Add reference multi-tenant site

This change adds a reference site for the multi-tenant type, adapted
from the airship-core reference site.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I7e1518f6fc960ba49d40af79e4bb052251ce749a
This commit is contained in:
Drew Walters 2021-05-07 18:26:55 +00:00
parent e046a3d5f1
commit 39e624fdfb
67 changed files with 1200 additions and 0 deletions

View File

@ -0,0 +1,22 @@
# This patches the node02 BMH to be suitable for ephemeral purposes
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
annotations:
labels:
airshipit.org/ephemeral-node: "true"
airshipit.org/deploy-k8s: "false"
# NEWSITE_CHANGEME : ephemeral node name
name: stl3r01s02
spec:
online: true
bmc:
# NEWSITE_CHANGEME: ephemeral node redhish api endpoint
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
status:
provisioning:
# we need this status to make sure, that the host is not going to be
# reprovisioned by the ephemeral baremetal operator.
# when we have more flexible labeling system in place, we will not
# deliver this document to ephemeral cluster
state: externally provisioned

View File

@ -0,0 +1,11 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: The ephemeral node name
- stl3r01s02

View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../function/treasuremap-cleanup

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/ephemeral/bootstrap
- ../catalogues
generators:
- hostgenerator
patchesStrategicMerge:
- baremetalhost.yaml
transformers:
- ../../../../type/multi-tenant/ephemeral/bootstrap/replacements

View File

@ -0,0 +1,4 @@
# Catalogue Definitions for Target Cluster
This inherits Site-level catalogues from the neighboring target cluster's
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../target/catalogues
patchesStrategicMerge:
- networking.yaml

View File

@ -0,0 +1,24 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
## NEWSITE_CHANGEME: update file with ephemeral node ips
apiVersion: airshipit.org/v1alpha1
kind: NetworkCatalogue
metadata:
name: networking
spec:
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
# NEWSITE_CHANGEME: Ephemeral node oam ip
host: "10.254.125.231"
port: 6443
# NEWSITE_CHANGEME: ephemeral node calico ip and pxe ip
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
ironic:
# NEWSITE_CHANGEME: Ephemeral node PXE network
provisioningInterface: "eno4"
provisioningIp: "172.63.0.12"
dhcpRange: "172.63.0.31,172.63.0.126"

View File

@ -0,0 +1,11 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: Target cluster first node
- stl3r01s01

View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../function/treasuremap-cleanup

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/ephemeral/controlplane
- ../../target/catalogues # NOTE: use target networking for this phase
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
# otherwise nodes will hang in 'registering' state for quite a long time
- nodes
transformers:
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements

View File

@ -0,0 +1,12 @@
# Note: this weird extra layer between the .. and ../hostgenerator
# is purely to apply the label below to the generated hosts.
# When can come up with a better way to declare (e.g. via catalogue)
# that the host is a controlplane host, we should get rid of this.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/ephemeral/initinfra-networking

View File

@ -0,0 +1,5 @@
resources:
- ../../../../type/multi-tenant/ephemeral/initinfra
- ../catalogues
transformers:
- ../../../../type/multi-tenant/ephemeral/initinfra/replacements

View File

@ -0,0 +1,18 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
# Note: this list should be kept up to date with
# the full list of hosts in the cluster
## NEWSITE_CHANGEME: list of all the hosts
- stl3r01s01
- stl3r01s02
- stl3r01s03
- stl3r01s04
- stl3r01s05
- stl3r01s06

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/
- ../../target/catalogues
- host-generation.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../function/treasuremap-cleanup

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- hostgenerator

View File

@ -0,0 +1,40 @@
apiVersion: airshipit.org/v1alpha1
kind: KubeConfig
metadata:
name: default
labels:
airshipit.org/deploy-k8s: "false"
config:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
## NEWSITE_CHANGEME: update ip with the vrrp k8s ip
server: https://10.254.125.239:6443
name: target-cluster
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
## NEWSITE_CHANGEME: update ip with the ephemeral node oam ip
server: https://10.254.125.231:6443
name: ephemeral-cluster
contexts:
- context:
cluster: target-cluster
user: target-cluster-admin
name: target-cluster
- context:
cluster: ephemeral-cluster
user: ephemeral-cluster-admin
name: ephemeral-cluster
current-context: ""
kind: Config
preferences: {}
users:
- name: ephemeral-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
- name: target-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

View File

@ -0,0 +1,7 @@
resources:
- kubeconfig.yaml
- ../target/catalogues
transformers:
- update-target.yaml
- ../../../function/treasuremap-cleanup

View File

@ -0,0 +1,69 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]

View File

@ -0,0 +1,6 @@
phase:
docEntryPointPrefix: manifests/site/reference-multi-tenant
path: manifests/site/reference-multi-tenant/phases
inventory:
path: manifests/site/reference-multi-tenant/host-inventory

View File

@ -0,0 +1,6 @@
resources:
- ../kubeconfig
- ../../../type/multi-tenant/phases
## TODO Consider making a catalogue combined with variable substitution instead
patchesStrategicMerge:
- phase-patch.yaml

View File

@ -0,0 +1,12 @@
apiVersion: airshipit.org/v1alpha1
kind: BaremetalManager
metadata:
name: RemoteDirectEphemeral
spec:
hostSelector:
## NEWSITE_CHANGEME: ephemeral node
name: stl3r01s02
operationOptions:
remoteDirect:
## NEWSITE_CHANGEME: URL to the ephemeral node iso
isoURL: http://10.254.195.209/ephemeral.iso

View File

@ -0,0 +1,5 @@
# Catalogue Definitions for Target Cluster
This inherits Type-level catalogues, and adds in Site-specific values.
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
customizations on top of this for ephemeral use.

View File

@ -0,0 +1,96 @@
# Site-level host catalogue. This info feeds the Templater
# kustomize plugin config in the hostgenerator-m3 function.
## NEWSITE_CHANGEME: update the whole file with the site specific host details
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
labels:
airshipit.org/deploy-k8s: "false"
hosts:
# NEWSITE_CHANGEME: update with the site specific host details for all hosts
m3:
stl3r01s01:
bootMode: legacy
macAddress: E4:43:4B:EE:F4:CB
bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.230
pxe-ipv4: 172.63.0.11
storage-ipv4: 172.62.0.11
calico-ipv4: 172.64.0.11
hardwareProfile: default # defined in the hostgenerator-m3 function
stl3r01s02:
bootMode: legacy
macAddress: E4:43:4B:EE:B0:43
bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.231
pxe-ipv4: 172.63.0.12
storage-ipv4: 172.62.0.12
calico-ipv4: 172.64.0.12
hardwareProfile: example # defined in the hardwareprofile-example function
stl3r01s03:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:D9
bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.232
pxe-ipv4: 172.63.0.13
storage-ipv4: 172.62.0.13
calico-ipv4: 172.64.0.13
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s04:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:DD:0F
bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.233
pxe-ipv4: 172.63.0.14
storage-ipv4: 172.62.0.14
calico-ipv4: 172.64.0.14
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s05:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:2F
bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.234
pxe-ipv4: 172.63.0.15
storage-ipv4: 172.62.0.15
calico-ipv4: 172.64.0.15
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s06:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:F3:B7
bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.235
pxe-ipv4: 172.63.0.16
storage-ipv4: 172.62.0.16
calico-ipv4: 172.64.0.16
hardwareProfile: default # defined in the hardwareprofile-example function

View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/multi-tenant/shared/catalogues
- hosts.yaml
- ../generator/results
- storage.yaml
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml
- networking-ha.yaml

