfig
6 changes: 4 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,8 +196,10 @@ docker compose run --rm metalctl machine rm 00000000-0000-0000-0000-000000000001

There are two versions, or flavors, of the mini-lab environment which differ in regards to the NOS running on the leaves:

- `cumulus` -- runs 2 Cumulus switches.
- `sonic` -- runs 2 SONiC switches
- `cumulus`: runs 2 Cumulus switches.
- `sonic`: runs 2 SONiC switches
- `capms`: runs the SONiC flavor but with three instead of two machines (this is used for [cluster-provider-metal-stack](https://github.com/metal-stack/cluster-api-provider-metal-stack) in order to have dedicated hosts for control plane / worker / firewall)
- `gardener`: installs the [Gardener](https://gardener.cloud) in the mini-lab

In order to start specific flavor, you can define the flavor as follows:

Expand Down
13 changes: 1 addition & 12 deletions compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,9 @@ services:
- CI=${CI}
- DOCKER_HUB_USER=${DOCKER_HUB_USER}
- DOCKER_HUB_TOKEN=${DOCKER_HUB_TOKEN}
- GARDENER_ENABLED=${GARDENER_ENABLED:-false}
network_mode: host
working_dir: /mini-lab
dns:
Gerrit91 marked this conversation as resolved.
Show resolved Hide resolved
- 172.17.0.1
- 1.1.1.1
- 1.0.0.1
entrypoint:
- /bin/bash
- -ce
Expand Down Expand Up @@ -55,10 +52,6 @@ services:
- DOCKER_HUB_TOKEN=${DOCKER_HUB_TOKEN}
network_mode: host
working_dir: /mini-lab
dns:
- 172.17.0.1
- 1.1.1.1
- 1.0.0.1
entrypoint:
- /bin/bash
- -ce
Expand All @@ -82,8 +75,4 @@ services:
- ./files/ignition.json:/tmp/ignition.json
- ./files/rules.yaml:/tmp/rules.yaml
network_mode: host
dns:
- 172.17.0.1
- 1.1.1.1
- 1.0.0.1
command: --version
8 changes: 4 additions & 4 deletions deploy_control_plane.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,6 @@
hosts: control-plane
connection: local
gather_facts: false
vars:
setup_yaml:
- url: https://raw.githubusercontent.com/metal-stack/releases/{{ metal_stack_release_version }}/release.yaml
meta_var: metal_stack_release
roles:
- name: ansible-common
tags: always
Expand All @@ -26,3 +22,7 @@
tags: auditing
- name: metal-roles/control-plane/roles/metal
tags: metal

- name: deploy gardener
import_playbook: deploy_gardener.yaml
when: gardener_enabled
68 changes: 68 additions & 0 deletions deploy_gardener.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
- name: deploy gardener
hosts: control-plane
connection: local
gather_facts: false
pre_tasks:
- name: Fake Gardener metal shoot
k8s:
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: shoot-info
namespace: kube-system
data:
nodeNetwork: 172.18.0.0/16
podNetwork: 10.244.0.0/24
serviceNetwork: 10.96.0.0/16

- name: Create garden namespace
k8s:
definition:
apiVersion: v1
kind: Namespace
metadata:
name: garden

