-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcluster-secret.yaml
73 lines (68 loc) · 2.85 KB
/
cluster-secret.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
name: "usercluster-{{ .UserCluster.ID }}" # Changing this will result in a recreate of the secret
labels:
argocd.argoproj.io/secret-type: cluster
"{{ .BaseLabel }}/managed": "true" # You should not change this atm, required to clean up clusters when they dont exist
"{{ .BaseLabel }}/cluster-id": "{{ .UserCluster.ID }}" # You should not change this atm
"{{ .BaseLabel }}/seed": "{{ .UserCluster.Seed.Name }}" # You should not change this atm
# Some examples for composed values
#kkp-seed: "{{ .UserCluster.Seed.Name }}"
#cni: "{{ .UserCluster.RawData.spec.cniPlugin.type }}"
#project: "{{ .Project.Name }}"
annotations: {}
data:
name: "usercluster-{{ .UserCluster.Name }}"
server: "{{ .KubeConfig.Host }}"
config:
{{ if and .KubeConfig.Username .KubeConfig.Password }}
# Basic authentication settings
username: "{{ .KubeConfig.Username }}"
password: "{{ .KubeConfig.Password }}"
{{ end }}
{{ if .KubeConfig.BearerToken }}
# Bearer authentication settings
bearerToken: "{{ .KubeConfig.BearerToken }}"
{{ end }}
# Currently not supported
# IAM authentication configuration
#awsAuthConfig:
# clusterName: string
# roleARN: string
# profile: string
# Also currently not supported
# Configure external command to supply client credentials
# See https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
#execProviderConfig:
# command: string
# args: [
# string
# ]
# env: {
# key: value
# }
# apiVersion: string
# installHint: string
# Currently does not support TLS Data from file
{{ if .KubeConfig.TLSClientConfig }}
# Transport layer security configuration settings
tlsClientConfig:
{{ if .KubeConfig.TLSClientConfig.CAData }}
# Base64 encoded PEM-encoded bytes (typically read from a client certificate file).
caData: "{{ base64 .KubeConfig.TLSClientConfig.CAData }}"
{{ end }}
{{ if .KubeConfig.TLSClientConfig.CertData }}
# Base64 encoded PEM-encoded bytes (typically read from a client certificate file).
certData: "{{ base64 .KubeConfig.TLSClientConfig.CertData }}"
{{ end }}
# Server should be accessed without verifying the TLS certificate
insecure: {{ .KubeConfig.TLSClientConfig.Insecure }}
{{ if .KubeConfig.TLSClientConfig.KeyData }}
# Base64 encoded PEM-encoded bytes (typically read from a client certificate key file).
keyData: "{{ base64 .KubeConfig.TLSClientConfig.KeyData }}"
{{ end }}
{{ if .KubeConfig.TLSClientConfig.ServerName }}
# ServerName is passed to the server for SNI and is used in the client to check server
# certificates against. If ServerName is empty, the hostname used to contact the
# server is used.
serverName: "{{ .KubeConfig.TLSClientConfig.ServerName }}"
{{ end }}
{{ end }}