Deduplicate airshipctl manifest networking

Deduplicate networking definitions inside of airshipctl functions, and make the values driveable via a catalogue. Changes: * Removed BMO patches at site level; drive through catalogue instead. * Added separate entrypoints for ephemeral & target site-level. catalogue/networking overrides. Ephemeral's kustomizes target's. * Generalized the commonHostNetworking catalogue into a section in the overall networking catalogue. * Cleaned up catalogue use in general. * Got rid of some ill-formed Type-level phase definition. We should go back soon and define proper Type-level phases. Change-Id: Iff96ccdcf7ebde4ae55e2b1a9d25dd1cdca0d2c8 Relates-To: https://github.com/airshipit/airshipctl/issues/315
2020-09-02 07:47:00 -05:00 · 2020-09-02 07:47:00 -05:00 · 910d296f6b
parent 113628336f
commit 910d296f6b
45 changed files with 345 additions and 72 deletions
--- a/manifests/function/airshipctl-base-catalogues/README.md
+++ b/manifests/function/airshipctl-base-catalogues/README.md
@ -1,5 +1,5 @@
-Function: airshipctl-catalogues
-===============================
+Function: airshipctl-base-catalogues
+====================================

 This function defines some default VariableCatalogue resources,
 which can be consumed and used (via ReplacementTransformer) to change the
--- a/manifests/function/airshipctl-base-catalogues/env-vars-template.yaml
+++ b/manifests/function/airshipctl-base-catalogues/env-vars-template.yaml
--- a/manifests/function/airshipctl-base-catalogues/kustomization.yaml
+++ b/manifests/function/airshipctl-base-catalogues/kustomization.yaml
@ -3,6 +3,7 @@ kind: Kustomization

 resources:
  - versions-airshipctl.yaml
+  - networking.yaml

 generators:
  - env-vars-template.yaml
--- a/manifests/function/airshipctl-base-catalogues/networking.yaml
+++ b/manifests/function/airshipctl-base-catalogues/networking.yaml
@ -0,0 +1,62 @@
+# The default networking catalogue for functions hosted in the airshipctl project.
+# These values can be overridden at the site, type, etc levels as appropriate.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: networking
+  labels:
+    airshipit.org/deploy-k8s: "false"
+
+# The catalogue should be overridden as appropriate for different kubernetes
+# clusters, e.g. ephemeral vs target vs tenant
+kubernetes:
+  serviceCidr: "10.96.0.0/12"
+  podCidr: "192.168.0.0/18"
+  controlPlaneEndpoint:
+    host: "10.23.25.102" # ephemeral will be different
+    port: 6443
+  # NOTE: This stringing is required to do substring replacement.
+  # Ideally, improve this in the future.
+  apiserverCertSANs: "[10.23.25.201, 10.23.24.201]"
+
+ironic:
+  provisioningInterface: "pxe"
+  provisioningIp: "10.23.25.102"
+  dhcpRange: "10.23.25.200,10.23.25.250"
+
+# This section is only relevant when using Metal3 BareMetalHosts, and
+# is consumed by the `hostgenerator-m3` function.
+# It defines host-level networking that is common across all BMHs in a site,
+# and will typically be fully overridden at the Type and Site level.
+commonHostNetworking:
+  links:
+    - id: oam
+      name: oam
+      type: phy
+      mtu: "1500"
+      # ethernet_mac_address: <from host-catalogue> (optional)
+    - id: pxe
+      name: pxe
+      type: phy
+      mtu: "1500"
+      # ethernet_mac_address: <from host-catalogue> (optional)
+  networks:
+    - id: oam-ipv4
+      type: ipv4
+      link: oam
+      # ip_address: <from host-catalogue>
+      netmask: 255.255.255.0
+      routes:
+        - network: 0.0.0.0
+          netmask: 0.0.0.0
+          gateway: 10.23.25.1
+    - id: pxe-ipv4
+      type: ipv4
+      link: pxe
+      # ip_address: <from host-catalogue>
+      netmask: 255.255.255.0
+  services:
+    - address: 8.8.8.8
+      type: dns
+    - address: 8.8.4.4
+      type: dns
--- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
+++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
--- a/manifests/function/baremetal-operator/README.md
+++ b/manifests/function/baremetal-operator/README.md
@ -6,6 +6,12 @@ including both the operator itself and Ironic.