# our current state in metal-roles/gardener does not support network policies from gardenlet <-> virtual garden
# this should be possible to resolve when we use the Gardener Operator
- name: Deploy allow all network policy
k8s:
definition: "{{ lookup('file', 'netpol-allow-all.yaml') }}"
namespace: garden
apply: yes
roles:
- name: ansible-common
tags: always
- name: minio
- name: powerdns
- name: metal-roles/control-plane/roles/gardener
tags: gardener
vars:
metal_control_plane_host_provider: metal

post_tasks:
# gardener exposes the istio ingress gateway through service type load balancer
# we can fake the exposal by patching the status field, which is also what's
# done in the gardener local environment
- name: Wait for istio ingress gateway service
kubernetes.core.k8s_info:
api_version: v1
kind: Service
name: istio-ingressgateway
namespace: istio-ingress
register: result
until: result.resources
retries: 30
delay: 10

- name: Patch ingress status of istio ingress gateway to allow seed to get ready
patch_service_status_k8s:
name: istio-ingressgateway
namespace: istio-ingress
body:
status:
loadBalancer:
ingress:
- ip: "172.17.0.1"
12 changes: 0 additions & 12 deletions deploy_partition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,6 @@

- name: Deploy dhcp server and pixiecore on leaf01
hosts: leaf01
vars:
setup_yaml:
- url: https://raw.githubusercontent.com/metal-stack/releases/{{ metal_stack_release_version }}/release.yaml
meta_var: metal_stack_release
roles:
- name: ansible-common
tags: always
Expand All @@ -51,10 +47,6 @@

- name: Deploy metal-core
hosts: leaves
vars:
setup_yaml:
- url: https://raw.githubusercontent.com/metal-stack/releases/{{ metal_stack_release_version }}/release.yaml
meta_var: metal_stack_release
roles:
- name: ansible-common
tags: always
Expand All @@ -65,10 +57,6 @@
hosts: localhost
connection: local
gather_facts: no
vars:
setup_yaml:
- url: https://raw.githubusercontent.com/metal-stack/releases/{{ metal_stack_release_version }}/release.yaml
meta_var: metal_stack_release
roles:
- name: ansible-common
tags: always
Expand Down
98 changes: 49 additions & 49 deletions files/certs/ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,51 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAnVMaZPlH1+0WlsphKDxjdyME0Q8DG5WXJxmR1OEgJEyKNfh0
sr0tJzRGhNbrihiWNrrm5ojQ7+XRJmjCXX+g5ZJZYQhsw8ezzOg5jwBp3VHUGd8f
ARbdVbd3Dy0rzUL2E0B0SnBL58G/FrG7G4jpjiBDFretPhxRjkqvR59WCV2XAyVg
PSnre1tfkQbmLdVOMlbfmjidZ+FROH9fQk7E9TdZnfRKh7PCRJ1kRnHzcHK12S1s
majb6XilrcvjVOTKQuVdtKb9FDN1ooXUAAQlviRUWokw0BN2s9IW/dmiuUlmmjmz
L3C62kojd1/NxYmVvnm6REU1krWA+ak2HdVbxjHS6bmHUI0CvmMddr6qALpJhk+F
tMUNYvDGqiRd92hjqq3n/XJCK3u0wXOJxqSQbGdCVFS7DrO/jUEeIlahlDcA7iK8
QwaY6Ze0R2HTcs/cKGbm+qC/b0naNcPtCqRaEZ06QfEHE1/rOWItsYPyB+N25wAm
