Merge "Add LMA sub-cluster"

2021-05-11 15:28:58 +00:00 · 2021-05-11 15:28:58 +00:00 · 39df8d69ff
parent cd8ac4924f 74b505bcad
commit 39df8d69ff
34 changed files with 400 additions and 25 deletions
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/controlplane/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/controlplane/kustomization.yaml
@ -0,0 +1,6 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/controlplane
+  - ../catalogues
+
+transformers:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/controlplane/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra-networking/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra-networking/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra-networking
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra/kustomization.yaml
@ -0,0 +1,6 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra
+  - ../catalogues
+
+transformers:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/lma-configs/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/lma-configs/kustomization.yaml
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/provide-infra/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/provide-infra/kustomization.yaml
@ -0,0 +1,6 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/provide-infra
+  - ../catalogues
+
+transformers:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/provide-infra/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml
@ -0,0 +1,7 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/workers
+  - ../catalogues
+  - metal3machinetemplate.yaml
+
+transformers:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/workers/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml
@ -0,0 +1,10 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+kind: Metal3MachineTemplate
+metadata:
+  name: worker-1
+spec:
+  template:
+    spec:
+      image:
+        url: http://10.23.24.102:80/images/data-plane.qcow2
+        checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/workload/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workload/kustomization.yaml
@ -0,0 +1,6 @@
+resources:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/workload
+  - ../catalogues
+
+transformers:
+  - ../../../../../type/multi-tenant/sub-clusters/lma/workload/replacements
--- a/manifests/type/multi-tenant/phases/cluster_map_patch.yaml
+++ b/manifests/type/multi-tenant/phases/cluster_map_patch.yaml
@ -21,3 +21,17 @@ map:
        filesystem:
          path: ~/.airship/kubeconfig
          contextName: wordpress
+  lma:
+    parent: target-cluster
+    kubeconfigSources:
+      - type: "clusterAPI"
+        clusterAPI:
+          clusterNamespacedName:
+            name: lma
+            namespace: lma
+      # NOTE: This context does not exist unless added on disk manually. This
+      # entry is here for backup.
+      - type: "filesystem"
+        filesystem:
+          path: ~/.airship/kubeconfig
+          contextName: lma
--- a/manifests/type/multi-tenant/phases/kustomization.yaml
+++ b/manifests/type/multi-tenant/phases/kustomization.yaml
@ -1,5 +1,6 @@
 resources:
  - ../../airship-core/phases
+  - ../sub-clusters/lma/phases
  - ../sub-clusters/wordpress/phases
  - workload-config.yaml
  - phases.yaml
--- a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml
+++ b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml
@ -13,7 +13,8 @@ metadata:

 spec:
  lma:
-  # This stanza is replaced directly into lma's networking catalogue
+    # This stanza is replaced directly into the LMA sub-cluster's networking
+    # catalogue at the site level.
    kubernetes:
      serviceCidr: "10.0.80.0/20"
      podCidr: "192.168.0.0/18"
@ -24,26 +25,17 @@ spec:
    # Ideally, improve this in the future.
      apiserverCertSANs: "[10.23.25.201, 10.23.24.201]"

-  # TODO: might spin this differently if SIP needs ranges instead of individual ports.
-  #  But really, it makes sense to put all this info in the same place in any case
-
-  # The non-overlapping port range allocated to the lma subcluster
-  # One of these ports (11000? 11001?) will be automaticaly used by SIP
-  # to build a loadbalancer for the k8s API
-    port_range: [11020, 11039]
-
-  # This is consumed by two different targets:
-  # 1. SIP in the undercloud, to set up lma's load balancers
-  # 2. NodePorts in the subcluster
    exposed_services:
-    - name: lma  # Service metadata.name
-      selector:          # Service spec.selector
-        app: lma
-      ports:             # Service spec.ports
-      - port: 11022
-        targetPort: 80
-        protocol: TCP
-        name: http
+      - name: auth
+        nodePort: 30556
+      - name: jumpHost
+        nodePort: 30001
+      - name: loadBalancerControlPlane
+        nodePort: 30002
+      # TODO: Uncomment when SIP supports a Worker load balancer.
