feat!: refactor Microk8s provider

Pulumi.intranet.yaml

@@ -4,11 +4,19 @@ config:
   o-p-n:metallb-enabled: "true"
   o-p-n:monitoring-admin-password:
     secure: v1:zi5wrG4vgqeaEu4h:e/POwSRKyTb7J4LCLbuiEJrAptMLmZTzZ8tLsbrRWvy/WRgZz4P5kg==
-  o-p-n:ssh-username:
-    secure: v1:F0h+sheG44zrdTIC:J9KFa9+iFnr8EBZ6NOe5Z6oicw==
-  o-p-n:ssh-private-key:
-    secure: v1:GAeYBwIlLDvyxxV0:syYzbUx/Mil9ssN7M/qVE0AHdtle+jHS9panYm2VwcsOuiTEDhf0VSUX0ZM5VulqgBNGRtrnF7tKGGFN0Y0thHmgHRTl7IjIWp36VlPKT7PRh8g+jW3ZFxaXXeMUc9DoDn5x/Wy85jpQEeIjO+QTIvqxIBxHzVAiXHHrCCZGQuMpwdV7oG7phGdRO8wegloWo99leJGoK0+gQvisQEtq0z3BXxY0o1CqRsD+IGgDrkKxli8B4gENaUx+xM+otRchcAIZLryc9BQxNhMeocJ6788ImAmr5Moe8JZejMcwsL0Nv3tyLoJ2ECq9G5YSJtUaZ1uwkXsrI1ardSghct2E0LqLOo+vPfcuc8LMazRrUVkSGQuHfvlkwX9XELPaETg7CLxW7Pj17Q0vEQlTfS8vlQ8JxPu1KQ0do/WGUPHd04Z0qXXNGhhk5bl0qzK92RszG9Rtlhi9C5Y/gCSlz1QUaSRYB1Cvr/4a0Ukh3H365y/fvcyUJfsQsHiOd9xAQlFIV6FgBvfzem8fe84aCZj7zOXSswnOPmYOyXLrr+Ta/X+w0cAlycblTUNx
   o-p-n:acme-email: [email protected]
   o-p-n:acme-enabled: "true"
   o-p-n:acme-access-token:
     secure: v1:AMdGUqMU17KyU6MB:zF+iSvpaopXRouV6r2T6XnKml56wR+2sdZaWrYcZ2W1DXjRiZf6+F8oPJuzqBHwL5h7HfophFJdDy10fyeKghVAV+F7QMw3qSWyDkZQNITWEBu9AEaPh
+  microk8s:remote:
+    port: 22
+    username:
+      secure: v1:Y1w8ysqThnbSElN9:gPDmxoiXK4JbQxrzdQ3Izt+tYw==
+    privateKey:
+      secure: v1:CrVedl57tiAKBRYh:su5pU/QKPP1H06024imsMEijsoR21Bc6xicq6Y3XK4+sMCg3TShtgjdKEw2c9oBrJ8+8Ugn9JIjxt8ss3Yizr7CeJB2PvaAfTPfq8g7r6wz+DHMvjW2rYXUp5HqrwyanZqT+MZrr1IvtyE7EEvsfTAgb5OHrjCTRS6jTq4vqMTqRA/TdsgoKONdF2cjt61FeIhy4JKeS3N+GvHWK0tt7K/pMwpVqKLdWH9kZkwIh0+M395DQ1CjwebtnKsePlmAbcLqkS07Et1DEz9tkFzt/pb31n1vGImQVkVVBTm58x5mjyVPH6sHoO1IpIW0wRjYEa/BXLE1GajL3wvS/FGCF3WAsF0gwRBVeGKReeRrernFxfpXkWaqXeiB8+GvYvLlhf5XF9bGz3vcfmvYs23ZDGFN+rJ0IQWV/hqLFATaoKQvBW83LvZitYJnxjH4tGUXHeMnERa0a/+aDSsw4vG9X2diO/Cu15irf/nGvjnY01ik8fsHONq8hq8M+FzBNLwMCWclCPMx+R8hR0rOToWKGPXRxmxQy1Zhxynn5v+XYkuLvSPEsFddLzD2l
+  microk8s:bastion:
+    host: outer-planes.casa
+  microk8s:hosts:
+    - elysium-armoria.local
+    - elysium-eronia.local
+    - elysium-belierin.local