yAIUOBIiM4sNTEPxv17Fg1N+RJFspRAZ6D5NGCUY/h8T6tyqfICDHPhhPZDt+80e
xULjBSX+OBqzu0E//2sg9wr/6gkpk6+r1zWjm82SEdxmuDOXUPqBwB4obmmXvymk
SMfLo+EXAQAzZ4+/R1I+GWc2x146MPu/M5ras+PL5HD+ELhr5y2ofL9HbZMCAwEA
AQKCAgABz1z0YHHVKCMkZPutLNSwIDUD+ro8bQIqLv8ghd6KzF6itFMTY13Ln6xY
Buj608GWq5vQdy6ANBKt8HKcBMXjHkXs+d3Wesu0xc8zt/t/0lswWQLQTmUJgWzb
PdfNKsIOAqXT3WriJbZ/GlhevrqBKhnbfw19M3I0wuM1Xb3tqaf9H0b2LS9KYgi9
cGjhihy2M42rBo+5DDyU+9IqvyFA+PwM9yyMVyMbCvyGWvVEC+3Pq9geBHVTQFIX
p8rbxS4WivEDDRDIVLc7wXJo9aNBhsV5rS5klnS9KOOe1AwtOYz2pUdMem2L6WJz
EyUY6rZQVLIx6uHs6C2tsaavvS6rGnVhVo2fVnfHJW0R0GwQk/m+ozTiYuUQB3nd
LLdHcnoVfORazHK9eQx57VdciYAfdUpoTtQpti0mXt4CPgNePx7MeFJQ2XmUZn9g
45WHC0T8JYbZYwBDrGMGuPI8SAUKigBFd1CnqMvqTYueD/FyAqXy4BnXGS/9vRwL
ivpEpgZkJBb7MFWKIyvH3IUnbanCWXHS0HzuPMIVdy6z5Y04j90nHcQCxw86J622
pFOYjpfUYuJdvicXeUmfrlS8IxIfkRPmYhlwjoGrSUftybpVK+dp+YvF89DSstbk
HSU1i1UqzcHBUN+4yPr+JAbPpYdvvIgaCKRrNkgO3jutxKSkgQKCAQEAyzuB+O4m
s0cV7InNXoDWNVyZ4PKNL92q2WZDTf83kil9AL1llNgN+QPq3d6CV2Gez+RRYoB2
HfvZ++u5p0jNAMdtg8mV+S/5jC06rKRua1aIR2vC+1xdO7d+SrfVUqaOdG5EZQu0
VeGABhgAWGfTmzgfg/yhcXeqyHDhXV9MTgXW2nhQYYC66yQOQa4s4b37UdhC4jEU
WiL3vdfKUtsSiwYCg6ebzD2ptmjkhpgK3uNnQZhG+L6Qqsekex77I43mTWEPMLlA
jcBXxpsa6aUn5YFEQPpgeDOomImTT1upJbJdWgnukJMZsDlgRa6Z+XBbhK+Bk32W
U7ypqBBAsCRaMwKCAQEAxiwvagiQWw1GRZy/RxPGr5iDiThNAVd4FASCezlYtG8n
6aekfoE6x/h8VWa5e9AXIJR4riodkAoioL08iiGv9VxF17iPPtWgkg21dpHxybCa
hFIqHbJKMeMwWlNZOM58A9puaKFoDZPgP5eF3EI9wc7mBnJmuanRf2ke5x+G/beQ
wbayKL7ny6ipt6rmiwKLx6aADh5Y/gGrtxF+BOPWdAIfrkKw6LlQ8VNZrSbuys2p
kzWhopvJ9h2zdvSYO2sNXmuXYbjJ1J4BB1m4Vb65349kLKdckTKhFcNtra1oq60f
TOUIrC+tcPbtkGTppHFikWpIzxaYtmryDIn5Z0X/IQKCAQEAoZEkacbCo4HezxZa
W0fng7Kjbq7FSYlbGsvus+IyxpMPGnh3elYs/Yt8u3f6fQdRnwpvHPTtcjbXfCxR
gskgmP7ydHPdM6ZNKICIhdmPIuw/GTB1aSlrwV7GGxZ8k+FvnOZQn1gnvKKyCaYp
GB8qndqHS4Gawz8UWZdLwtRRMDH6NeKyXGFfuDII13Rln+1OECnyOio0eNgVxin4
YdhhrH5Rn2KvPDbFZguLqejTs5BrdT1fJr8w+WQPwgXGN+TGczu3PM/5nveLkIuc
YKT4y77xiQrDiKvg26t7nfpLxXlAN6VvsCYRpQRoId2F8US+rQRt6dhMmzOAWOja
1G2B+wKCAQEAg1usfht5HHGbH+97trB8Jc7xeZaRLI9/L72hg+6KRufbS/zsg1JD
1WN3fuBdmJ1hhx4DNGcEO4MMWwG0zFbyHLByN0DF6r+N9OITY6nv3GIsugMAmbih
h5nxZh4TaR0thRxXzREYOM/JeD2G5G4gI4RyYtmYD/9pt4vFiSwTvb/cuxrP00Rf
v1ZoUS9+K6yfXNKX1UP2d0BCQ1Hb93/SmgkCWO8p9slHxv8Z1TWWWWWjvslw/6lG
YNZlLDeLZO9b6DdnG8ZyOnYVdnrZPjTzXiXdH+A78p7dueBVpibo18skkULL0d60
l8mFxQ2u9WqXDI6n/mUbCueu0/LtF7CFIQKCAQEAh81NQG4bv0x453CgEpoEEK23
6yPhcVUvE/IkYbgyaWVBAgOFFklSjEZm5P+Jwu1Jbe6OQ8mWhAfGuA4EbH1hXuJD
4LQ6NrVOQr7jrJ0nrz6WKrbMJucezM03mRh0Rde5GYZ5m0Z/emD63nvfiOZQGfhr
NAgAtw1k+kYBA4TfycPo6dCKUWUMCoTMhmwr84q6XIJffN/ExO7+osgJPaubOvQf
ePeuL2W78D3CDMpAjTv/CCQWuTACwHSW3L+KLYdYYf9IlQHDHBPnZbOQgOfVeJzQ
ds+neHqdc7Zclv1vbk3Mys8PXEyWb/eYi0o9tOgY19Tdb7tcPpYz0WKU2mjKrA==
MIIJJQIBAAKCAgEAtNdFZzSdHoCsSdQwHdzNnLv0kKD5f0r+6Uu8/CqUrWYHqJqo
robertvolkmann marked this conversation as resolved.