View File

@ -0,0 +1,19 @@
# This catalogue alone needs to be overriden at site level based on the
# networkign requirement like HA
## NEWSITE_CHANGEME: Update the file with the vrrp ips
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking-ha
labels:
airshipit.org/deploy-k8s: "false"
vrrp:
# NEWSITE_CHANGEME: Update kubernetes virtual ip and OAM interface
kubernetes:
interface: bond0.61
virtual_ipaddress: 10.254.125.239
# NEWSITE_CHANGEME: Update ingress virtual ip and OAM interface
ingress:
interface: bond0.61
virtual_ipaddress: 10.254.125.240

View File

@ -0,0 +1,120 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
apiVersion: airshipit.org/v1alpha1
kind: NetworkCatalogue
metadata:
name: networking
spec:
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
# NEWSITE_CHANGEME: below is the vrrp kubernetes virtual ip
host: "10.254.125.239"
port: 6443
# NEWSITE_CHANGEME: first controller node calico ip and pxe ip
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
# NEWSITE_CHANGEME: update the first controller node PXE network information
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
commonHostNetworking:
links:
# NEWSITE_CHANGEME: PXE network, untagged
- id: eno4
name: eno4
type: phy
mtu: "1500"
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 1 port 2; the first NIC in the bonded interface
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# NEWSITE_CHANGEME: 25G Intel XXV710DA2 NIC 2 port 1; the second NIC in the bonded interface
- id: enp134s0f0
name: enp134s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
# NEWSITE_CHANGEME: update the bond link interface name
bond_links: ["enp94s0f1", "enp134s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
# NEWSITE_CHANGEME: OAM network
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
# NEWSITE_CHANGEME: Storage network
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
# NEWSITE_CHANGEME: Calico network
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
# unused for now
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
# NEWSITE_CHANGEME: OAM network
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
# NEWSITE_CHANGEME: PXE network
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
# NEWSITE_CHANGEME: Storage network
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
# NEWSITE_CHANGEME: Calico network
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
# NEWSITE_CHANGEME: DNS servers
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,16 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: storage
labels:
airshipit.org/deploy-k8s: "false"
spec:
storage:
useAllNodes: false # We define per node/per device configuration below
useAllDevices: false # We define per node/per device configuration below
nodes:
- name: stl3r01s05
deviceFilter: "^/dev/sd[bc]"
- name: stl3r01s06
deviceFilter: "^/dev/sd[bc]"
---

View File

@ -0,0 +1,16 @@
# Override default controlplane image location
## NEWSITE_CHANGEME: update the file with the ephemeral node pxe ip
apiVersion: airshipit.org/v1alpha1
kind: VersionsCatalogue
metadata:
name: versions-airshipctl
spec:
files:
k8scontrol:
# Host the image in a locally served location for CI
# NEWSITE_CHANGEME: update the url with the ephemeral node pxe ip
cluster_controlplane_image:
url: http://172.63.0.12/images/control-plane.qcow2
checksum: http://172.63.0.12/images/control-plane.qcow2.md5sum

View File

@ -0,0 +1,13 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: update with the list of controlplane hosts
- stl3r01s01
- stl3r01s04
- stl3r01s05

View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../function/treasuremap-cleanup

View File

@ -0,0 +1,41 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes
#- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../../../../function/k8scontrol-ha
- ../catalogues
- metal3machinetemplate.yaml
patchesStrategicMerge:
#- versions-catalogue-patch.yaml
- patch_controlplane.yaml
transformers:
#- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
- ../../../../type/multi-tenant/ephemeral/controlplane/replacements

View File

@ -0,0 +1,19 @@
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: Metal3MachineTemplate
metadata:
annotations:
config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml
name: cluster-controlplane-2
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: controlplane-host
image:
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ips
url: http://172.63.0.11/images/control-plane.qcow2
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

View File

@ -0,0 +1,11 @@
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
metadata:
name: cluster-controlplane
spec:
replicas: 3
infrastructureTemplate:
kind: Metal3MachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
name: cluster-controlplane-2

View File

@ -0,0 +1,15 @@
# Patch the versions catalogue to use the site-specific local image URL
# TODO: patch this in from a site-networking catalogue in the future
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
spec:
files:
k8scontrol:
# Host the image in a locally served location for CI
cluster_controlplane_image:
## NEWSITE_CHANGEME: update with the first target node pxe ip
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"

View File

@ -0,0 +1,32 @@
# Secrets generator/encrypter/decrypter
This directory contains an utility that helps generate, encrypt and decrypt
secrects. These secrects can be used anywhere in manifests.
For example we can use PGP key from SOPS example.
To get the key we need to run:
`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
and import this key as environment variable:
`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
## Generator
To generate secrets we use [template](secret-template.yaml) that will be passed
to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate`
execution.
## Encrypter
To encrypt the secrets that have been generated we use generic container executor.
To start the secrets generate phase we need to execute following phase:
`airshipctl phase run secret-generate`
The executor run SOPS container and pass the pre-generated secrets to this container.
This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated).
## Decrypter
To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml).
It will run the decrypt sops function when we run
`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/`

View File

@ -0,0 +1,2 @@
generators:
- override

View File

@ -0,0 +1,2 @@
resources:
- ../../../../../type/multi-tenant/target/generator/

View File

@ -0,0 +1,28 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:v2.0.2
envs:
- TOLERATE_DECRYPTION_FAILURES
template: |
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config2
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
envs:
- SOPS_IMPORT_PGP
data:
ignore-mac: true
cmd: decrypt
{{- if eq $tolerate "true" }}
cmd-tolerate-failures: true
{{- end }}