Pulumi.public.yaml

@@ -1,16 +1,23 @@
 encryptionsalt: v1:YUgVtkReVco=:v1:hVEEoOGWSQjW4H2f:Wc5e3QI7Iu5Wx2PLeHwJ9pCY6SFQaw==
 config:
-  o-p-n:ssh-private-key:
-    secure: v1:uf7jdTg6vI+Ncnk5:Nr1DchtJHU7FkbpvvwhR/I8qOxHk3TAylYtmtmP7GhdCxNlIjxoN4fjhwyHPFiexbG6jPOsg+gTZj7WtZ6OYa3If/VPqsFxRJ5wLeYJabF/LBupBwywQY2Nz4EpSmk9kO+64kEizd9XJvkSDVW8dQV/jlkoGRQhRzFmg5gkP1NA+VRLjRG+hDCJzhsDNL0aUvVmUgsH0N3yBRTDWZEltm1VnxLj/Hw3MHM5CGgtouU8j2jvWWQwQc1jhWJYTcKYTOW95muqlkFpCBLndiJXAiQFypb/PlAj+BAMGWtF3bTtTFlm9ZH3CVI5hZJUm0PvHNdP1+qN5zGliuRNY6nlntDcG34wKjjtexjQ4xWh0hDz/86FFcrMwAc+VOJPbGK8kPAqycH8pLAd4xsLZQykd4OfJJPdZxWAA1lZ329SqdfAgror2qYCJV2uXgV9GUHFkhbrTFaFMViTOWqHQdDo2CpLHMGMySAxBgyOMtYWkhY628uW3W5C16dG9gl9GdCCJH74LsfDLI3Az7TKin5dWokoE0L8Zl78hUuqQICFm2sPyg3m37di8YELv
   digitalocean:token:
-    secure: v1:Eca4revIK5OOs8TO:W9MHluamUGvVfw/IxFhO5dmVezWaXy37fUVK8eeU9shF1nEhilrHB1SeAi7MLn2IGzdF/H3uyheINJAB8Ipdy3ZdTYNhRTFIXZ1YD7Mt8l9Cg1B3ngAi
+    secure: v1:Cdi02dKlVRBKTiTY:IyZCF/ouVSS0rTNa8vQNC9g2xBnGcH0mjJpEwiJZaeMI6oidqmYNU4o8Zpe+9EI3qYoob2sP0dbFlmqUunQvM+tYmcbO9P1oOBRYM4K+gM2RLzwvY8zl
   o-p-n:metallb-enabled: "true"
   o-p-n:monitoring-admin-password:
     secure: v1:2127ZnlCOmvFmMwl:SM2U6FAA7DsLeqzznHgVAjIv8W7QIx8j35h8emdCkcDCXoDHZr8pQQ==
-  o-p-n:ssh-username:
-    secure: v1:ihltiXtPlXeGnb1H:+H3x8V+vT8IPTBrIASWsEoiqFw==
   o-p-n:acme-enabled: "true"
   o-p-n:acme-email: [email protected]
   o-p-n:acme-access-token:
     secure: v1:0Ly0oE7IS4ZQ99k4:fqDq5TzH4oKvLJMCAgBu73YHqfPRSnESBiY4s6St01kRVGsdEbEftek3EoixGqnbmtPRMUnEr1Vw25uqIteATsHApNgbCzfDO7H2lKBMIubBBUsUlKHx
   o-p-n:domain: outer-planes.net
+  microk8s:remote:
+    port: 22
+    username: bot
+    privateKey: |-
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+      QyNTUxOQAAACDbXOg5t0GxGTsRHn/jfG8ImlkFDGU3xa2UiC4q7bdx0AAAAJjxYtBY8WLQ
+      WAAAAAtzc2gtZWQyNTUxOQAAACDbXOg5t0GxGTsRHn/jfG8ImlkFDGU3xa2UiC4q7bdx0A
+      AAAEB8dbiNYhrzX6mfOjLHwjBsdZUcjdYqoscR6JwOcOxhittc6Dm3QbEZOxEef+N8bwia
+      WQUMZTfFrZSILirtt3HQAAAAFUdpdEh1YiBBY3Rpb25zIERlcGxveQ==
+      -----END OPENSSH PRIVATE KEY-----

modules/k8s/_provider/intranet.ts

@@ -1,11 +1,15 @@
 import * as pulumi from "@pulumi/pulumi";
-import * as YAML from "yaml";
 import { Microk8sCluster, Microk8sConnection } from "../../../providers/microk8s";
 import { VERSION_CHANNEL } from "./version";
 
 const config = new pulumi.Config();
+const microk8sConfig = new pulumi.Config("microk8s");
 
 export default async function stack() {
+  const hosts = microk8sConfig.requireObject<string[]>("hosts");
+  const remote = microk8sConfig.requireSecretObject<Microk8sConnection>("remote");
+  const bastion = microk8sConfig.getSecretObject<Microk8sConnection>("bastion");
+
   const domain = config.require("domain");
   const launchConfig = {
     "version": "0.1.0",
@@ -20,28 +24,10 @@ export default async function stack() {
     "extraSANs": [ domain ],
   };
 
-  const hosts = [
-    "elysium-armoria.local",
-    "elysium-eronia.local",
-    "elysium-belierin.local",
-  ];
-
-  const username = config.require("ssh-username");
-  const privateKey = config.require("ssh-private-key");
-  const bastion: Microk8sConnection = {
-    host: domain,
-    port: 22,
-    username,
-    privateKey,
-  };
-
   const cluster = new Microk8sCluster(domain, {
     hosts,
-    remote: {
-      port: 22,
-      username,
-      privateKey,
-    },
+    remote,
+    bastion,
     launchConfig,
     version: VERSION_CHANNEL,
   });

modules/k8s/_provider/public.ts

@@ -1,17 +1,18 @@
 import * as pulumi from "@pulumi/pulumi";
 import { remote } from "@pulumi/command";
 import doStack from "../../digitalocean";
-import { Microk8s, Microk8sConnection } from "../../../providers/microk8s";
+import { Microk8sCluster, Microk8sConnection } from "../../../providers/microk8s";
 import { VERSION_CHANNEL } from "./version";
 
 const config = new pulumi.Config();
+const microk8sConfig = new pulumi.Config("microk8s");
 
 export default async function stack() {
   const domain = config.require("domain");
+  const remote = microk8sConfig.requireSecretObject<Microk8sConnection>("remote");
+  const bastion = microk8sConfig.getSecretObject<Microk8sConnection>("bastion");
 
   const digitalocean = await doStack();
-  const username = config.require("ssh-username");
-  const privateKey = config.require("ssh-private-key");
   const launchConfig = {
     "version": "0.1.0",
     "addons": [
@@ -26,14 +27,10 @@ export default async function stack() {
   };
 
   // validate server is up and running ...
-  const remote: Microk8sConnection = {
-    host: "outer-planes.net",
-    port: 22,
-    username,
-    privateKey,
-  };
-  const cluster = new Microk8s("public-microk8s", {
+  const cluster = new Microk8sCluster(domain, {
+    hosts: [ domain ],
     remote,
+    bastion,
     launchConfig,
     version: VERSION_CHANNEL,
   }, {