Show resolved Hide resolved
jRnlmc8HPXCJ14sXwVy6y+k4qgbutZEP4xerP//8S0JsNSrMtBD7kfoc/e2Z7wS3
olq424RvdFPwOvcilShvl/bUrj+6ePi6nGOfuWb8Np79nYEwqZRSyQcvOp4d6EgU
gwZMAGbB9tANkqXLwPM6qS8T6iKNx4GeKVN4yT4G125PWTYlB+L3MoCqwnt2DJZ9
mFgSPDEhVY7G1yajLbVtfBOEa1NEypWOtF2FI1az+ouN6knf9a7IB+D2HeVcTIzv
54ovmXZTSmGOBn85WEqJt3EF56WCInzboEUK1QJaBErfLRBOyflv5IN9L0tgQOG+
5f/fET8UfmOd/I+KZZ7PN+Yc24tFMVc+xco+Y7u805/qYwNGrLa746su6dG99uaX
uOorsFIfatOU2DDhAeNMgCJVn0xckUy6np7OtIf2Jg57st1i0eiH7ptYYJaMRxcn
R9X5kJo2SvLaLFuGCsXHKt3vzEUCb8fd4L3gNGKYY7pH4/nYr8QKCOe8q4OQqC6E
M9HkB5dFl4Ea1eyDq1V2AAelRlF3rSdkjrNd83t26h7ejhEf5EquZ5l4o7eZJx3w
jybgwh2MncuwGP6hKoME9fIYB2KZaq5Q4KrDldt8JxhXQjlTe7+o1a7lYpUCAwEA
AQKCAgBUAZxv8PT78nIWacdgV+373SQi+2RrSX9ZCKHl0jH2yurL2+xof5s09AM8
+0ZNJoQGgvkTOGfmNAo3tgdXSut2c4fTviteF1+4VhtHGJTXMMTNT7euZ85vyvmr
ZEK4YY1jFMGiKjtqJpiNEZ4+f9j222xWQ001GYptfEVotTmvVTw3ZySAKTCtDw8T
hFqJwRMBsvuRFBmALkUGZKQANpJpibLL6KZbntdc7oY+o56vcYLJHi+B0YfHBluh
zw13bK9o0FrnxHlDEg9mvErqZncuj1xUCvgF2gN7sZGid1JdWOqjdOUM/hhWhazz
ZJYBVqBg719CI/LGRRBKzQ2JSglZWTjXgJ0ymeIXYb/4hjgzTInVg5/9ddRwovzs
eL1AIjp3dmXDs4tBl+b5Y58JvFmfPxp9VsseunGyRGbk/3sG8eADGEPsRmjUCPx0
oZ3RNQC1XsiDCvP6v0tSZFt2Sn1quAfW9nDGbaKCieedI4jgXpGgr3eDCc5R38WO
Ltn3THTLSBkNcCWlLTe9ZOjRAeCbwpM257R1qZQl+4s4xp8J0DBL4OWXDbhu0a/p
XzhC1kMQSZRLXGjpfYXIE/5vIQIm8ruEfbAEjfWseqdYHXlzv72hkO22cBbGkclZ
CKg3dcFJs8THiZg9RvKC5MGTXekWk6KCyMqoYQmjeTpFOGgwgQKCAQEA7YShO9RV
ClMoqpvGPft9GZLYJz0HGiec0qnmYvg++DZAZ24M2WT0mg0be/ojsko2N7OUYj8W
tcSXu4SNTuOOp/bFK4mnDiC4n3eSGUNa7xeEj82/iqS+USyencckZiJBvsIYq5Jy
Xfg9CglV6YAYuvobtP/JWjCLvMpPwS/W35xjithB/4f3UCWR4UUZTZHe1JgeD9go
dY8RYw2cCigCP9CWSE62KRPgf8uirAtOUhIMUQP1UOlcu6joNLtnHuCvCciqUfWf
mBI61HVGE0Of5WoFCI4tUjl0J0VXa+dxrGy8M1zcpbVuDP0mfI5VVOkjvecDxAJJ
JKOtMnYl177Z7QKCAQEAwumhI0BdVCVlEWph9h7lUHfsiK4xdQ4lfFi0RqmAHBmS
WzmHIfwa+8afM8JzyFgLiawbRhL7zL9tW5sWqyLFcaHiYdQCovzajeNM9Gt/21nM
tdRffcQjP9HsKSrAgNMEpqv4rmzTqqFOGLMTcBqk9ytAQwotLOYD+QqXBiPGE04x
