You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
418 lines
11 KiB
418 lines
11 KiB
# Licensed under the Apache License, Version 2.0 (the "License"); |
|
# you may not use this file except in compliance with the License. |
|
# You may obtain a copy of the License at |
|
# |
|
# http://www.apache.org/licenses/LICENSE-2.0 |
|
# |
|
# Unless required by applicable law or agreed to in writing, software |
|
# distributed under the License is distributed on an "AS IS" BASIS, |
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
# See the License for the specific language governing permissions and |
|
# limitations under the License. |
|
|
|
|
|
apiVersion: v1 |
|
kind: Secret |
|
metadata: |
|
name: aiap-secret |
|
labels: |
|
aiap: aiap |
|
data: |
|
AIRSHIPCTL_REPO_AUTH_USERNAME: "" |
|
AIRSHIPCTL_REPO_AUTH_HTTP_PASSWORD: "" |
|
AIRSHIPCTL_REPO_AUTH_SSH_KEY: "" |
|
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_USERNAME: "" |
|
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_HTTP_PASSWORD: "" |
|
AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_SSH_PASSWORD: "" |
|
SOPS_IMPORT_PGP: "" |
|
--- |
|
|
|
apiVersion: v1 |
|
kind: Pod |
|
metadata: |
|
name: airship-in-a-pod |
|
labels: |
|
aiap: aiap |
|
spec: |
|
affinity: |
|
podAntiAffinity: |
|
requiredDuringSchedulingIgnoredDuringExecution: |
|
- labelSelector: |
|
matchExpressions: |
|
- key: aiap |
|
operator: Exists |
|
topologyKey: kubernetes.io/hostname |
|
hostNetwork: false |
|
restartPolicy: Never |
|
containers: |
|
|
|
- name: libvirt |
|
image: quay.io/airshipit/libvirt:aiap-v1 |
|
imagePullPolicy: IfNotPresent |
|
securityContext: |
|
privileged: true |
|
#SYS_ADMIN required for systemd, need to work out reqs for libvirt |
|
command: |
|
- bash |
|
- -cex |
|
- "exec /usr/lib/systemd/systemd" |
|
env: |
|
- name: container |
|
value: docker |
|
readinessProbe: |
|
exec: |
|
command: |
|
- virsh |
|
- version |
|
initialDelaySeconds: 5 |
|
periodSeconds: 5 |
|
startupProbe: |
|
exec: |
|
command: |
|
- systemctl |
|
- is-active |
|
- --quiet |
|
- libvirtd |
|
initialDelaySeconds: 5 |
|
periodSeconds: 5 |
|
volumeMounts: |
|
- name: var-run-aiap |
|
mountPath: /var/run/aiap/ |
|
- name: dev |
|
mountPath: /dev |
|
- name: tmp |
|
mountPath: /tmp |
|
- name: run |
|
mountPath: /run |
|
- name: var-lib-libvirt-images |
|
mountPath: /var/lib/libvirt/images |
|
- name: var-lib-libvirt-default |
|
mountPath: /var/lib/libvirt/default |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
- name: sys-fs-cgroup |
|
mountPath: /sys/fs/cgroup |
|
readOnly: false |
|
- name: logs |
|
mountPath: /var/log/ |
|
|
|
- name: sushy |
|
image: quay.io/metal3-io/sushy-tools |
|
imagePullPolicy: IfNotPresent |
|
command: |
|
- bash |
|
- -cex |
|
- | |
|
tee /csr_details.txt << EOF |
|
[req] |
|
default_bits = 2048 |
|
prompt = no |
|
default_md = sha256 |
|
req_extensions = req_ext |
|
distinguished_name = dn |
|
|
|
[ dn ] |
|
CN = localhost |
|
|
|
[ req_ext ] |
|
subjectAltName = @alt_names |
|
|
|
[ alt_names ] |
|
DNS.1 = 127.0.0.1 |
|
DNS.2 = ::1 |
|
EOF |
|
|
|
openssl req \ |
|
-newkey rsa:2048 \ |
|
-nodes \ |
|
-keyout /airship_gate_redfish_auth.key \ |
|
-x509 \ |
|
-days 365 \ |
|
-out /airship_gate_redfish_auth.pem \ |
|
-config <(cat /csr_details.txt) \ |
|
-extensions 'req_ext' |
|
|
|