View File

@ -0,0 +1,2 @@
generators:
- configurable-decryption.yaml

View File

@ -0,0 +1,49 @@
apiVersion: airshipit.org/v1alpha1
ephemeralClusterCa:
crt: 'ENC[AES256_GCM,data:6uQzsPDu52M507lC9AWv/j70+JefIZ1N/R5ZKTtKMYxwQWVTFn6vXJrT1Sn62gqS3BrtXD6ZXOH3g5ISETgVNHfG5c8VuXlx3cg5MVDPJl8aGWD2MnoG3mcfAiotoKMF1cPTIJFVw8C1GFOINTM9AmVYzxURs5CHsi4pkSSYShLivy5OEm1dSMyV5X+uAndEyAChMQoBp2fq0cuMu16o80s0SpRo0KB3CfVCKjaaajLZtKadpGt90UgpTUdTRIofQyNucaEmqLQbEZw/SwN1jK88ulC/vtHoKZuxDZtk4clITqiTqTAiepjHlmyTpo6PK+HvM2K+ZIWRCzKy3NTtS4iOEL1kVfWtbE5Zemqwh6hDuHH/IuvjIxcx6twZFOEy7+iqsAhxYZYMXqaUHPIMbAw0jguqMc0Li5pjlwGR8pIxT+VdZ/oQV6E4t/enpEVJ/8vrIJ5fu/1rbV8s2vHgxFHO/r740Do1UVNjbq9CMxEAqi4sTUaNNYBxRIqfXGsjOsosolIMy1YmTfoDJ7iqf5do1eVOId6gWeBJQYwQR3YLzk2j+MzN+GRZUMXYAspE/FmAbytaKnk8AVHL5AqklsbDHmDimc4hee3VmNSQBiNDUbIj6vD9R9PuyPDO7IDs4cZxcyFwfgq/z6LT5GwEh/pmT8bIIb96fTAeWkkLA/XvaTuT3xqzrT7NBl8trlLLGsqct5/07o4QdbGBRtFc4wL6LDyq8MF5pHU/PRcgOl41E+2KECSdrJBJltRvOE73sd78nkkCq2O/dMSRKpb2sPW9K3IQYlCurpShYGP1a+p2H50O7/GGz7+E+4rymzJ933IWA4T0YNFWZ4EFDsGccDxDC3r71iX/9xd19xvZZWU1JowQ1OcPzTdpa1YhDIuqgKeIekatKEtLDhXHsaIbA5CXKg4Ew6BOx2lBLMgx1RnlReIAzzWnYyYb03awHJIKpfM+mKDSN1kQ6Oc5iLmKshFqCB270+KMna+r2hdvnXqhtTkM/pZge5QCIrtGkPc0jqHXF+0UutVuTVk5dejhqdeT3ITYP6eZj+/CPBm1a1Ms/haPJc9SA6r9yJUWKthJQCGReey7glzVzHs8FtbcZqr/xDDMYCDT84GNIo4RlsCqm4EXR8cpumkP8YVMQOzCSuWmS6NYDk7JrSRYiO5cdl99PDrSGNyVj6LSEJuDkkfuiFHR1SbqLhwNDtSoheHMtBJ6rmqPsGRe6UhkOETU5RkNiPAubJfqAGGl4OgWNcKIM+Wea5d+MYJPpXPbLCvN8eWIo3VyhO+lhnwUxle2Vp0sR3XoPNsnU013O6GmsmNvTnqa/CHGjDinL7hQioBZpzx14+IeHPMoHLjoL7bStJqoSYoC4sPnI1F7Zo7KEXaybwqW2A7oIoCOsLkqO3PP+LaR8aZBtWmQZ/buchWVOT1D6vwowAjbrfYmGuU0VZiY74TuX53JS3KCJ+sn04CwHZBpoHoAAmy9Yo1bfuzOlI0XGxWP8jGBwzQtJddoBEV5ziussvfYSHDDLF6CL1IRWwjj9YHz2w+8IzA232aMO2eRR4+TbbmOzI57WzlVsd7nBN63lPfPtne6MBtxiQuq2pALqHP897a0DocuuAI0xfaO5YYrLQ215lb4DxIR8764T6bNMdcHBo7/TgZfs+QS4B72WM1p19jCHRxAan0cJ+knKUERE5koJyshdbl8cRJ4kL2amk5mT27Q5Ek5mNHnwE6nrrHQXK4VrDG3v4IfgRQ6wP6525RUsjrWGvxCj8Am8JXtO13JfwMpEcWTZK86cMDAYXXLiu1KOlx295qnrWaJzknRzY+Nb2DYsoDe92zs7fgy3A7d4JRGZkjsCV45EYxXdUpSlRaMCj16urJ/BrdmbJ6ccw/PKDqxnWY7JQ4NFAoEC/BrgHpSKBT53xku2Nxmz8ktt4AvTb59rjjfAEkMDjCaLmGz+RKIBQ==,iv:aKqk4ruA0/QtbBFnr6mBidCrnEY2uQ64swqO+SysFkc=,tag:Uzt+Eu7l1mf8DzJr4E+KWw==,type:str]'
key: 'ENC[AES256_GCM,data:U0U76Jf7YNIqMRoWrlYcOpi74tYKflDwE6wh85Mj85f/bBMrY2WdmOFmqiL61v02SBahXnBCHrQw1wSBxmqAdP26W4kSLL94NYBFUvwJIQwbKU/Cz7sQpiEYFWRuc2De0N4ibzS6//vINSMV+yi/G1aSbpOlxzfSH2upFcH2yGa36erkLgdY7AsoW/YOOUMYWLWsgsXUkXnkzu0+44nLyGOJwnuLW5gb6/Ci+RWKklKfI69pe1Wkb8Av6zNhI29CnzwFclkVX6I1PWkvouayLusrzo7nwy7mHxbI8j4Xfq9YNb8jSg9nS2ibK9LtQ5BzcPAa7BlP6NGavCu0OJauQ0sgw124kaWsG77QmpxFiT0TdvqnTVu3vEI3f/XZG2c/sWXVA8FGZ31F38mM68KsDMlusXs3hUOJf7QaUw+0MeK8lmz8t3vI0UANXRMSt2fEVBaho4JoTsbgZSvTD/RZ6YwI2a1uoPdNKPh7F8i0rLOaCNgPLVoKAcV3M2mEhodJNZAI0ifa7sdQuWNQ0fbPwGh+dXLKQ8PNjdXMgn9JINLYRKDRD+eRFWPV/WuwepSjtD88LGJmQ66GjnCqXAOFo5RcHmPEIYM5o0x5wqf/ibmgheuUUBJVnNvgH2ZVqMH8oNyr3OfGxfgEItvA7LgQ6ao1ympnCnXZvpu0m04UqNmebsuEnqH2EB/MIBk/5UjyMHTt4X52S0RpmXU8CDZKj9Xk9VFDCcmWnEowMHl9i2CjRwMb0g0b8fC9A4N6P9SbzKX7usUJsa1tSkra+Dn3C7vprOunvE1fQiQM++K2KixP0OjeP7TbAyMkHTszrfxdvJT7V6Rb90behJaaDb1pZAva1SMQ0vudV844t+NLi96VsqpNptx7AKhzSsRrzz2kuhdVf1dr1JinR4h4cVSwQCjZCcxLDt8do/d6BgHuvHWQBBGOM4AqMOyIKGm3G0ZiW6j3WiCPmiWou/6cRFu2AqgVWgRludtcgZaTs/p5k5gVFVzNtkocfg4hluP0zk/zJeOdU2zZ/XuxDuNeA4MBHTZ4qzzKgMLVMiMWsQ927d7J2h9w6kvmoXKrKZH/oB0R4a2pDYiBpag8DOm8P76uLeaKlgj9EQH2eK1KO2998mZwDGS91HWl4O58SjSENBZFr/thgzqFk+2C80/abMjofziXrsefuJOYP8L5LXTGyV11qsjV0HDRZhlcvsIW2q66t91lW7WNzYoxDBNQJPq1nSEewF3tvDT4BhtDAjioO5fVVyUyI7bAxRcCZ+E3wjDF7uw7yngbyHP4spYU6xi4