KXk9WeOqr6qxu1tG9kNBHHTF7VfFwilmRwJgRTac03UHS0V32KWqn1dJOyoVn/pL
ZN+m8eWJiQhFymla+tTayZVMVhrch0vMxr+D5rpV+4tRL3U5Lw49k6jlJo8rZCju
ny8M5onlDgkpqX+byZbeLjB67BVTICxSPoKEXF52SQKB/yb3m3w1Wb5X5lQXOm7w
05Veghft6zxfQ1tMhH+4Opx+ShKt+22vInIjtF6iqziU9FAvJij4MMGhf0NEe+p1
avIjijWaX83xkFiZRV7frguL0DPHjaUxYgfvShaYlWAsPp0NOv7rB9hi4aDD51Rn
r6b9YY5QaLhjPom6p1sKfjYxciNVV36Uz/5WK5jJvVz8kZJPYp8212xyDGgz02XX
KodNsVorj7cti6drwUR4lmDglSS1gYnEv3IKRA5isIhgVFdGlKrdoVFRrFUu6FBA
x/rbaff9W3Ih+ux2c+FAF2YycK38jjahjWyUG7xTnaxQk4yUWgnOVjGsqL2epJbA
uQKCAQA1iJWJaRQ5GEw6DE37m2DASS/eGnna/JevH23kOonFLgDUrWhAHU4L+PGg
9bd3PzdsCKk1BeHCypDuqBoBxvsTyrKyy9gti+U7M0LfnubvCCsBheL0V/qWfMGw
TN2yhEKyxGj4/0rjgopAnm6oS6kjee2cfB8MReCxdgck2I5+nutByNrg5Xbr6KYI
H3nOCYrIlgoGtiTKvzQoLK7kU6ufKHVoZxwTlOzX9tFWPqjR15z9h7ACoFi2Gl+Q
yH8EhZHR6/+bZqVLQ7ZqoA9KP8N94zXZIwkhs3eWJr1JaekxCU0Ay5tvdlBDGqEm
vLW9GILNjOM2FGVQYNv170MLW6aBAoIBABx35ExCD0byQDsfZzdWplc5y8wGMFfq
v0mYoLx7Ah1p3AOdnM6Y8s71TuP/Hd+/rmHHAFgeFjH16/Z3zY849zeCa4IjSGye
wbYSeU0epvUpyjX9OIb7LpyKZ9IHLVbEhmua5QqQusHXWtFg07csCPGeO5sgVJ5R
zAuxN+MzIBKRP6qEVFP/fx9HGqiwhYklgPkZYMvwkLizY2TXjq3+ODVujk1HjeXr
clo8aIwq6UTPoJTviCfWrqqiNvc1txX5omszlQKM0UKh0acCoESH4PnBtnd/AGce
BqOqCB+q1bhtyT/tAvy5/WYUOrtNeFOFg+gVX/Gc+78U1rK1V0WE72s=
-----END RSA PRIVATE KEY-----
54 changes: 27 additions & 27 deletions files/certs/ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFpDCCA4ygAwIBAgIUMiDFJfRnvStgWIkreXDSBEZn6/cwDQYJKoZIhvcNAQEN
MIIFpDCCA4ygAwIBAgIUB6vhM35WZJj6+JNJswvUzN71QzAwDQYJKoZIhvcNAQEN
BQAwajELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmFyaWExDzANBgNVBAcTBk11
bmljaDEUMBIGA1UEChMLTWV0YWwtU3RhY2sxDzANBgNVBAsTBkRldk9wczERMA8G
A1UEAxMIbWluaS1sYWIwHhcNMjAwNzIyMTA0OTAwWhcNMjUwNzIxMTA0OTAwWjBq
A1UEAxMIbWluaS1sYWIwHhcNMjQxMTEzMTMyMTAwWhcNMjkxMTEyMTMyMTAwWjBq
MQswCQYDVQQGEwJERTEQMA4GA1UECBMHQmF2YXJpYTEPMA0GA1UEBxMGTXVuaWNo
MRQwEgYDVQQKEwtNZXRhbC1TdGFjazEPMA0GA1UECxMGRGV2T3BzMREwDwYDVQQD