+      # Potential ports that can be used by sub-cluster services.
+      # - name: loadBalancerWorkers
+      #   nodePort: ["30003:30020"]

  wordpress:
    # This stanza is replaced directly into the Wordpress sub-cluster's
--- a/manifests/type/multi-tenant/sub-clusters/lma/controlplane/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../sub-cluster/controlplane
--- a/manifests/type/multi-tenant/sub-clusters/lma/controlplane/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/replacements/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../../sub-cluster/controlplane/replacements
--- a/manifests/type/multi-tenant/sub-clusters/lma/initinfra-networking/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra-networking/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../sub-cluster/initinfra-networking
--- a/manifests/type/multi-tenant/sub-clusters/lma/initinfra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../sub-cluster/initinfra
--- a/manifests/type/multi-tenant/sub-clusters/lma/initinfra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/replacements/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../../sub-cluster/initinfra/replacements
--- a/manifests/type/multi-tenant/sub-clusters/lma/lma-configs/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/lma-configs/kustomization.yaml
@ -0,0 +1,4 @@
+resources:
+  - ../../../../../function/lma-configs
+
+namespace: lma-infra
--- a/manifests/type/multi-tenant/sub-clusters/lma/phases/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  sub-cluster: lma
+
+nameSuffix: "-lma"
+
+resources:
+  - ../../../../sub-cluster/phases
+  - lma_phases.yaml
+
+patchesStrategicMerge:
+  - phases_patch.yaml
--- a/manifests/type/multi-tenant/sub-clusters/lma/phases/lma_phases.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/lma_phases.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: lma-configs
+  clusterName: lma
+config:
+  executorRef:
+    apiVersion: airshipit.org/v1alpha1
+    kind: KubernetesApply
+    name: kubernetes-apply
+  documentEntryPoint: sub-clusters/lma/lma-configs
--- a/manifests/type/multi-tenant/sub-clusters/lma/phases/phases_patch.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/phases_patch.yaml
@ -0,0 +1,47 @@
+# NOTE: The contents of these phases are delivered to the target cluster.
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: provide-infra
+config:
+  documentEntryPoint: sub-clusters/lma/provide-infra
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: controlplane
+config:
+  documentEntryPoint: sub-clusters/lma/controlplane
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: workers
+config:
+  documentEntryPoint: sub-clusters/lma/workers
+
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: initinfra
+  clusterName: lma
+config:
+  documentEntryPoint: sub-clusters/lma/initinfra
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: initinfra-networking
+  clusterName: lma
+config:
+  documentEntryPoint: sub-clusters/lma/initinfra-networking
+---
+apiVersion: airshipit.org/v1alpha1
+kind: Phase
+metadata:
+  name: workload
+  clusterName: lma
+config:
+  documentEntryPoint: sub-clusters/lma/workload
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - sipcluster.yaml
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
@ -0,0 +1,3 @@
+resources:
+  - networking.yaml
+  - versions.yaml
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml
@ -0,0 +1,47 @@
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: subcluster-provide-infra-networking-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: quay.io/airshipit/replacement-transformer:v2
+replacements:
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}"
+    target:
+      objref:
+        kind: SIPCluster
+        name: lma
+      # NOTE: The SIPCluster CR accepts multiple infra service definitions,
+      # but we only deploy one instance of each.
+      fieldrefs: ["{.spec.services.auth[0].nodePort}"]
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.lma.exposed_services[?(.name == 'jumpHost')].nodePort}"
+    target:
+      objref:
+        kind: SIPCluster
+        name: lma
+      # NOTE: The SIPCluster CR accepts multiple infra service definitions,
+      # but we only deploy one instance of each.
+      fieldrefs: ["{.spec.services.jumpHost[0].nodePort}"]
+  # NOTE: newer versions of SIP will have an additional load balancer for the
+  # worker nodes.