# Wait for infrastructure to come up |
|
while (! grep -sq "SUCCESS" "/tmp/status/infra-builder"); do printf "Waiting on infra-builder...\n"; sleep 1; done |
|
|
|
sushy-emulator \ |
|
--debug \ |
|
--interface 10.23.25.1 \ |
|
--port 8443 \ |
|
--ssl-key /airship_gate_redfish_auth.key \ |
|
--ssl-certificate /airship_gate_redfish_auth.pem |
|
volumeMounts: |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
- name: status |
|
mountPath: /tmp/status |
|
|
|
- name: nginx |
|
image: nginx:latest |
|
imagePullPolicy: IfNotPresent |
|
command: |
|
- bash |
|
- -cex |
|
- | |
|
tee /etc/nginx/nginx.conf <<'EOF' |
|
user nginx; |
|
worker_processes 1; |
|
error_log /var/log/nginx/error.log warn; |
|
pid /var/run/nginx.pid; |
|
events { |
|
worker_connections 1024; |
|
} |
|
http { |
|
include /etc/nginx/mime.types; |
|
default_type application/octet-stream; |
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
|
'$status $body_bytes_sent "$http_referer" ' |
|
'"$http_user_agent" "$http_x_forwarded_for"'; |
|
access_log /var/log/nginx/access.log main; |
|
sendfile on; |
|
#tcp_nopush on; |
|
keepalive_timeout 65; |
|
#gzip on; |
|
server { |
|
listen 8099; |
|
listen [::]:8099; |
|
server_name localhost; |
|
#charset koi8-r; |
|
#access_log /var/log/nginx/host.access.log main; |
|
location / { |
|
root /srv/images; |
|
autoindex on; |
|
} |
|
error_page 500 502 503 504 /50x.html; |
|
location = /50x.html { |
|
root /usr/share/nginx/html; |
|
} |
|
} |
|
} |
|
EOF |
|
exec nginx -g 'daemon off;' |
|
volumeMounts: |
|
- name: srv |
|
mountPath: /srv/ |
|
|
|
- name: dind |
|
image: docker:stable-dind |
|
imagePullPolicy: IfNotPresent |
|
securityContext: |
|
privileged: true |
|
volumeMounts: |
|
- name: var-run-aiap |
|
mountPath: /var/run/aiap/ |
|
- name: dind-storage |
|
mountPath: /var/lib/docker |
|
- name: var-run-docker |
|
mountPath: /var/run/ |
|
- name: srv |
|
mountPath: /srv/ |
|
- name: airship-config |
|
mountPath: /root/.airship |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
|
|
- name: artifact-setup |
|
image: quay.io/airshipit/aiap-artifact-setup:latest |
|
imagePullPolicy: IfNotPresent |
|
command: |
|
- bash |
|
- -cex |
|
- /entrypoint.sh |
|
env: |
|
- name: CACHE_DIR |
|
value: /opt/aiap-files/cache |
|
- name: USE_CACHED_AIRSHIPCTL |
|
value: "false" |
|
- name: ARTIFACTS_DIR |
|
value: /opt/aiap-files/artifacts |
|
- name: AIRSHIPCTL_REPO_URL |
|
value: https://opendev.org/airship/airshipctl |
|
- name: AIRSHIPCTL_REPO_REF |
|
value: master |
|
- name: AIRSHIPCTL_REPO_AUTH_TYPE |
|
value: "none" |
|
- name: USE_PROXY |
|
value: |
|
- name: no_proxy |
|
value: |
|
- name: http_proxy |
|
value: |
|
- name: https_proxy |
|
value: |
|
volumeMounts: |
|
- name: tmp |
|
mountPath: /tmp |
|
- name: aiap-files |
|
mountPath: /opt/aiap-files |
|
- name: status |
|
mountPath: /tmp/status |
|
- name: var-run-docker |
|
mountPath: /var/run |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
- name: aiap-secret-volume |
|
mountPath: /opt/aiap-secret-volume |
|
|
|
- name: infra-builder |
|
image: quay.io/airshipit/aiap-infra-builder:latest |
|
imagePullPolicy: IfNotPresent |
|
securityContext: |
|
privileged: true |
|
command: |
|
- bash |
|
- -cex |
|
- /entrypoint.sh |
|
env: |
|
- name: CACHE_DIR |
|
value: /opt/aiap-files/cache |
|
- name: ARTIFACTS_DIR |