EwhtaW5pLWxhYjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ1TGmT5
R9ftFpbKYSg8Y3cjBNEPAxuVlycZkdThICRMijX4dLK9LSc0RoTW64oYlja65uaI
0O/l0SZowl1/oOWSWWEIbMPHs8zoOY8Aad1R1BnfHwEW3VW3dw8tK81C9hNAdEpw
S+fBvxaxuxuI6Y4gQxa3rT4cUY5Kr0efVgldlwMlYD0p63tbX5EG5i3VTjJW35o4
nWfhUTh/X0JOxPU3WZ30SoezwkSdZEZx83BytdktbJmo2+l4pa3L41TkykLlXbSm
/RQzdaKF1AAEJb4kVFqJMNATdrPSFv3ZorlJZpo5sy9wutpKI3dfzcWJlb55ukRF
NZK1gPmpNh3VW8Yx0um5h1CNAr5jHXa+qgC6SYZPhbTFDWLwxqokXfdoY6qt5/1y
Qit7tMFzicakkGxnQlRUuw6zv41BHiJWoZQ3AO4ivEMGmOmXtEdh03LP3Chm5vqg
v29J2jXD7QqkWhGdOkHxBxNf6zliLbGD8gfjducAJsgCFDgSIjOLDUxD8b9exYNT
fkSRbKUQGeg+TRglGP4fE+rcqnyAgxz4YT2Q7fvNHsVC4wUl/jgas7tBP/9rIPcK
/+oJKZOvq9c1o5vNkhHcZrgzl1D6gcAeKG5pl78ppEjHy6PhFwEAM2ePv0dSPhln
NsdeOjD7vzOa2rPjy+Rw/hC4a+ctqHy/R22TAgMBAAGjQjBAMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTW/5qeVOzumKDykI5mNLTA
D/pB1jANBgkqhkiG9w0BAQ0FAAOCAgEAPcFhcfbZYVI+bNs0Ojy+/SWBcyv5cLfe
dqRF5pymOdVLvJ+n6bi8lyXBR+yRB2lD48aRNoSNRe4DWbWjZ0N/auO0xFktkVGE
jPSXtaM0IbafEJ2qPE2Oo4r34mJn/w7Z0epivjlWh69+9Apjv1y317gNzfST7ncZ
tLw7WqrcdrEuKkcSF8Q2i8JMScph6/y57kQK0g7Lk/DmnVpszVhfPNiuRJ6V7vc9
2eP7iMbu1eEf0N5dvFYUq5h0jMTG6zbhNg26z9DPdHtSfgXaVc3pNbJRR3KYLoxr
uVWb2phRApRfjj1gCjuRmJ9+KelS3jlHAysP2yAmp2rZIfq+xLL/TbSfCal48eZ/
VJsmrkC0NnxTveyrc8vm7p5jMo2wwrK8q5Vug+UqrEpeXYTCBUkcJ7bvVxwtckVL
D0Z5Nsc5S+KhTJR+zmtkvv1K78PIAshUEIqs/vw41+aULTTQ8AcNlaEo2k2AY7pm
VI/Z4RykuV3txs9TtNOY1eg1WI4qpg2wA3NJ7dlG2CpHAT3VV22Pxr+cIOsGeQTj
oPf7YoRjDkEqS+oXMAUGW2ACZzvie+Dlze17C3j24+v4+LWZLxcWCxqB7/kACQkM
Ajcnm9mRWNt3LuqRwiUtWlCLUPoyFaskJPZnzqyJ+FSJrfIAuQUUrYS1IYtS9Yxn
rUB/Ku1QRFI=
EwhtaW5pLWxhYjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALTXRWc0
nR6ArEnUMB3czZy79JCg+X9K/ulLvPwqlK1mB6iaqI0Z5ZnPBz1wideLF8Fcusvp
OKoG7rWRD+MXqz///EtCbDUqzLQQ+5H6HP3tme8Et6JauNuEb3RT8Dr3IpUob5f2
1K4/unj4upxjn7lm/Dae/Z2BMKmUUskHLzqeHehIFIMGTABmwfbQDZKly8DzOqkv
E+oijceBnilTeMk+BtduT1k2JQfi9zKAqsJ7dgyWfZhYEjwxIVWOxtcmoy21bXwT