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.lma.exposed_services[?(.name == 'loadBalancerControlPlane')].nodePort}"
+    target:
+      objref:
+        kind: SIPCluster
+        name: lma
+      # NOTE: The SIPCluster CR accepts multiple infra service definitions,
+      # but we only deploy one instance of each.
+      fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"]
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml
@ -0,0 +1,40 @@
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: subcluster-provide-infra-versions-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: quay.io/airshipit/replacement-transformer:v2
+replacements:
+# Replace SIPCluster CR images
+- source:
+    objref:
+      kind: VersionsCatalogue
+      name: versions-treasuremap
+    fieldref: "{.spec.images.sip.sip.auth.image}"
+  target:
+    objref:
+      kind: SIPCluster
+      name: lma
+    fieldrefs: ["{.spec.services.auth[*].image}"]
+- source:
+    objref:
+      kind: VersionsCatalogue
+      name: versions-treasuremap
+    fieldref: "{.spec.images.sip.sip.jump_host.image}"
+  target:
+    objref:
+      kind: SIPCluster
+      name: lma
+    fieldrefs: ["{.spec.services.jumpHost[*].image}"]
+- source:
+    objref:
+      kind: VersionsCatalogue
+      name: versions-treasuremap
+    fieldref: "{.spec.images.sip.sip.load_balancer.image}"
+  target:
+    objref:
+      kind: SIPCluster
+      name: lma
+    fieldrefs: ["{.spec.services.loadBalancer[*].image}"]
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml
@ -0,0 +1,92 @@
+apiVersion: airship.airshipit.org/v1
+kind: SIPCluster
+metadata:
+  name: lma
+  namespace: sipcluster-system
+  finalizers:
+    - sip.airship.airshipit.org/finalizer
+spec:
+  nodes:
+    ControlPlane:
+        labelSelector:
+          vino.airshipit.org/flavor: control-plane
+        spreadTopology: PerRack
+        count:
+            active: 1
+            standby: 1
+    Worker:
+        labelSelector:
+          vino.airshipit.org/flavor: worker
+        spreadTopology: PerHost
+        count:
+            active: 2
+            standby: 1 # Slew for upgrades
+  services:
+    auth:
+      - image: quay.io/dexidp/dex
+        nodeInterfaceId: oam-ipv4
+        nodePort: 30556
+        TLSCrt: |
+          -----BEGIN CERTIFICATE-----
+          MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p
+          a3ViZUNBMB4XDTIxMDMxNzExNDYzMFoXDTMxMDMxNjExNDYzMFowFTETMBEGA1UE
+          AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs1
+          ujCXS/HDS9dSOJWfotlrQj46V4oL8q5dOmLXSvqfISINzdXK9XrBo/1INQ2RmFL/
+          oXbCwvT1PhRkm/KS/LN3dgsbPjb6/meKsrLOpKPtTAm29+c7h87ZkwHi2LPZO+3w
+          bVp49ERCg89VjfIStvGefJvKaz1Rq3WTZN96216dSY2sShON07ELv4pZPJGjEHg6
+          U6c4UgMdnye3FUUxaayqjZbLKcN/mNkI7kMzy4e0RZ4Y3WTlr0nxDVuYiz8v9usa
+          rHO5Pu9w40FAudlmMrSB9Qj8ED/VtooW4qewm4oUdHrmzJ86vamWLll2keHt4MAY
+          5mG0vglWqm2zEL8jJWUCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW
+          MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+          BBQs35Wcd1nnNOP1YuzwousJxfATmDANBgkqhkiG9w0BAQsFAAOCAQEAbspb0RE5