|
value: /opt/aiap-files/artifacts |
|
- name: USE_PROXY |
|
value: |
|
- name: no_proxy |
|
value: |
|
- name: http_proxy |
|
value: |
|
- name: https_proxy |
|
value: |
|
volumeMounts: |
|
- name: aiap-files |
|
mountPath: /opt/aiap-files |
|
- name: status |
|
mountPath: /tmp/status |
|
- name: tmp |
|
mountPath: /tmp |
|
- name: var-run-aiap |
|
mountPath: /var/run/aiap/ |
|
- name: var-lib-libvirt-images |
|
mountPath: /var/lib/libvirt/images |
|
- name: var-lib-libvirt-default |
|
mountPath: /var/lib/libvirt/default |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
- name: logs |
|
mountPath: /var/log/ |
|
- name: var-run-docker |
|
mountPath: /var/run |
|
|
|
- name: runner |
|
image: quay.io/airshipit/aiap-runner:latest |
|
imagePullPolicy: IfNotPresent |
|
command: |
|
- bash |
|
- -cex |
|
- /entrypoint.sh |
|
env: |
|
- name: CACHE_DIR |
|
value: /opt/aiap-files/cache |
|
- name: ARTIFACTS_DIR |
|
value: /opt/aiap-files/artifacts |
|
- name: USE_CACHED_ISO |
|
value: "false" |
|
- name: AIRSHIP_CONFIG_PHASE_REPO_URL |
|
value: https://review.opendev.org/airship/airshipctl |
|
- name: AIRSHIP_CONFIG_PHASE_REPO_BRANCH |
|
value: master |
|
- name: AIRSHIP_CONFIG_PHASE_REPO_REF |
|
value: |
|
- name: USE_PROXY |
|
value: |
|
- name: no_proxy |
|
value: |
|
- name: http_proxy |
|
value: |
|
- name: https_proxy |
|
value: |
|
- name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE |
|
value: "none" |
|
- name: SKIP_REGENERATE |
|
value: |
|
|
|
volumeMounts: |
|
- name: aiap-files |
|
mountPath: /opt/aiap-files |
|
- name: status |
|
mountPath: /tmp/status |
|
- name: tmp |
|
mountPath: /tmp |
|
- name: var-run-aiap |
|
mountPath: /var/run/aiap/ |
|
- name: srv |
|
mountPath: /srv/ |
|
- name: run |
|
mountPath: /run |
|
- name: var-run-libvirt |
|
mountPath: /var/run/libvirt |
|
- name: logs |
|
mountPath: /var/log/ |
|
- name: var-run-docker |
|
mountPath: /var/run |
|
- name: airship-config |
|
mountPath: /root/.airship |
|
- mountPath: /opt/aiap-secret-volume |
|
name: aiap-secret-volume |
|
|
|
- name: status-checker |
|
image: quay.io/airshipit/aiap-status-checker:latest |
|
volumeMounts: |
|
- name: status |
|
mountPath: /tmp/status |
|
|
|
initContainers: |
|
- name: init-aiap-files |
|
image: ubuntu:20.04 |
|
command: |
|
- bash |
|
- -cex |
|
- | |
|
mkdir -p /opt/aiap-files/artifacts |
|
mkdir -p /opt/aiap-files/cache |
|
volumeMounts: |
|
- name: aiap-files |
|
mountPath: /opt/aiap-files |
|
|
|
volumes: |
|
- name: aiap-files |
|
persistentVolumeClaim: |
|
claimName: aiap-pv-files-claim |
|
- name: status |
|
emptyDir: {} |
|
- name: dev |
|
hostPath: |
|
path: /dev |
|
- name: tmp |
|
emptyDir: |
|
medium: "Memory" |
|
- name: airship-config |
|
emptyDir: {} |
|
- name: run |
|
emptyDir: |
|
medium: "Memory" |
|
- name: var-lib-libvirt-images |
|
emptyDir: {} |
|
- name: var-lib-libvirt-default |
|
emptyDir: {} |
|
- name: var-run-libvirt |
|
emptyDir: |
|
medium: "Memory" |
|
- name: var-run-aiap |
|
emptyDir: |
|
medium: "Memory" |
|
- name: sys-fs-cgroup |
|
hostPath: |
|
path: /sys/fs/cgroup |
|
- name: srv |
|
emptyDir: {} |
|
- name: logs |
|
emptyDir: {} |
|
- name: var-run-docker |
|
emptyDir: |
|
medium: "Memory" |
|
- name: dind-storage |
|
emptyDir: {} |
|
- name: aiap-secret-volume |
|
secret: |
|
secretName: aiap-secret
|
|
|