hGtTRMqVjrRdhSNWs/qLjepJ3/WuyAfg9h3lXEyM7+eKL5l2U0phjgZ/OVhKibdx
BeelgiJ826BFCtUCWgRK3y0QTsn5b+SDfS9LYEDhvuX/3xE/FH5jnfyPimWezzfm
HNuLRTFXPsXKPmO7vNOf6mMDRqy2u+OrLunRvfbml7jqK7BSH2rTlNgw4QHjTIAi
VZ9MXJFMup6ezrSH9iYOe7LdYtHoh+6bWGCWjEcXJ0fV+ZCaNkry2ixbhgrFxyrd
78xFAm/H3eC94DRimGO6R+P52K/ECgjnvKuDkKguhDPR5AeXRZeBGtXsg6tVdgAH
pUZRd60nZI6zXfN7duoe3o4RH+RKrmeZeKO3mScd8I8m4MIdjJ3LsBj+oSqDBPXy
GAdimWquUOCqw5XbfCcYV0I5U3u/qNWu5WKVAgMBAAGjQjBAMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR1+A3U/evX7eF2meR0qdkY
LaQ9JTANBgkqhkiG9w0BAQ0FAAOCAgEATHM/EpfkdGSc9AjtwIiS7p0Mniys3IKn
TEo9I0jIe59whneOFPP0ZO2YuYbfzspYI9JOK02w6TLu+H+Dwx5lwX0p55x5li0T
1UfK/7+owATy5Wxq6BgoxnB4Wv1qwjAI2mMVHtqzLBig0YRgxURp/aBqroXP2TLu
XjG42AtKhxqbgtuSfqdJYOgAy2ORsVg934KJQuzORY5YdqnsGGqOZ3J+UTTDoAJK
fwPTRVCPg8tGbB+AnwU/LssDDOoGgSMw7tJq4xtpxIZqh/ajXclGbnnZBeUo2Ind
VEG/S3EB1/annw0j5NbiTpFqe+yIIDhEjoJGOHfCyV5HMAFm1a8KCZnNaxAMLE56
VEC67ZGU80ufroJX9ARGuL+NK2C6tVrlb71mVQEFdhyGJtcCgioyjI5VOi9/1tHJ
z8e4VlgllM158zC06nJfkyzjysfH1GuCf6o8/hlcToEZCV/LoJoJE96FJ08nmnCP
I3TIyO5+3FcWO6+qYMfrA4zRINHdqLB4hD+ZOkQrStUk7dme1y5/RT/mIvCi2qKE
CesWvu7MiO584pnoxv1ybtpSyTLtiyrvcvbVsqpqlvLsT+Ge6AoTi4r3gX2FcIN2
XeOUqpwdeJMd9FIjBIFfW/+LlEaQ6y0Oqs5Z6XSAKR0XVS4s61U/ZSPKdhUwQ4qR
z+25UY7FQ2s=
-----END CERTIFICATE-----
5 changes: 5 additions & 0 deletions files/certs/gardener-admission-controller/client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIjjauzE+RElAdeoMhZz89DbuPFcG/8pgkvRqc10PV0HoAoGCCqGSM49
AwEHoUQDQgAELyC5ND/frNLS5kZy36/MxpsSRYC/dtLV4uc1I1TUHTBw9iPAZ/Km
IFgsUx/fQbY8vOF8l1Dw78Zm5viyX3qutg==
-----END EC PRIVATE KEY-----
17 changes: 17 additions & 0 deletions files/certs/gardener-admission-controller/client.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"CN": "client",
"hosts": [""],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "DE",
"L": "Munich",
"O": "Metal-Stack",
"OU": "DevOps",
"ST": "Bavaria"
}
]
}
Loading