+          vOeObqLY7JEMlNvnxbnHceIpltZpnq5ZGbDHEBUEyBUnDnO7UZrxw2qmDgvpUPot
+          jNxgWzDcxb7kuli6Ehc1Nbtm8HKFf3xx5d1dTBuPj8i6njB/3kVbYZOHGcFxku62
+          ac8KQT8EdaQdTtwoQLhfGl3P++afg7kfvcm962PKYWDGcbXbbJxEf1YDuy2dY2/Z
+          u5rOyAIhRSOm68edMhy/0Bdq3NBmT5icptMawEBrJXW7tNOnbSLu6qtQqSX8w58u
+          2ZnZouCSXMfLYKNuDWVuhe/WfCv9ZKr/Izcz1raBquo8yDt4qsxDPfix/QSqUxRc
+          kDR2hHk/Mfv+rg==
+          -----END CERTIFICATE-----
+        TLSKey: |
+          -----BEGIN RSA PRIVATE KEY-----
+          MIIEowIBAAKCAQEAqzW6MJdL8cNL11I4lZ+i2WtCPjpXigvyrl06YtdK+p8hIg3N
+          1cr1esGj/Ug1DZGYUv+hdsLC9PU+FGSb8pL8s3d2Cxs+Nvr+Z4qyss6ko+1MCbb3
+          5zuHztmTAeLYs9k77fBtWnj0REKDz1WN8hK28Z58m8prPVGrdZNk33rbXp1JjaxK
+          E43TsQu/ilk8kaMQeDpTpzhSAx2fJ7cVRTFprKqNlsspw3+Y2QjuQzPLh7RFnhjd
+          ZOWvSfENW5iLPy/26xqsc7k+73DjQUC52WYytIH1CPwQP9W2ihbip7CbihR0eubM
+          nzq9qZYuWXaR4e3gwBjmYbS+CVaqbbMQvyMlZQIDAQABAoIBAC3cZ3JqpKIvERqt
+          YJDbwRCCRa1LjXVh+/Cu8lvVlbUKeSKZFgDlq9nlEttewy9OR8I7zXF1fCmHo8hs
+          psVUkDI2lr0k4AZ0Nz9fDL0O01VB1DNp+n/LF3bWGyXPMQMD9qSm2XP5oFzEgHBC
+          V5J3Zt/T90b38r/rJ4WIJOYkD60I/mQ2oB9I6QsUDSxeH9a/L1BEHvGcBtfbqWlA
+          b7BBRBjRCdtbV67pFpspSnWmIwDBF3GNbjjPyWiRCicLQeZ+Eysc4GbeT89A76xN
+          q76uPH/+vo5fafm86AURN59QA6/qaCvrlE02gt9FbFW/cN0Bs7y3OSl2e8/si6tz
+          n4Nwq8ECgYEA4F4oAitnCfAKhHr501qaJk4uj5YuzQktANjPp9Bo5x/FThF497gN
+          KvumUlq4Z3H7ivXk0WEYb5v2erXtgXoj6o/uAL+5FQyRBpUDa5FpeAi64e0Vzhtk
+          UUd5RXoC0eITdF8zaXHJsYTNv6jDA33Flqkk7bioTWi0VrTFlwp5mRUCgYEAw1kB
+          HmuV1LSqmwXf/6NIO2mmSBLNWC4JY/qAV9HlCxKhv9fXhl99m0lQRPs2TZIYrkCY
+          Q0entaYY+2EQn1HBm7sdGnoy5tOYb9Lg89zzP23MJDLAQ+eXRTyl25W3qQVnrRzx
+          o00EFX6QhySbuBditiu75wjN1Q2IY+jE81MozxECgYBU6s3xpEOnOzZ/1ZtgJtZY
+          0RZGOe0UpPhnbaeKOBK8BwZB+dLyzrINJplYagWJAVbWzSIBLOJ2u2yaHOj7LCMT
+          z82gcu+1y7/H4fYdbDeiuosgnv61tyBMsuRvKzKOBSaf0LhAnFRd34mPlGvakmuK
+          DhJv9oecZJh8iIaQF+LV0QKBgFDDQHIqOqTZGNvEvwo6oIdns4aCt4Dob5t1GpC0
+          R4SfbF4bR5DXc9+6nMQYNCg36ZpJPGo8errf894iEDQ+IdRXtL2YnejOvGwm/Df2
+          Nl8X7tlcXh705ZaLb2rsaCUqBeYNXF2OXszgKbKl0Pd4O6hjRmlLO4YE9UmRF7Qd
+          wnZxAoGBAKN9LgEmOq3GTDbWvnKRDG8q1MjMOOLRuqryQWXF3KP/+oPB2XUrw7Eg
+          Sw9yBi8GZ6PseG1W5LnwT2vAeDaLRrAr8QrDmd+Aj+og7CVD82Gy/k8Uh0TyCUlF
+          DOY0q5Hu9iPlqk3ZQqGJKcms+97jD7JPGsPOH0+LcK9sEI6fJOna
+          -----END RSA PRIVATE KEY-----
+        CertManagerNS: cert-manager
+    jumpHost:
+      - image: quay.io/airshipit/jump-host
+        nodePort: 30001
+        nodeInterfaceId: oam-ipv4
+        bmc:
+          proxy: false
+        sshAuthorizedKeys:
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2
+        nodeSSHPrivateKeys: ssh-private-keys
+    loadBalancer:
+      - image: haproxy
+        nodePort: 30000
+        nodeInterfaceId: oam-ipv4
+
--- a/manifests/type/multi-tenant/sub-clusters/lma/workers/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/kustomization.yaml
@ -0,0 +1,8 @@
+resources:
+  - ../../../../sub-cluster/workers
+
+commonLabels:
