kustomize is a useful tool for debugging when rendering fails
Relates-To: #504
Signed-off-by: James Gu <james.gu@att.com>
Change-Id: I649c74bb7868a80618617db16dc1f1028c262c11
During our work we used personal images, because
there was no upstream available. Now when the
upstream is avaialbe - we're changing all urls to it.
Change-Id: I6e8344723e343c4396304d68908fae328d139434
Pip installation of package with sudo will fail because of permission
issues in home folder. Adding -H option to sudo to fix this.
Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I60222b300591aecdbd5e27a0bb86c1c62daca289
Additionally aligned between Treasuremap and Airchipctl to use the same
environemnt variable "SITE" for a site name.
Change-Id: I50494b50691a40efe68996cd11ccede6517b23d6
Signed-off-by: James Gu <james.gu@att.com>
Added 2 phases:
1. secret-reencrypt - This phase can be used to
reecnrypt the existing secrets with new key.
To do so SOPS_IMPORT_PGP must contain
old public key and new private key (but
may also include other data).
SOPS_PGP_FP must contain fingerprint of
new private key.
2. secret-show - This phase may be useful for some users
that need to see what generated by secret-generate phase.
Disabled SOPS debug by default.
To enable it back run commands with
env variable DEBUG_SOPS_GPG=true
Change-Id: Id7fe13d6943d386577df25dba4aaa83e62e58980
Commit fixes CAPD deployment and removes redundant scripts
that check expiration for CAPD site.
They must be tested separately outside CAPD pipeline
Related-To: #482
Closes: #482
Change-Id: I60ffd76a4f3f08bd7bd198a0c2b15483dfbdd6a6
Change ClusterMap API object to support multiple kubeconfig sources
for a cluster. If one kubeconfig source fails, kubeconfig builder
will not fail and move on to the next one. This behaviour will allow
to support cases when ephemeral cluster is not accesible anymore or
when target cluster is not yet accessible.
For more information please read issue #460 in airshipctl github
Relates-To: #460
Related-To: #460
Change-Id: I7cd32f78cd7c4ad8814eac357424c24216f40d76
* Wait for CRD's Established state.
* Wait for CR tigerastatus to show up in api to query
* Once CR is created, wait for its condition to be available.
Change-Id: Ibb83e16a15a7e0e351b6ae030e3e82ce22d41c70
Closes: #442
Updated env variable TEST_SITE to SITE to remove
error with capd deployment
Updated scripts to use phase "initinfra-networking" for deploying
calico cni in target cluster
Change-Id: Ib372e8fe8d1124aa83c5e69a861c523a967c22c9
Isogen executor is not needed any more since there is
iso build phase plan that runs two phases using generic
containers.
Relates-To: #440
Change-Id: I3600e82fa1d8a92cdf103d93cd4536bf4a713cca
The deploy_worker_node script waits for the nodes to come up and
spams the logs as it runs. This change removes -x from the script
in order to remove a lot of unnecessary stdout since the script
already contains several echo statements to indicate progress.
Change-Id: I4c7465b6aa3538ea171f61387035e79c7d852088
With this commit QCOW images are pulled as a docker image to new
qcow-bundle container within ironic pod and copy them to shared ironic
volume to be served to hosts.
Also squashed with [0], manifests are adjusted to consume new QCOWs and
old QCOW related funtionality is removed.
[0] https://review.opendev.org/c/airship/airshipctl/+/776270
Co-Authored-By: Alexey Odinokov <aodinokov@mirantis.com>
Co-Authored-By: Craig Anderson <craig.anderson@att.com>
Change-Id: I958184b34ae94206bc5e87993e9287587b6a11d9
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Introduces Airship in pod. This includes:
* A base image which sets up common requirements
* An image for the libvirt service
* An image for building a specified instance of airshipctl
* An image for initializing the various libvirt infrastructure required
for a deployment
* An image which runs the deployment scripts
Closes: #313
Change-Id: Ib1114350190b0fe0c0761ff67b38b3eca783161a
This provides a script that can be used to swap out all instances of
current KRM function images with configurable replacements. This will
be useful if an operator needs to use a private repo such as
artifactory.
Closes: #457
Change-Id: I5bb8b05737e7a3771517310ae64746660b6bf617
This Commit fixes role not found issue when running script
20_run_gate_runner.sh
Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: Ic671cf04f30ae9647b052ce31f2ca76fb80043cf
* Read manifest repository URL from environment variable,
so that it can be configured to use for other repos like
treasuremap
Change-Id: I756e5be6fce72d4a5e7fe2d2f1115e92ea67843f
This patchset introduces a generated with template [1] and encrypted
VariableCatalogue generated-secrets that contains steps to
generate: ephemeral and target CA+admin key/cert and passwords for
users in ephemeral bootstrap iso.
It also introduces the way how these secrets are used in manifests:
They're decrypted by kustomize and incorporated into the folders
`catalogues` in the site, so they can be used by replacement plugin.
This patchset contains modifications in replacement plugin
configurations to put the decrypted values from VariableCatalogue
in place.
Since k8s secrets were substituted with generated values
this patchset removes pre-generated k8s secrets.
[1]
manifests/type/gating/target/generator/secret-template.yaml
Change-Id: I0898c74012833f0e171d36bb8145acf358510b69
Updating linter to latest version, which also updates
gosec to latest version to keep on top of updated security
checks in source code. Also disable gosec testing for rand.new.
Co-Authored-By: Alexander Hughes <Alexander.Hughes@pm.me>
Co-Authored-By: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I46e71c41597f70150ace6d9611da5a01f93a933d
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>