 Optional: a ``versions-airshipctl`` VariableCatalogue may be used to
 override the default container images.
-A base example for this catalogue can be found in the ``airshipctl-catalogues``
+A base example for this catalogue can be found in the ``airshipctl-base-catalogues``
+function.  If using the catalogue, apply the ``replacements/`` entrypoint
+at the site level, as a Kustomize transformer.
+
+Optional: a ``networking`` VariableCatalogue may be used to
+override some of the ironic networking variables.
+A base example for this catalogue can be found in the ``airshipctl-base-catalogues``
 function.  If using the catalogue, apply the ``replacements/`` entrypoint
 at the site level, as a Kustomize transformer.
--- a/manifests/function/baremetal-operator/ironic-vars.yaml
+++ b/manifests/function/baremetal-operator/ironic-vars.yaml
@ -5,14 +5,18 @@ metadata:
  labels:
  name: ironic-vars
 data:
+  # Overrideable via the `replacements` entrypoint and environment variables
  HTTP_PROXY: ""
  HTTPS_PROXY: ""
  http_proxy: ""
  https_proxy: ""
  NO_PROXY: ""
  no_proxy: ""
+  # Overrideable via the `replacements` entrypoint and networking catalogue
  PROVISIONING_IP: "192.168.10.100"
+  # Overrideable via the `replacements` entrypoint and networking catalogue
  DHCP_RANGE: "192.168.10.200,192.168.10.250"
+  # Overrideable via the `replacements` entrypoint and networking catalogue
  PROVISIONING_INTERFACE: "pxe"
  HTTP: "80"
  DEPLOY_KERNEL_PATH: "/images/tinyipa-stable-ussuri.vmlinuz"
--- a/manifests/function/baremetal-operator/replacements/kustomization.yaml
+++ b/manifests/function/baremetal-operator/replacements/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - versions.yaml
  - ironic-env-vars.yaml
+  - networking.yaml
--- a/manifests/function/baremetal-operator/replacements/networking.yaml
+++ b/manifests/function/baremetal-operator/replacements/networking.yaml
@ -0,0 +1,37 @@
+# These rules inject networking info into the baremetal-operator  function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: baremetal-operator-networking-replacements
+replacements:
+# Replace the pod & service networks
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: ironic.provisioningInterface
+  target:
+    objref:
+      kind: ConfigMap
+      name: ironic-vars
+    fieldrefs: ["data.PROVISIONING_INTERFACE"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: ironic.provisioningIp
+  target:
+    objref:
+      kind: ConfigMap
+      name: ironic-vars
+    fieldrefs: ["data.PROVISIONING_IP"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: ironic.dhcpRange
+  target:
+    objref:
+      kind: ConfigMap
+      name: ironic-vars
+    fieldrefs: ["data.DHCP_RANGE"]
--- a/manifests/function/clusterctl/README.md
+++ b/manifests/function/clusterctl/README.md
@ -13,4 +13,4 @@ supplies defaults, and these can (optionally) be overridden either by
 simple Kustomize patching, or by applying the ``replacements``
 kustomization as a Kustomize transformer.  In the latter case,
 an airshipctl versions catalogue must be supplied; please see the
-``airshipctl-catalogues`` function for a base/example.
+``airshipctl-base-catalogues`` function for a base/example.
--- a/manifests/function/ephemeral/README.md
+++ b/manifests/function/ephemeral/README.md
@ -0,0 +1,16 @@
+Function: ephemeral
+===================
+
+This function defines the configuration for a bare metal ephemeral
+bootstrapping image, which can be built via ``airshipctl image build``
+and delivered over the WAN to a remote
+host via redfish using ``airshipctl baremetal remotedirect``.
+
+REQUIRED: a ``networking`` VariableCatalogue must be used to
+override some Kubernetes networking configuration.
+A base example for this catalogue can be found in the ``airshipctl-base-catalogues``
+function.  If using the catalogue, apply the ``replacements/`` entrypoint
+at the site level, as a Kustomize transformer.
+
+Alternately, the entire text payload of the ephemeral secret may be overridden
+via normal Kustomize patching.
--- a/manifests/function/ephemeral/replacements/kustomization.yaml
+++ b/manifests/function/ephemeral/replacements/kustomization.yaml
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ephemeral-env-vars.yaml
+  - networking.yaml
--- a/manifests/function/ephemeral/replacements/networking.yaml
+++ b/manifests/function/ephemeral/replacements/networking.yaml
@ -0,0 +1,47 @@
+# These rules inject networking info artifacts into the ephemeral function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: ephemeral-networking-replacements
+replacements:
+# Substring-replace the ephemeral control plane's info
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.controlPlaneEndpoint.host
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_CP_IP%"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.controlPlaneEndpoint.port
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_CP_PORT%"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.apiserverCertSANs
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_CERT_SANS%"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.podCidr
+  target:
+    objref:
+      name: ephemeral-bmc-secret
+      kind: Secret
+    fieldrefs: ["stringData.userData%REPLACEMENT_POD_CIDR%"]
--- a/manifests/function/ephemeral/secret.yaml
+++ b/manifests/function/ephemeral/secret.yaml
@ -4,9 +4,12 @@ metadata:
  labels:
    airshipit.org/ephemeral-user-data: "true"
    airshipit.org/deploy-k8s: "false"
-  name: ephemeral-bmc-secret
+  name: ephemeral-bmc-secret # replacement rules key off this name
 type: Opaque
 stringData:
+  # These substrings must be overriden via the `replacements` entrypoint and networking catalogue:
+  # REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR
+  # TODO: add download sources to the versions catalogue
  userData: |
    #cloud-config
    ssh_pwauth: True
@ -63,7 +66,7 @@ stringData:
        clusters:
        - cluster:
            certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-            server: https://10.23.25.101:6443
+            server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT
          name: kubernetes
        contexts:
        - context:
@ -96,9 +99,7 @@ stringData:
    - content: |
        ---
        apiServer:
-          certSANs:
-            - 10.23.25.101
-            - 10.23.24.101
+          certSANs: REPLACEMENT_CERT_SANS
        apiVersion: kubeadm.k8s.io/v1beta2
        controllerManager: {}
        dns:
@ -106,7 +107,7 @@ stringData:
        etcd: {}
        kind: ClusterConfiguration
        networking:
-          podSubnet: 192.168.0.0/24
+          podSubnet: REPLACEMENT_POD_CIDR
        scheduler: {}
        ---
        apiVersion: kubeadm.k8s.io/v1beta2
--- a/manifests/function/hardwareprofile-example/hardwareprofile.yaml
+++ b/manifests/function/hardwareprofile-example/hardwareprofile.yaml
@ -3,6 +3,9 @@ kind: VariableCatalogue
 metadata:
  # NOTE: change this when copying this example
  name: hardwareprofile-example
+  labels:
+    airshipit.org/deploy-k8s: "false"
+
 hardwareProfile:
  firmware:
    sriovEnabled: false
--- a/manifests/function/hostgenerator-m3/README.md
+++ b/manifests/function/hostgenerator-m3/README.md
@ -15,7 +15,7 @@ BMHs in a data-driven fashion.

 To use this function, do the following:

-* Supply a `common-networking-catalogue`, which outlines things that are
+* Supply a `networking` catalogue, which outlines things that are
  typically common across hosts in a site, such as networking interfaces,
  DNS servers, and other networking info.
  Example: `manifests/type/gating/shared/catalogues/common-networking.yaml`
--- a/manifests/function/hostgenerator-m3/hosttemplate.yaml
+++ b/manifests/function/hostgenerator-m3/hosttemplate.yaml
@ -9,7 +9,7 @@ values:
  # hostsToGenerate:
  #    (filled in with phase-specific host-generation-catalogue)
  # commonNetworking:
-  #    (filled in with the type-specific common-networking-catalogue)
+  #    (filled in with the type-specific common-networking)

  # Additional hardwareProfiles can be defined within their own functions,
  # and then substituted into the stanza below.
--- a/manifests/function/hostgenerator-m3/replacements/hosts.yaml
+++ b/manifests/function/hostgenerator-m3/replacements/hosts.yaml
@ -29,8 +29,9 @@ replacements:
    fieldrefs: ["{.values.hostsToGenerate}"]
 - source:
    objref:
-      name: common-networking-catalogue
-    fieldref: "{.commonNetworking}"
+      kind: VariableCatalogue
+      name: networking
+    fieldref: "{.commonHostNetworking}"
  target:
    objref:
      kind: Templater
--- a/manifests/function/k8scontrol/README.md
+++ b/manifests/function/k8scontrol/README.md
@ -7,6 +7,12 @@ resources.

 Optional: a ``versions-airshipctl`` VariableCatalogue may be used to
 override the default Kubernetes version and controlplane disk image.
-A base example for this catalogue can be found in the ``airshipctl-catalogues``
+A base example for this catalogue can be found in the ``airshipctl-base-catalogues``
 function.  If using the catalogue, apply the ``replacements/`` entrypoint
 at the site level, as a Kubernetes transformer.
+
+Optional: a ``networking`` VariableCatalogue may be used to
+override some Kubernetes networking configuration.
+A base example for this catalogue can be found in the ``airshipctl-base-catalogues``
+function.  If using the catalogue, apply the ``replacements/`` entrypoint
+at the site level, as a Kustomize transformer.
--- a/manifests/function/k8scontrol/cluster.yaml
+++ b/manifests/function/k8scontrol/cluster.yaml
@ -15,8 +15,10 @@ metadata:
 spec:
  clusterNetwork:
    services:
+      # Overrideable via the `replacements` entrypoint and networking catalogue
      cidrBlocks: ["10.96.0.0/12"]
    pods:
+      # Overrideable via the `replacements` entrypoint and networking catalogue
      cidrBlocks: ["192.168.0.0/18"]
    serviceDomain: "cluster.local"
  infrastructureRef:
@ -33,6 +35,7 @@ kind: Metal3Cluster
 metadata:
  name: target-cluster
 spec:
+  # Overrideable via the `replacements` entrypoint and networking catalogue
  controlPlaneEndpoint:
    host: 10.23.25.102
    port: 6443
--- a/manifests/function/k8scontrol/controlplane.yaml
+++ b/manifests/function/k8scontrol/controlplane.yaml
@ -20,6 +20,7 @@ spec:
          Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
          Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
          Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
+    # TODO: add download sources to the versions catalogue
    preKubeadmCommands:
      - echo 'root:r00tme' | chpasswd
      - echo 'ubuntu:r00tme' | chpasswd
--- a/manifests/function/k8scontrol/replacements/kustomization.yaml
+++ b/manifests/function/k8scontrol/replacements/kustomization.yaml
@ -3,3 +3,4 @@ kind: Kustomization
 resources:
  - versions.yaml
  - k8scontrol-env-vars.yaml
+  - networking.yaml
--- a/manifests/function/k8scontrol/replacements/networking.yaml
+++ b/manifests/function/k8scontrol/replacements/networking.yaml
@ -0,0 +1,41 @@
+# These rules inject networking info into the k8scontrol function.
+# Note! They are applied to Cluster object(s) regardless of name, so
+# that they can be defined/used generically.  If more than one Cluster
+# needs to be submitted to a management cluster, these tranformation
+# rules should be applied to each Cluster in isolation, and then
+# the results "mixed together" via kustomize.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-networking-replacements
+replacements:
+# Replace the pod & service networks
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.serviceCidr
+  target:
+    objref:
+      kind: Cluster
+    fieldrefs: ["spec.clusterNetwork.services.cidrBlocks.0"]
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.podCidr
+  target:
+    objref:
+      kind: Cluster
+    fieldrefs: ["spec.clusterNetwork.pods.cidrBlocks.0"]
+
+# Replace the k8s controlplane host endpoint
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: networking
+    fieldref: kubernetes.controlPlaneEndpoint
+  target:
+    objref:
+      kind: Metal3Cluster
+    fieldrefs: ["spec.controlPlaneEndpoint"]
--- a/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml
@ -4,7 +4,7 @@ resources:
  # TODO: these two should move up to type level in the future
  - ../../../../../function/hostgenerator-m3
  - ../../../../../function/hardwareprofile-example
-  - ../../../shared/catalogues/
+  - ../../catalogues
  - host-generation.yaml

 transformers:
--- a/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml
@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../../type/gating
-  - ../../../../function/airshipctl-catalogues
+  - ../../../../function/ephemeral
+  - ../catalogues

 generators:
  - hostgenerator
--- a/manifests/site/test-site/ephemeral/catalogues/README.md
+++ b/manifests/site/test-site/ephemeral/catalogues/README.md
@ -0,0 +1,4 @@
+# Catalogue Definitions for Ephemeral Cluster
+
+This inherits Site-level catalogues from the neighboring target cluster's
+`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.
--- a/manifests/site/test-site/ephemeral/catalogues/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/catalogues/kustomization.yaml
@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../target/catalogues
+patches:
+  - networking.yaml
--- a/manifests/site/test-site/ephemeral/catalogues/networking.yaml
+++ b/manifests/site/test-site/ephemeral/catalogues/networking.yaml
@ -0,0 +1,20 @@
+# This makes a couple small networking tweaks that are specific to the
+# ephemeral cluster, on top of the target cluster networking definition.
+# These values can be overridden at the site, type, etc levels as appropriate.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: networking
+
+# The catalogue should be overridden as appropriate for different kubernetes
+# clusters, e.g. ephemeral vs target vs tenant
+kubernetes:
+  podCidr: "192.168.0.0/24"
+  controlPlaneEndpoint:
+    host: "10.23.25.101"
+  apiserverCertSANs: "[10.23.25.101, 10.23.24.101]"
+
+ironic:
+  provisioningIp: "10.23.24.101"
+  dhcpRange: "10.23.24.200,10.23.24.250"
+
--- a/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml
@ -4,7 +4,7 @@ resources:
  # TODO: these two should move up to type level in the future
  - ../../../../../function/hostgenerator-m3
  - ../../../../../function/hardwareprofile-example
-  - ../../../shared/catalogues/
+  - ../../catalogues
  - host-generation.yaml