+  cluster.x-k8s.io/cluster-name: lma
+
+patchesStrategicMerge:
+  - patches/machinedeployment.yaml
--- a/manifests/type/multi-tenant/sub-clusters/lma/workers/patches/machinedeployment.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/patches/machinedeployment.yaml
@ -0,0 +1,18 @@
+apiVersion: cluster.x-k8s.io/v1alpha3
+kind: MachineDeployment
+metadata:
+  name: worker-1
+  labels:
+    cluster.x-k8s.io/cluster-name: target-cluster
+spec:
+  clusterName: lma
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: lma
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/cluster-name: lma
+    spec:
+      clusterName: lma
--- a/manifests/type/multi-tenant/sub-clusters/lma/workers/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/replacements/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - ../../../../../sub-cluster/workers/replacements
--- a/manifests/type/multi-tenant/sub-clusters/lma/workload/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/kustomization.yaml
@ -0,0 +1,9 @@
+resources:
+  - ../../../../sub-cluster/workload
+  - ../../../../../composite/monitoring-stack
+  - ../../../../../function/minio
+
+namespace: lma-infra
+
+patches:
+  - path: patches/minio.yaml
--- a/manifests/type/multi-tenant/sub-clusters/lma/workload/patches/minio.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/patches/minio.yaml
@ -0,0 +1,17 @@
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: minio
+spec:
+  values:
+    replicas: 1
+    persistence:
+      enabled: false
+    existingSecret: minio-admin-secret
+    buckets:
+      - name: logs
+        policy: none
+        purge: false
+      - name: metrics
+        policy: none
+        purge: false
--- a/manifests/type/multi-tenant/sub-clusters/lma/workload/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/replacements/kustomization.yaml
@ -0,0 +1,3 @@
+resources:
+  - ../../../../../../composite/monitoring-stack/replacements
+  - ../../../../../../function/minio/replacements
--- a/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml
+++ b/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml
@ -1,3 +1,3 @@
 resources:
-  - ../../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
-  - ../../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
+  - ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
+  - ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
--- a/manifests/type/sub-cluster/workers/machinedeployment.yaml
+++ b/manifests/type/sub-cluster/workers/machinedeployment.yaml
@ -2,8 +2,6 @@ apiVersion: cluster.x-k8s.io/v1alpha3
 kind: MachineDeployment
 metadata:
  name: worker-1
-  labels:
-    cluster.x-k8s.io/cluster-name: target-cluster
 spec:
  clusterName: target-cluster
  replicas: 1
--- a/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml
+++ b/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml
@ -6,7 +6,7 @@ metadata:
  annotations:
    config.kubernetes.io/function: |-
      container:
-        image: quay.io/airshipit/replacement-transformer:latest
+        image: quay.io/airshipit/replacement-transformer:v2
 replacements:
 # Replace the proxy vars
 - source: