This PS adds PROXY parameter system executable script.
make uses PROXY parameter to pass proxy while building image
This change also adds TARGET_NODE,CLUSTER_NAMESPACE parameter to pass
node details and cluster details for further operations
Change-Id: I9ff8e12ff679526b728c55ffd23c3ed513db4589
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.
Usage:
1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
Copy existing key from sops project
2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
3. `airshipctl phase run secret-generate`
It will generate and encrypt secret in
manifests/site/test-site/target/generator/results/generated/
4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/ > output.txt`
It will decrypt encrypted secret
Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
Sink function allows to write configurations to an external system.
Change-Id: If9c6904239a542ea4c2bef2920965b6d87feb1e6
Relates-To: #202
Relates-To: #369
This updates the Flux manifests to the latest versions, which includes
a fix [0] to Helm chart rendering which was impacting the OSH charts.
[0]: https://github.com/fluxcd/helm-controller/pull/172
This also adds Kptfiles to each of the functions to make it trivial
to update them.
Relates-To: #430
Change-Id: Ic12bc6a8460542fd943ed3539cf1be19b6525dbc
This patchset contains the function-manifests containing the template
to generate secrets. The secrets include both certificates and
passphrases.
Change-Id: Ie26fac9fe7f3918c8ebb746259d1d9bc0b423489
* Migrate the Calico function in airshipctl to deploy the
Tigera Operator, instead of raw manifests
* Added a new executor `kubernetes-apply-nowait` to run phase with nowait
* nowait had to be done for phase `initinfra-networking-<ephemeral/target>`
because of an issue with phase status-check for a specific resource
`installation` which is part of tigera operator CR
Change-Id: I748813667cdc5d05c9f0758d9c1e28082d79bdbe
Closes: #368
* Current kubernetes client certificate expired on Dec 25th 2020
* Re-generated client certificate and key with same CA
Change-Id: Ifb7eacbf5264bed9373c0b9d9287ee087ebd36cb
Relates-To: #441
This introduces airshipctl integration with image-builder [0], which
replaces the existing isogen tool for ephemeral ISO generation.
The airshipctl isogen executor has been updated for building ephemeral
ISOs using the image-builder container. The ability for user-declared
filenames for cloud-init user data and network data was removed, since
the user's only interest is in supplying the relevant overrides, not in
transparent naming coordination with the image-builder container. A new
object is added to the document package to identify the document kind,
label, and key to retrieve data from since this is pattern we will
reuse elsewhere.
Progress flag removed as requsted. Progress is reported directly by the
image-builder container.
Isogen debug flag removed in favor of using log.DebugEnabled()
[0] https://review.opendev.org/#/c/730777/
Depends-On: https://review.opendev.org/c/airship/images/+/730777/
Change-Id: I545004feaf2116f8ffb29faf6f7f7f5fcfe24fff
Added CAPG specific envs to initialize ephemeral cluster
with CAPG provider components
Added support to replace env vars
Relates-To: #425
Change-Id: I5d38a3f703683b68b18f4ccbaa52331de8484d6e
This patchset includes the Phase and Executor manifests that handles
the creation of a K8S cluster on private/public cloud provider.
There are three sets of Phases and Executors for each provider:
- ephemeral-<provider>-genesis: deploys a K8S cluster
- ephemeral-<provider>-cleanup: deletes a K8S cluster
- ephemeral-<provider>-help: returns the help text for the container
where <provider> can be:
- az: for Azure cloud platform
- gcp: for Google cloud platform
- os: for Openstack cloud platform
Change-Id: Ia5d9aeca89c507c2e98a1beb1fb3ff906f9540f6
This commit adds toleration for taint master NoSchedule to different
components. This will help us in managing components that gets deployed
in kubernetes master nodes
Relates-To: #406
Change-Id: I9f3a30be9c4eed65dcdd1c41514abbfd9c384541
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
* Add cert-manager to airshipctl
* include cert-manager to infra composite
Relates-To: #408
Signed-off-by: Sreejith Punnapuzha <sreejith.punnapuzha@outlook.com>
Change-Id: I3977b1fee7c44724c8a4ec47bb3e8b5be413386d
* Used images tag to inject image override to clustetctl object,
the same way the image override is done for cert-manager.
* Using this way, the upstream manifests for cluster components does
not need any customization (IMAGE URL as variable) and can be consumed as is.
* If this approach is approved, then will update the same for other proviers
( CAPO, CAPD, CAPZ, cAPG ) and will get tested.
Change-Id: If920f544d111d94e5b7075d5406ed2f87a5e6929
Closes: #431
This reverts commit 813bdd3614d13cc6bacbf0846c139d8f6da027af.
Reason for revert: This commit was done to avoid duplication of certmanager across all clusterctl components. However with the current notion of maintaining the upstream version as is, this change should be reverted. Also there is WIP to implement cert-manager as a standalone component even before clusterctl tries to deploy its embedded certmanager. So this commit will avoid manipulating the override in the standalone certmanager component
Change-Id: I16b0b002da990eb3f070f69d025cb904f7ef9e27
This PS updates ironic deployment with IPA init container
which contains python agent agent packages which are ubuntu based
packages. The docker image for this can found here [0]
[0]
https://opendev.org/airship/images/src/branch/master/ipa-downloader-image
Change-Id: Idaaafb2ddb562cf22a62df36100dd1e6c76211fc
Added support for following phases in CAPG provider
clusterctl-init-ephemeral
controlplane-ephemeral
initinfra-target
clusterctl-init-target
clusterctl-move
workers-target
Added support for deploying calico CNI for CAPG
through initinfra-target phase
Relates-To: #425
Change-Id: I91b29e561444d82d33802157eba5a1d94b25ba04
Some of sites defined in document model have no metadata.yaml,
which is essential to work properly with that sites.
* az-test-site and gcp-test-site metadata.yaml added
* metadata.yaml for test-site moved to appropriate directory
for consistency
Change-Id: Ibec109e41a5e3fd36794dc6a879888cfc610c9cc
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Relates-To: #19
Azure does not currently suport Calico networking.
As a workaround, this patch set includes CAPZ Calico manifests that uses
VXLAN, instead.
The CAPZ Calico manifest are located under
manifest/function/cni/calico-capz.
Change-Id: Iadb2d5e10131e6a2df8cef49e2ec189ab948eeb9
This patch set includes the site specifig for Azure (az-test-site) that
contains the manifests and kustomization files needed to deploy a
Workload cluster on the Azure cloud platform.
This patch set uses the Azure CAPZ v0.4.9 for the Workload cluster
deployment.
Change-Id: Ie71630bf55edadfcc11527c04aea41aa2161bdbd
This patch set includes the manifest templates for the Workload cluster
deployment for CAPZ v0.4.9.
Also, added the new folder manifest/function/workers-capz and moved the
manifests for v0.4.8 under it, as well as for v0.4.9
Change-Id: Ie08b6e7092f90ac8ee533c574a26eaf9b6600c5c
This patchset includes the manifests for CAPZ version v0.4.9, which has
been added under airshipctl/manifests/function/capz/v0.4.9
Also added an entry in the clusterctl/clusterctl.yaml for CAPZ
Change-Id: I3a52257320af1f68ec2d8f4302e7176b73f227dd
adjust openstack-test-site to execute the below phases
for openstack provider(capo)
clusterctl-init-ephemeral
controlplane-ephemeral
clusterctl-init-target
clusterctl-move
workers-target
A detailed test run of the phases can be found in
https://hackmd.io/OheCGmq8RX64SPw2sF3qGQ
Change-Id: Id982273d28515eb3a44c39d869eaeb229923339c
* Images added to clusterctl object like Providers
So that repository and tag for one or all of the cert-manager
components can be overriden using patch/replacement
clusterctl Documentation for Image Override:
https://cluster-api.sigs.k8s.io/clusterctl/configuration.html#image-overrides
Change-Id: Id9de8d1967e49aeb3293f6802e51d66d598333ae
Closes: #350
Update CAPO provider manifest to inherit clusterctl from
functions and patch the infrastructure provider details
Add capo versions in base-catalog
Change-Id: I8f1f59857dcbf163af01a5a766451e6579ded148