 transformers:
--- a/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/controlplane/kustomization.yaml
@ -3,12 +3,9 @@ kind: Kustomization
 resources:
  # TODO (dukov) It's recocommended to upload BareMetalHost objects separately
  # otherwise nodes will hang in 'registering' state for quite a long time
-  - nodes
-  - ../../../../function/airshipctl-catalogues
  - ../../../../function/k8scontrol
-
-patchesStrategicMerge:
-  - versions-catalogue-patch.yaml
+  - ../../target/catalogues # NOTE: use target networking for this phase
+  - nodes

 transformers:
  - ../../../../function/k8scontrol/replacements
--- a/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
+++ b/manifests/site/test-site/ephemeral/initinfra/kustomization.yaml
@ -1,11 +1,8 @@
 resources:
-  - ../../../../composite/infra
-  - ../../../../function/clusterctl
-  - ../../../../function/airshipctl-catalogues
  - ../../../../function/baremetal-operator
-
-patchesStrategicMerge:
-  - patch_bmo_config.yaml
+  - ../../../../function/clusterctl
+  - ../../../../composite/infra
+  - ../catalogues

 commonLabels:
  airshipit.org/stage: initinfra
--- a/manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml
+++ b/manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml
@ -1,9 +0,0 @@
---
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  labels:
-  name: ironic-vars
-data:
-  PROVISIONING_IP: "10.23.24.101"
-  DHCP_RANGE: "10.23.24.200,10.23.24.250"
--- a/manifests/site/test-site/target/catalogues/README.md
+++ b/manifests/site/test-site/target/catalogues/README.md
@ -0,0 +1,5 @@
+# Catalogue Definitions for Target Cluster
+
+This inherits Type-level catalogues, and adds in Site-specific values.
+The neighboring ephemeral cluster's `catalogues` entrypoint applies further
+customizations on top of this for ephemeral use.
--- a/manifests/site/test-site/target/catalogues/hosts.yaml
+++ b/manifests/site/test-site/target/catalogues/hosts.yaml
@ -4,6 +4,9 @@ apiVersion: airshipit.org/v1alpha1
 kind: VariableCatalogue
 metadata:
  name: host-catalogue
+  labels:
+    airshipit.org/deploy-k8s: "false"
+
 hosts:
  m3:
    node01:
--- a/manifests/site/test-site/target/catalogues/kustomization.yaml
+++ b/manifests/site/test-site/target/catalogues/kustomization.yaml
@ -1,5 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+
 resources:
  - ../../../../type/gating/shared/catalogues
  - hosts.yaml
+
+patches:
+  - versions-airshipctl.yaml
+  - networking.yaml
--- a/manifests/site/test-site/target/catalogues/networking.yaml
+++ b/manifests/site/test-site/target/catalogues/networking.yaml
@ -0,0 +1,19 @@
+# This makes a couple small networking tweaks that are specific to the
+# ephemeral cluster, on top of the target cluster networking definition.
+# These values can be overridden at the site, type, etc levels as appropriate.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: networking
+
+# The catalogue should be overridden as appropriate for different kubernetes
+# clusters, e.g. ephemeral vs target vs tenant
+kubernetes:
+  controlPlaneEndpoint:
+    host: "10.23.25.102"
+  apiserverCertSANs: "[10.23.25.102, 10.23.24.102]"
+
+ironic:
+  provisioningIp: "10.23.24.102"
+  dhcpRange: "10.23.24.200,10.23.24.250"
+
--- a/manifests/site/test-site/ephemeral/controlplane/versions-catalogue-patch.yaml
+++ b/manifests/site/test-site/ephemeral/controlplane/versions-catalogue-patch.yaml
@ -1,11 +1,12 @@
-# Patch the versions catalogue to use the site-specific local image URL
-# TODO: patch this in from a site-networking catalogue in the future
+# Override default controlplane image location
 apiVersion: airshipit.org/v1alpha1
 kind: VariableCatalogue
 metadata:
  name: versions-airshipctl
+
 files:
  k8scontrol:
+    # Host the image in a locally served location for CI
    cluster_controlplane_image:
      url: http://10.23.24.1:8099/target-image.qcow2
      checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
--- a/manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml
+++ b/manifests/site/test-site/target/controlplane/control-machine-template-patch.yaml
@ -1,11 +0,0 @@
---
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
-kind: Metal3MachineTemplate
-metadata:
-  name: cluster-controlplane
-spec:
-  template:
-    spec:
-      image:
-        url: http://10.23.24.1:8099/target-image.qcow2
-        checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
--- a/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml
+++ b/manifests/site/test-site/target/controlplane/hostgenerator/kustomization.yaml
@ -3,7 +3,7 @@ kind: Kustomization
 resources:
  - ../../../../../function/hostgenerator-m3
  - ../../../../../function/hardwareprofile-example
-  - ../../../shared/catalogues/
+  - ../../catalogues
  - host-generation.yaml

 transformers:
--- a/manifests/site/test-site/target/controlplane/kustomization.yaml
+++ b/manifests/site/test-site/target/controlplane/kustomization.yaml
@ -4,11 +4,11 @@ resources:
  # TODO (dukov) It's recocommended to upload BareMetalHost objects separately
  # otherwise nodes will hang in 'registering' state for quite a long time
  - nodes
-  - ../../../../function/airshipctl-catalogues
  - ../../../../function/k8scontrol
-
-patchesStrategicMerge:
-  - control-machine-template-patch.yaml
+  - ../catalogues

 commonLabels:
  airshipit.org/stage: initinfra
+
+transformers:
+  - ../../../../function/k8scontrol/replacements
--- a/manifests/site/test-site/target/initinfra/kustomization.yaml
+++ b/manifests/site/test-site/target/initinfra/kustomization.yaml
@ -1,12 +1,9 @@
 resources:
-  - ../../../../composite/infra
-  - ../../../../function/clusterctl
-  - ../../../../function/airshipctl-catalogues
  - ../../../../function/baremetal-operator
+  - ../../../../function/clusterctl
  - ../../../../function/helm-operator
-
-patchesStrategicMerge:
-  - patch_bmo_config.yaml
+  - ../../../../composite/infra
+  - ../catalogues

 commonLabels:
  airshipit.org/stage: initinfra
--- a/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml
+++ b/manifests/site/test-site/target/workers/hostgenerator/kustomization.yaml
@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ../../../../../function/hostgenerator-m3
-  - ../../../shared/catalogues/
+  - ../../catalogues
  - host-generation.yaml

 transformers:
--- a/manifests/type/gating/kustomization.yaml
+++ b/manifests/type/gating/kustomization.yaml
@ -1,2 +0,0 @@
-resources:
-  - ../../function/ephemeral
--- a/manifests/type/gating/shared/catalogues/kustomization.yaml
+++ b/manifests/type/gating/shared/catalogues/kustomization.yaml
@ -1,4 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - common-networking.yaml
+  - ../../../../function/airshipctl-base-catalogues
+patches:
+  - networking.yaml
+
--- a/manifests/type/gating/shared/catalogues/common-networking.yaml
+++ b/manifests/type/gating/shared/catalogues/common-networking.yaml
@ -1,10 +1,17 @@
-# Type-level networking catalogue.  This info feeds the Templater
-# kustomize plugin config in the hostgenerator-m3 function.
+# The default networking catalogue for site- and operator-specific networking.
+# These values can be overridden at the site, type, etc levels as appropriate.
 apiVersion: airshipit.org/v1alpha1
 kind: VariableCatalogue
 metadata:
-  name: common-networking-catalogue
-commonNetworking:
+  name: networking
+  labels:
+    airshipit.org/deploy-k8s: "false"
+
+# This section is only relevant when using Metal3 BareMetalHosts, and
+# is consumed by the `hostgenerator-m3` function.
+# It defines host-level networking that is common across all BMHs in a site,
+# and will typically be fully overridden at the Type and Site level.
+commonHostNetworking:
  links:
    - id: oam
      name: oam
@ -36,4 +43,3 @@ commonNetworking:
      type: dns
    - address: 8.8.4.4
      type: dns
-