kJhQEXvBOqFt1N/aY7etlfCn4daMNQK6u385XIcSAq/HgC0D3jqJTil7HyxF21fwQCorK/G24ELzjW0SfYUFDHAeUKj1VkU2GqAO0uCGklcx3wpcH6QvSQMGid8yRbEketsXw+H0CBloWAptdLOZj9LhwR0lXlvooYuDGTEoQ4SXx37kscRDcpWggW6NA21wIwQM5aX4kuhvvsdEpOEd4lUdH4LGdnRTHCdldFK0NxTuGuf8swEDYbVUjUHwMHIzmtNG5SmKahPMwEzg2YIV1BU8z+nXbT2XaOUD7hXfpWdGx0BkQIeIZL6bNJMDuvmjtaoDq5CywmyOIkrQqSEGDNyCQJLGBGPD1QjfkRbtmtB2gVyyQTuPqI3hjOuSZ8ZBiTExkXYQvK3eNrij7B9n6q43pOjJ9zaoHjHx6sMcBMF8qcSNo7xoD5Xd0Owv6USL+tz+n5zcnu4PKnYg1ZdfzxcQbwKUZ21SEVGW+ZU8KpNtHjWB7oQ8MTD5wjpqsUzgYdkBypNcRWBgmzCsZwcxR0LU3qRGDGe9eSHyk9JRgzDuWfmlFsOb4UHZQW3SRY16xokFaXcpcu002GX0n/puS60fLsUr5/raEBF9vCPC4miucCQ7wJ7cCzsRc2fBx2osiMiTCDPmVK9QpxmQ/4fMnOZo4ocAF7cSesqZvPsOo086K2OeU3vr0kQhtFTYojFGM04zhd+d87V9GiYUR8ABwAqaqg4Xk1gh/oputa7e/y7NsByv0DCKOQxw4uKDNBf02WvmUnGK0w6ka6ZQmT5+GndTY/DdUvxXTUZqoGZf0TPZS7PrJFWmkUn9hwqIlSTNtY1WwkwWSbvKTswe1sgfL4Zs6u0tecPiIebRIYopNlDSMbk0LnKLo68Xg2zxV0bKU1iyMzyobh8/mhLIVAo7NS1za6ksH2km9dG1IUjVJIxtHjZqQ2BgOcbLEqEA1+J2tuKxc/lHqR39OxwDObei4bpXJqfWPEG4mHVGFMNWkj7H11cnBmX+GWEbEBXarQCZezRh++WROFmmylfdy+QlzD+bwxT4A37a/djWY0n27XdRwVA2nVGdBzi8aBSFws/lOaaGHJnpotFw9xjUuXI8uiN1eGhaWCzU2VBWYNutjKBJOefLYf7ahpjphUv6W7uYX+15leuWK5RuCwL1G/PmjdLNMzynhxgNmW+xvmNI7WrqLrfGciOqkxPirUq2tzvXdCAHDanS7Ckui04tEswwuxyaY0PMf11ku9XzVX7rn/OhxjYjck7D7O9S5SYWI+5u20Vjrv+gIYPI/YSLPNxacmk4GYWUGkafSRgDg180JUtKDmquaz/rZVUBC7wVnJV/Tv2aTs+iZbWhiGqY/4wepo19Lxzd6wBQNPfrN+d+BjTDVmPaCy88lloXWJBsTIuWz7mmANV/LMkNYSA5poCL7rRlbvgaOsaxBQ1yslmJ25G9oaLU0mj6SEfoK9/aZchAmBB8u9s7DzQLaW9HmfgHcLuU1XyWRm1nIeFFqrbBnS0fdEOTkExXI92+vRlM4DbqdMOtpZcZsUMiXvKKFRGhuZRxbY8HujqLHD+298Fk6y+GjcH8+Yfm5euDLp97/tImUqjUb2Fqdw/7aJKrR7zzWHPp/rbJtDUKoW1lvHaK37+eT9MF23Dl4Dteu6ouPGjaY3z/EUINU2J8E7HuwNjdQiw=,iv:x2TJ7k9fVfblb/WZrUP6lgc4xWg4Fop2T6oNfI6G7rY=,tag:MTLldXBFI16om6D5cDNcuA==,type:str]'
ephemeralKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:Mx3R3AOO/a51bRTZ0lrp2KoSsQHaiVByXi8OuRkL+Ka2h0dt0PuJ+0XmvJNPUjc8Iw2DQ5MsvZ4AhbrNcaTV63ZH7HpeR1V/bFbqj2T0QzHVCzuZlpjW2GFkzMaDBFSCFmeLhB7KsK0chTkvIccd9VhSrwA4wukgY2Wy9r9WSBeZghV6yteVwIANz5qLTL2qalq73IYFbMGkQhhsc0sKw1X6CLSfz/1Cm5r5MNWtGnrnZTAVLQeF7ZcryqloMwRlDUBblWoM4oDIiA1UmpLmzCzOgNxAkNF2p3ci0WXxYtCDyX21lcYhDFOk83lYmIzUl/ufjJYdEWCfEoUk0Tsz8LusCsjm03vn3pPCpwaBfboFw4DisAkfh/nmvKd1rO7nrcWK0yrSjaNuqoGxW7I+GpFoeXtiyYKMk8konHy8r+U91kLW419lQ8iWxiQ1RyK2tgNj/3mzx6EZ6VnKbz7D0IA5+1KVXPOtF4TGQJD7VHb/xZhkTAy+XxoDgbMMS1EqfgFVS+/Rqp+V19VUjOiQg4WMleQoWT59xh78oBZFKXElK2neDmym2YLASeLs8nKprjWAVdlUAb4zX/AqRdky/+am402ifzzWDXe6IOh9Q6l0ZUPM+S2D99yG+JVlTtvtcmtmGu1ZneS8DgpEMMh70kGv0nr24YbhL0eJMmkZbIayiWMjsNkMk4JGzkZi0a4OpopUkrO4R5l+smVkNHtWxhxUy/8sUqzqNyGtzS6b8ygB6NEd1uTf52CqltyV1+ZOZdl/Qkb8a4BtwYdbb/kOteO9SFUv6kaUabaFyUCAo/EoxqraIREnmuJCFnIp8h1TzWN8om8UdBsZdPKlg1nv71WqxL1ZnZ8LgRClD/6dtSCcq8caECH0l2sP5dmctx6IPQJd/YUDW4RbLX9NQqCRlx6LR0jv5lN5I5Qr//07k5KDieNku6+uBnS3LMzgKKbN6swMjT1TMje4XEuolaiDjKAcsMb/tEJFwDYfSROcs5vylLJDwZ/DIo5m/c46i9hJJgzKHs1PpNXX0bbWR/M3Pk7fARF+hirdk7971FoILWcRTQZo2UMF8QJPh3MQRs3dOKIPMugDNTan6ftnjA0+hzwr94TknYGCEv+XH4Y61nWGZiTcv2tCt9JCGdXNARZLc3RtporxCtiAE8fMol9oso7x5sMqmuALl+iLfjpqzUHoXNJ9slipLH1RWDisGJXSQkEgrQ9h6bhUaOzuUeauYxnZBETfBZBmSoah2NDOOGcywGDDo03sRleaRVguxSZvftWtUb6RhHSj96qDbh+urbdW1PhfKs6M//XBMmLw5zlulYXqMaDvHeBRL4mSf+ZKNCFFCC/RJxGuT6hcuWOBwe0ZdCugvkVaJgqx32Fyd/YpHDPlFZEQb8/T0wP9M55jLg5Vm3voDzA02+UIZZFkSqbT5ZrmP+ScXE7HCFXLFBA3TBh8N1f5obuH0rbENvYFkBlEtIaAU2FkhPCpHJworrrIdpq/byQB9Jj8X+yhBh4y2vdSGT9faUDUB0S0v1fiD92IXJKzPKlpId3a4/bXXGl9tTVSQ01lPGSJf9/s2WyrRf6lhPuKY+bapWcs8ydNWGYhCccmZ4OHaOPbwGwks7l9RLTjDJzTr3ntnDI2DnbVENKdhuAEkavoElmgGSMscA/8sseX9FeuZLBvI4fKyNE4F9ZzAhUWe8JYulnw+oimizCLCAC+t9Inixda+dLZWJLbUEg17zvB5dS/aMZhO3dFUjn1/jGO2zbZo/SxjaHyi/WQFr5mZcLvwU+Zdyt+TRAbcV9sOy2tWUDp/xlRYAYqdeRBMly0lAoItUfa+jftUtR17l23i7UcMLs68hZ1NyuoEhKKDteRW8epgsbjmPfq8a04SPBW1XBZ8ujubf+UxMhTlvXdXKCQ5lIvlZE81Ezk3PuRfKXiK2ckCHjzyxE09pWkZXESAmdqKg==,iv:1WkqcxzVLVfrmBMCTZ48q9JLRpEkBgioGatSU3j+WQ4=,tag:VmKsG18InwFczeME1PUlZw==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:85hKBjZyixCRv4c7zptdAeh0p8a4F+yYXssxGUfhYNwfYAY4DTHAxoLsYeNcy2ZdNUDoIBrQu8BuqYxRnMkY4RcT+SzWwGEKN2yQe+Wm9pGRcXAB9xz9A1nPHgxRO0ogVcDR93bJYEfsIhx2ws0pSTw+Zn7LGFoDwMRve7xXmMoxyYKHj7L00dDb+fp0a2rghC4Mcsy/0rijSWcvnm1mC084oMl/J5dj6tHIR2zEpgWtX8wRH34vxxkh8nyghuDQfOElheZ2q1Mho3deHtDxJJ4Kk9nscCULYU0HRjBghsexvWvGEWn+kDUCFAvSe9o/nkWxYiTt3+dM1ifDusj0+NzjBbLJvZ24ZkLjqgW6jIxVVCiD8Ky4kTAOfvlFMoRsLiezGvGbkPj5eTtcJOR+ukhMLpabKqpK6GDxohQfpD+SNYmKEmS3Z94K7oJ3d0OAPCE/qgac1AZTbDv1/buqWexT+zus9CjsWbgmIeJppWtWPHsUoqVmM5teB8zs3Qfd7IJj8ZtHZj1l3zLf1lIE7GBgToCwVPjc3opSX2lmekOt6gMmAfXYKNwOypvRhe2Fm7BAjrck3GZYj08rEffDHdO2/2qFq9qknKHmS7mJZgm3aZZh/+eDr6HVSLYztTXMjHKdzIthnsSvtX94Mr6nkjJMnMnOuFGnC0b5VKrw7ZHktLiaqorerVaYsCXr+TdQrIYkEguKlzQbnmpztGjCxN9JiaJ45Qxzzijxdy5ahlNmpQbrgBWBgZjjqdOuBJrBKNkzKyWikFk+jBsfKZkiHHT2Rw2+uu3Xz/LTc51vNLfFvwKr0XTa1i/hQnxtI0YlsRm4SVornTsSdQjmadCrz/NvuPwJ2lyFZirxeZsajBHUJ/Obk7ssevFXY0Sel2kajkS9lNu/CfMBz18PNb/+1T7wCP7RJzfFnnuLYrRLbCw9ihKNtRqkfBZA4X5Hf6ZKjmM8ifYqg17YWDk5SFUDJvVt59Hyfr1uazdHIWlovr5bju9TfGXH9ylWm8Ms+AB6935fBNnwsnN1tu4yOO9voD2dc3X97xqlqcr0fOhTIkFXlyAlILRAb0wywFAqDX8yrpIdtXzlY+iobSj/phXcHCb5mdvgrcKCrkOmRMhIhHmXZ8g+fBh52gpxVjkEwcmI5/vls63UbwC7NF/fnDUZeW8sq7aExFL7a53ApVoeXTRC+eDrLecI87Ehfz7aGGKIHa9CU81eM/W9BOsM/ZFLsx4fK3Tgp6ZVHYXvGc2geJskovhJuEyk41OYtGVYXZ/OPECrHFaj7za5zFxS2/GeEHkI8qau37d8gtMJCn/SuEP3hBJPkMt9S0OIYgl6jnKx66+TY808GtlDaOGr8U94oGhsnzw6zzTMWYSMKyoK7yIQwOvZKsoS/G7nI8wa9gm2EG0+Mn6Q+2pZL81EucvbTufDqUwnrV7KJeEF5wR1cM56BvZefi9Y67FeF8NNJV1RClzcZwg520qXKUU35PdYyivuKe4UqfkaKfltOUmLoEPp1fTad+2HoeeZFQr/b+6zAI/If9Z5j50IlncnaBOuGMsm1qxUrtpNR99gCswM5VJm7G0Rq7/ykB9cCcgdPJ1Yem5Ktu3+nRQNi2LviY49h8xrM8bPd3YvpVIpIks7d8dX6vV2jHF6CpIqfLvqWePiNeplLJ/C9kB01E3LxDgi0n7Vm1zQoBNzFjZMtHIYJX6abZAQUPwtN5qmJ56FFL7TZTNk0Oskw3khDj9NVphb85nDHGCt1LL5r45uVhsEXU+OaIB5tZZIZRs3kLpt3GLRHomOJKbxpExdjw1e1GqK4JFN6v7Rr8BmSZi+4nCGrg6rdFE0iopmsEla4R309mS2XYrMn2UJEcUDnnsmZD/UVeS27xQl1f3EK4fruRobbEQszWkDSYQ8RuJIOihyjCpIfMuW4N4G+znepub8kEMNg/eLgFw5X9uEoVJg8RW2Q6nJE+coMt/sKPILVlfnSFLy,iv:X/ONxuQJ3EVMe2RZLlR+mwu2cKtP2JFGztWNjOklP/I=,tag:9a6KFR/WldtUasiA1iBmuA==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:hPeSh6qEUcnok6HgHm0eVB98kOqwjVYDM571D/kAvttm4XFX52/eNez/Mc8zyvOwv6P7QCOmJQTH1BQwyaJS5rD8CeuFWP+igCF4KLIo+8rqhLu6FWZzRblSKWnZhb/LHeyEl6EDZz7aA5njbEdXrlC8UkiJMu2xAuAE7a65YVag53AWcvF4K50BqRxNtGnSCMA88vLSXEagCGbyZeMRgJmA8neJTzsFCNXCMpGGEiGIKCsotm2xyBqGClZxcI1+sqCZag4s61rlttBYlrlKm+F0eF8vhoM9vWlHu2HRshFYEy3x/e/CMnULByGfFWqwrqstkIVjT4nX/txQdp6SaYrG/K71pPATEAIGbAERFh+APmfhVa1fmg4XSn4P4RzPThH7O771GRsrXkskbVs9icwKPxwpBSzepn89kUYj+/dq1AWo8lMrRI+T+s3vBif3BBGd/sNBZAyxSY9PJFtrAgaE+wYCJG5Gezg/L6Bu0GyormxwtRCAKHTuvcIQiwXWigJpL4oobKONOiYIfrooOeRGIogmCMdFLoNj3A+NQn8g9yN7ybe38/X4b6iF6a1mjWBhKJHDVPsFBXRsPp5DzIreVJL7+cw7OlwTSaZ4oNpGXM25a3NbMjfjYz/QylC9fKvE+HEpbKhWG21aTLbwtSm7wDRlx7lEofhpzR0/oEHsXtEk9qLupG3jTj029DaprStvKd4V1uQV+jjiuQWH8WXJO5ZrIY5IvT/4i9LWI74Bmdfm1uxFO0rX54xlrmLt8TVO6JnSijNM+miWLZMrhezT6DJutuugVx7DuS7CXUo3QMfu9NRQB2Al8DQS9DBrej2DXJ0cnCZu752vS4j/rRnC2SHYtLRUEzJuIkGWsMQIq9nnmSSMWpD/cdWEufLeOzRU6OibJQ9lcu+gaGWHBHd2MRyBoh74YHVOIH7HYop4CUqZfpnxc3oN0d4Y6B6Y0/qO+94wsAgp9b/CXbjrxxsVJwJQlAlHN+xFHNb5HLCXlXGTDBoseHARjbWaqPsv6+HWFkhzwnxtsSJCdcCrOpKJFlonO/ujWvDM99Uve8NGkZkgoII+FraeSVdBQIogUnRVtUTi3Aeqi6tn4Tt5K6gNqVX4O+jQtMrNZaDdD3AM+7zwZdgwHfgNYrFn10HUlgcqISuj0cJGBT5DGFxavGD1Shx/uBcVqOHzv4IKGfjpqjqPwHlqOuXGosZtgpbmLd8RnacLAb/WJRbGoZhM7r4AZEV8815JktZsD6fY+iH0Gq1+OubnfqWmzinNiifnuhirzPFLDOmFw0sK0s21Xr45pTQX0Kj4T+kcOwjNX1D6BJo4s11Uk8D4rfe2eBfFIoGnE9OEEWvvj8MLA0A0i7nUPhxxq0lKu5faCYNNw8w12+T1F6corMECtgqtphDvu6PleLf9b/aFTp5vYefRz/eifx6h/NIn7Z8qq3vI6zWmGv9zRZiKtDedNwYyOIC34KCYL7X/UsjsbhrpXsT605MnyzxyKOMLuxmaYPc4nj2M4xm1GJCBqxjxVkW295vO/e4WCxTyyjNHzNI3Cjqzy+dhyV/tq9Q6C57iawAoOroSVl1RPAzTqxf8slt4b4tdRzO4d9XoZgxTM0qiG83qD96QDhzi7wxY81ztDaAv9KFez6yIx5B5QLCZXoVapf3wPR8DLv7RzcKmdCKpinfSwhvgC2GpUnEDyQCIJTz9WY5AckbsLbsDmefMuLAda7K18kzR4MIrk3Vvv0MhM1CfeOndxG7EdIyDmUqjKc/A6KQM5L3u+qoQozuKRCWlveQPaG/ByBnf4uN9LXkrJkND1MtDvXssQJHRTgzTe+3mfmhq2aWy7l1tojTSUr06X4XV0ay4PSScxzdTVTf936nigmiU8L4qgk8NJmd64XJprH+mmxpU0tOdslsXSOxk2TP1+7R9Wbyx9Z/1SIhdyWjsFCfOgDOFL0y8zn4jaGehXVqt9FL3VDodI8hd2QFb6ckGTn5iW+zMMk1ZkCOizmhxC5oCLP4MlVtIEgqLwqclqevsAYVpSIxCLeAHr/2IoPawAgxUgOHgtA6LHJbv3oN+XPo6+nd8sPkXJZ8VlY5GouBwzf67JtLQjd8Y2VL+RjVozUkOcLTBBLWHBMxWjwp4+hsRc0lP1Z4/pK4CXuANacYPkmXOMozJpTJYYoaNv6WylLLFKCyj49yW+gl1HAkeyb8PSNY9LgjqEIZB+RZ9Xn7Utt66Mhqap0o6pCdAUuLK9uv2CR9rCGEeR8j8dsBQ9KJisxwBUjz9b6cBMT8XuOIUkWv1ESZhFmKJ1sCXhVKFOzOq5CgjU+QRMGOu+LIw4bUh3ZOB1DsA2P7LcZiWSVvtcQ11K20qkNK0Kkl9tZh5Y7qpRgh+SmIQE+X0QvZmWC7K1gWrlFEbtv3mw/9IBazy2GjA5ULKYz3ZzfNOwNrd4++rH6YHrwYn/o7slG18bb8oHElCzENwQC1nst5cmbTfHpeX/YET3tycL+EOHL16Kfg1DKzi8hbNZhAI3PWcV8rsuFcyMbtVXa3MI6y8dfLVfBETUlgPULJ5w/HFarKwXpRmU0v5YKpg0gy4JafVyqFO6bhmYAMvqKvZzt4WQUAEqJdPDEhyWj8ZQLAYwgAW1w+Lr5oIful4omz4AmDg4jA2aAB+/o9S42rM5nLLfgDZVBMeCU4QgUE9kM6S7lPWXdkaZUgoiUrD8OWyKy8KiAsMt+nkbuY5G5X57IoOApCd+smXT405+UatpL9VxQAHUaPqqX1raqDVmJHlJb2TB7rB8TL9q+S3AdOSQOMEfB/FxFYlIO7MyIayIyr7+7ZLBvJEnCMae9kjgbuHRCkelA7Qn2WCLzHRuPftgfs+cKExDVEmTsGkGEUy7erO00muI1Kt47HzIt0emR/RXG0arl31aYP8nBSt+cmkA3inWK9PaB9/Vc9gZul5Scqus1GCZ6CvjxhCMgUx91YrGYuVFGybcmUocXFVnWfoJ65E7n8=,iv:Um9mAPVzbSdF7D7IzmztYODkyCtgVwAexya0uYyxRFY=,tag:OYU+Wm0fBpQ/GPQpNC/hvQ==,type:str]'
isoImage:
passwords:
deployer: 'ENC[AES256_GCM,data:5gHuzx1UgSmscTZVHCw=,iv:aaONFJ1W6FlQWWYwl+th7yDCRB71qhRDtpeP3verayI=,tag:wXdqB/VZYpeIDw7cxTYYBw==,type:str]'
root: 'ENC[AES256_GCM,data:0ViR7nN7r2HXAJ9Pxxw=,iv:bzqgGxK00NAkCJQlIt4x3V56tv3kiKipiUremZyOvf8=,tag:fC9RVyo8nObI26ERKFlj6Q==,type:str]'
kind: VariableCatalogue
metadata:
labels:
airshipit.org/deploy-k8s: 'false'
name: generated-secrets
targetClusterCa:
tls.crt: 'ENC[AES256_GCM,data:WsmzwpV2WvfLHUb88aMI0cBFhOUvmywUtzLNQ9vpEyA+a/hzOkCt2hH6IGDg6rOg/DLCExMrRk8edXV8SropAl1jfa183igRPNKVYnswgtXZVOsjrXeoumDA4GeYsxh+J5y2V3uWoAzfepShTRyJZLLWOTiubgffLmY2c4hFoPjkvp5IdiLh19VYDLnLUhxPdJDneey5QwN1wdZ5RjKOD7tB0boDiENHxfzhUzWRHIok3TC1kScUqKbKNtqoQnl5R2ghTFVGyMtDCaBThdUfGWItnbO/F1ICvMKDkWCHEkh1XhVRi9WCVZxZHBzkbcRh+WTSgfjKnRAJmz78qgVo38F0cE4irqjoV9gDoCubQsplRyqOqmR5FY49g4599y5cRCyN/Pg2KZ4Qow2BO65EAQuDarjado7eB6LdBPCFKRFvJPJf3LxCt88esv6MTdJUTBuWWNDha0EqdMgPe76/xIoMNv2LxVHSzBArRz2jWayREV5FrE3xECnO80BUZGa4P+E2VgqkmijfQANm4fxAlomh0Hgy5V3LFa2NAfHnK70pXz05nwl6+q33lEGgQ9UGWG92o0ZK66bQDKSGA7AuS786fr9WiFhydGW0Ot0pE7Db51OL2Ln1S/SJCSyUi8QP7FViSreanwtz9dbXbXjnZUjQysAcQufuwSnX9Iott07PadiCCooumT4nBOGru8xi01SKiusOEk6qjscoTfpdfElpAHFQrWLgwGuS399cBFPcfu9YbGqzB6t+xRq48KBxvLGf04uVppNdcf3V4opy3LGDeNETcMfKea0fsNkSKMYOah0jqBoUcA3Qpo2uTo7qJ5wnO0lXYpn5RwxYgTKHIgomiFPOn7BptVAMz49EtcxJQpdpOf+LzjZLRHvZIqDlbrBrdSpQOZqsi2MXpkTG4b+ZEyP4+8helKe2kgOAgKzKQkgOjGWN2fbGsDqcLqVCaz08kvtqjyzO5bF+IwezaKl1abUAm0YEH2A34IZr2lkTvhIPN9YKjjWGZk3GCofNOFwMKLZ/Z4c/dGrjW8BtszQKAnpl33wyXunCTxjZiO3mpWgI7ffmXABSHzNLc6nElVn7Na3lwvxlSIGY+dVIekWSV2Rf0SdU5mBRh72UQ+rXwEq7C/ZvgP4mAyxzGZE0kd458Tnjzt0oqNMPPaZnAv/dZW0CYFQIyQuTFKKxbW0IgjN2lf+Q5RpbgfoGLhNEqN0gg2D3YIjOdOE0y3dDWx7iTQ4p574VIhxeCdoxkUIhuhh3P1cIqyjCdCsjmsEVG5QBFo/XIPjoffk8IN8DklVCp8AwIz8CFrMySRzgOOoK91XhhXo6BsZsIkP6Xk9zWvN4op4VR4zM3eqlcc5stBg4KepxxUvQTp2OpDokc5JsKxhUp3qM/uHjYWsDlflfaZukJ2xLcaRRniPLDaRbDH/9L86so/9ztCaCRB3OEtogEjgPFb4KOFiPG7TqUtvrisygwXno10DnI8Q2VR916hO1Gfyc3hdTpHzQK95rx3n/CVclyxibnwpH9S8DlU4QHT0X2NQXrO7t4aKCIg4NXbYMifN1Sp0lEHr1EapqkuL7lqc0PSOTonNt8OhBZ4NPvHsgndQ/+r4aFizZ/56k4n4Fs7Ki9Qvrgkk2ZJuX0amp+cdWwMQmDWC9OIOHRruHjtquX7gcZuQf3ibEU94K14XZB0mSbwmuTQajkBIKxFmtPbe3aCchvBhfaA5Tg3qm0nQS1dpMSzKYH7+kBwuGKKW4l+FTpW1OakPFM22r5oCH+5IY+Eh830Xvzxm/3zZdVD+S/3Dk0S9CSG8moPpDxxjwZ4DPcc5j0fEUweML8SpjeoHdVqyaU3spvuFryzu9poYukFMthvdh6xGzCHzM3889RZhOcG7bUfFlZxYQ015ZSXlYek8TGlaG6oAlrOIjrxRn+guqHUsAOlt1FnRe51WCBh6zMwxKWhVC+Q==,iv:VnSbM6xsMFMeMFf0PkflNnA2SK5cJsQ/HNmN3duawEM=,tag:pMk/noJNqGwTFalvR+Ar2Q==,type:str]'
tls.key: 'ENC[AES256_GCM,data:kvyc7MnG165YbHWCltMw4EPzZ3iC4nGOFeQ1z37s5/92f5Sc0pKnoi1tyC9YvgQrN2hbCMJH4H4thQ1RDEO8QNgAPilblNLW8m9qbSQ4SW4dbXILhokKb/eEN2dRfbEzLr+b2SBMDFi4KSWkO/u7JjCeFNTN9JifFddnqHlnaHkRFPRH7uXDf2ZziXcVbLD9y6JP3ZexTAGGy8W8kZhA/xLAdWGsLpyAC6qLbS3Ggv77JeRFTUTjLp9waoDootSA2BDBmC/KhoQKZIvxEDxdafe1qYqwtgl4L5X9xo6afiZXH1y3oBiNrASfZhE/yDe9oxVJBgQJRBj6zshTJ3ueoS66BdJY0gc508gEkEvOv1i7ZEqmhSTVaw9PJuABROHVhwTcpMYcOhhngdEh8/TqmPOzl8T5wRARgzN1jPECrh5ZcSrV6Guntc6SJBR9olVtt88QpNu5SwLJCTj9Xf5UgW3/cBUmsLpPylXY88B//5RSDiAtw4XIcEKMkk3g8czouAEWwU4APa5C8WtuF75C8VDQdFqmoVVHxshRhB1Y1j2laAhKAwq1I2jWUc24MLvCk2SA+o3SMukE0GcRSIx5rwh6bDaLbutgUXFtju3rYrbo9riFPhDBZ05wPB6lrST6+ZBcPwwvmMx0ty1WeFXwX5ddEBWnMLCHfDbTsi3hjNVOBG7OSmINe47YOC0+8Vf09LcL+C4NCiXFO8V06tmz1nbSIUmPBZRAvCaXTKHTE35dVtkkkmQy1wPk7dR69ALTFWhnceSi+LMxcQOKpafIU9KlgbrjhbjGR3gMYL33yeaMMR6OB/ghXROaopww8uoANxUmyf13VMYJBaJ4OVVd7M8b/vT6RfMw8fytIQBPB3I9xVvYMSoC1dpZ/N53LEIo0vq9suLoVYnFMhILVhxy1U/JChKR1tRv4lFKYYVKcZKoze9I5rl6FXyzld/ql+2EM0lJSAXe55mnmdbYPnQlUHPj5wq5AfqXW6ADnIqWHqdbEBo5UEvu9S6ElkMViNv9gD+iX5dD6DTk5Bx7R+lBmsvtySHopjSqslHJURCEmYDpKdKjFxKZR9uqaF81388ov3wnbQRFMLFzZZMwMTKVwL9oAeeJugQ6Hd97fwbXp6X/0mYbh8syaFfA7vTtjm/8oc1fPFrlUBTSXERqlyVgzq9j1IrfZeHc9t3e2WbNXmmlDTV5C7VMeLhBjvEVVNTaFVWfP7YQsrSbzrtirzHB3WFIUifdTCF7v3SlfE/VAmVfuI6w0Zi92g5DZl/2v/bfwLay3JETz2LIYb9GSNbfLX0dssUROgGUsS9F6WV0r1KT/27SsOi9EDygqqOxoFgD+YRckf2oDZ94wrT4vTVHlm9bQQEsKsogwofMxR2GnJwsozIJj5unbY1oiHWBdJfsPPtisESZK3SHxIVcF6iu8g8yvhkHKn/xMeUqDOZN28MoELStSFTkQGpOml5gXdXDdK2BEzIKbeDOV0bVIgN6WYZpEeOKgmoHRa1obDrcgUvC6CB9rPL+40CvFwroRQjoOMLHDZfBkxJxDYDo5abhLXiyd4kCG70nMhamlikVEJOQ+Y7PWIdB4ez/emEqG3S7Z7it/NRukfgFJ9xbnt8WkzJiKmbpnojjJTc/8UVSYSZ1y+UA4R3SKcTlr5/qyWn8V2nXrHZsH8wpmScmLQ3NZx3J2RnSrWLveXaksOcbFBebJPXnIvmqVZ33wDQNWJROXjQfCqtZAhXgOW2vHNyQEoi5IjyNtyGIvLEffX2jsHTgD/QOypA3e38EBgLkZ+0ybLa37GvYCH2GPzGf07TcvwXXlv9p1bwByCOCoUxumJ98gptfbQG7OUXPeDkZIs78xIP8mV2irDqawWn+4dqJBgDZAWudY8scn5gWo8L5sE51kGGsDE0MrPPxcmLBNFoTXYrdCuFFQXdxuQ7mSzX04gGabL+d1+SdETPdJLaqVe2WbI7huEd+jFuo0zd/WkYbJwCxs0mOB1xjm1EwIC43hhl2dLLIGYZVu8feoB2H4sEQeke6R1iGKDOpzL5CeY3L0/EA2cPVC9t3H7wjidFG4w/yfmQQZiN1ivoiLGoWTFN+ztGH0FyGS8M6Nk3d8nP/MkPjCodRIUnsppTRYSJgbxa2o0R2b2wftBdDU7oQqWy4XK/H4zVltACaZE06Og1Y+Rvb10NeYUiDxJupat+Z1gh6u/2ISDgZQwIsRQRYdhm1JgxxzUSeNTtGQPkRcNCoWlaT4oiuebSG8fsGPFaqv3KF+lWlORpKTjMC9mlBXPjH7NWeZOiqNI5pZaf1tl9FnOvUwzNdcGLR6Bqoe08+asKoOuh+NbKSEAlALnPnznFRBapHj5C9ppABMYKfqNigM1tflctJFiiqNnpH6Y+qXFzudrkq9VqhaMoccgkqgYcFEEIwJ8goByA2ZBSV4mA7sDtY0fCEirP98j4OOcUpkHLgaRbRW3DhvfGNOJDE0YJjb38kZEZ+KdDcu9CbrXBgNVet04j45VjIonlum+DWFsHD4tdu1CPJiii9retvUWn3uYN0zSKrj1jEL8cO7Ujgmm4A7Szgz6gP2ShvReaT9BtYf5W9I6HXnedjFL0HOT6SdrG6kXPMns6lOkO3CcxrTM2w3vtms6HYMTFSXDr1k9WJQFIPqF16MrahYaEbHC0Hn2f1euhxiwY6Pd/fWa8SOwx6It22sq3RX/Ra1dbRlQ8UkwvPKV12pR7Lcq3WoQr3/blMZBiK1nXgKREndxY2/oUeI8bpw/qgbAViujfyRVPcmfhPBgMPZceUbVLGlxdYzPIKAqYgttBVHDZNdvI4JEkK4FJnL55WrSiOPEEuiGrzOSKQvZ2b2/AiHceAax/Rr0zSxWKZ7numzZKYBrPBgxeMtJABz/alfsRhtKxIH/Tf3YUaMeS7nmYaOgO7nDTuLqSyWpyIqXQHvf9TCeZt3o+0hBx4R6wLlByifj/QOqY2ZbUrqLqp5xa1d8/SD58=,iv:zCKTZ259WSSteALG13EAZaPvEO+FkqwTvaFv6VQ3PRQ=,tag:wtL/ti1jBKK/zjzNR6E/PQ==,type:str]'
targetKubeconfig:
certificate-authority-data: 'ENC[AES256_GCM,data:XQGGPJC6gnZKfIVTEpIFrnu80oB3BrrpGCiI33aKpSPzH7mJn/QLx/Ub22Q8pL4Y/AM7LRTNQ5dkLar6bns3ePLCes7QY0WtB5cp5QFFtlIDHvXWcX6o2yjrWP64cS3UY2Ct9vije4cZLlDHjOerOyI5yCXCbWNKP631EXq8KxmuTRQNJROtvnG37RYgp7nsHu9uXVcrCxf2UH8WH4LhO91yW83rJSThSSZMPBwUfZdvTxdFg1AU9ZzHxQr+FDw8rDIsw7nXbfhlQxvsbp7Sor1rPnu2/pO2wVMGrnrAiFn2qwuxWRCAC4gNZr43LXz1aYgxzwcTVV7Vn56C0G+cXgS9uceOlknYwE9ViupOeqmUJ9OaLldFmoEFmTVE//qamT78/jjBWjb2ZJi8ztjTCFkw9ce2RKAd4RILwzZ9bUMjJKuO397efe5VZ/Tm+94ZDRnrOpNT8NuFlhcyZ1ezYhSEJYG8H3cr+ep7j5wmhse1ThK7IiBaUKlEkBoZEcjd1TI5KGf/1VH5VXdW5FbGH/gfDUeUYH2JuMSKnGuozRlCacjK6lu3kVZpQTXHFtpHKFiEbLgCFcmM9HnPt0KLKlYX+XSgbElQPMHvyK9DrErCrj5KZ91KNOupgzqUJ7Y2GYYSWEGIyXQLO7V+LjDhE4K5PAQzEJ6D7dxK0b/4ze9uQiFtQLPa7qQ1tD8m9JoAUZSPWEzFgsOYJF8Meoff4Kp4vZU+p5+LlK+jOt/MGFF+1Yi7tuOdWY2Ulbzxm5TAt1Z3+HmgzidX01cDxb9zT7iDa5aObDI4BEFlPw8s0dZyvwLNXRL5yq90m9PWMZHmlkwpPXXOqCumbNC+FW1E3hQ1+drIiLcX0uRd1jHW+4RcS3ePYMQzZmt7aLQhRVfLNiJ7kW62XNNHAs6cc0Z2hJudloH5AQpWNwNsUPUzgaFnTPu1PyGhTywy+3C+zsLpfzQFCD4bSyhJrDj9XJKahNAWk435ehGNGCgr8bkj+9fZa/pTX/bmwSFMh/hvULGQB8jhQkCoO1RWCQnLK3iHIc/W0ED19GHxgWT/SOReLeL0TGsqN9FiesCo7pDkVGsbEzPtXjt2w+jaZovTBp2tBuhm9l3eB6qK17PqI3gi1YVQtaDvsDNwq0J0dhez+XwbVu4usrciyQYzJJoF0xHPlGhnyZWN83bp/HWZq7Oau0D/Gzv0eSZNG4TIXxAiXgTNA3EN3bp4uGzszYhzarKRiLo3+Shu85b7oa//UXp4FFUp+lRIqr6HDyhLv/17WaopfaNF/f7h0jym7+gvYj5SVKBLgawAkEfGwx+HWoEYrQxaXkFOPDhuNkCY5w5xaSCfWGHO/zfczvLwPXeqVLTmgt1UpdyOmrVL+WzegnsrPuIOL15VwJpxdjV8cnKMdp0fWRur9FTnDUSE3yQQDIUr/dHKP9wGcwxRoaa099zHkjpJVJk91sbxf8l6MCe8K9H2M7W48ED3DRhpzIbJthHjpZF6a+8E3a/+H45T7JevgZob2DfENYub7c0fiQqMyLU3OEXu90fpPB3450zFF/M6+TB+ezKK3VSxcAJFT9jPX7OfjgZJf0E4q8v0CYHYeOxqvAmoapyaO3Z2+tuP4rPriblu2KsH+5JyP7kVX0e4WvixCN+W/AuSO2O3CqXZTh22F5UxRLSc+p4WDx8DvgGSSsFtKE9ASkGgjpGEV2GBdDu5Ja2rC3qqooCSDtLEuas3zmmcbwVog/ZhHw+us1yyAqDpkllxZ+Hoq8rHdg0Jwep1JUJ7B+/4du60GleqvPbiiM8xnbPFOxrp/lEb23ura4AqH6ZxxBHol8d5WHCh0VxQXPychIsx2Pl/404t0mY0ne4bIudaLsGADwM5WBRczgKroe5ah+7KmujhavPoNQztnSgVTfa6hxjG5EeO1/hYBybXA3gjM1rKaRLUTdGGfcL3TmOf825xM4BLvQ==,iv:lrxOZvtDP49iLxzYfTW2B/ex0vtgmCj154j2xOnJEWM=,tag:ODHDg+Nh1ZF7oAloIlpnZQ==,type:str]'
client-certificate-data: 'ENC[AES256_GCM,data:wPc4wl2y3CkIciqXl7e3c6XPx9jQz86CBu/hSfIQUc3IkpBeEajlxlbxHnLDvG+/hyXJtqfLFrP1v5JcZCCiUk9lrZPmDT1yWUOMizV1/WLhC/nDuGitVErRWAeHDtxE7f96H5MKQpv43zmxrg3F1+mvYVt1WAc1SBWgcxY1bEmLtV2/RciaIUX90aoE/3zcvCRq4A4nsPGXqT2NCsDcSTngQPTGttYMCz1bNOUSk27kmd9d5RV5twRKtl5X/pcR6Hem0pqlkhnCIqElzMWnKLIOaxi3/KzS/SMIqRHJZhX1fzl0Szc183v+ew1Y63kGabvEJwG83JpGfKSRpLdH85rUydenxTWnGj+2qpZlgTUa/lIGfXR/X6RWNPKzrZbZc6Hq/s3n1Rk+OBSMjepygp+5huj5QII5gdI/YoW/4+nEav+IWvoXmtw7DNDuzPgicsZxZx4QmgkZJk3s+HX+f1TG8eceR20vuaWaSOkq2JR3Uc6+9ebzvuLsXqX34SryRvI6Mrd0bJwrNu8Dbzv4DKqHrUnT1tVoRRkCE33dHyRhWjG6vs4HaDgZuzfQGJMPQ4c7a2RJKVB2e0HYp8xjFmbQCPDfdVQ0y2/E8GNUZjTQhME1B6Nz8egtZjgIAbug++cgErT0PybCeMCHmz+596xlHYjoL1dIONCvzm//Dc7okuxs9D8LCZ5f7r7IjYRFQt6U3i0PLdv1pTds4yvG47VJimZi6SXeq7Z2LPqSVclZCfPlDC643bC9hqpIsDRKDJLFeMoTr62g5Z0W+c5dmMH/6BQrySgr99L0u9JJzaR2Pzfr2QxlsUZibYniNyuu5cEdMxiVbMFAcDaGWyTOjpvay04fkYky/A9AKwAxPStxx/YFZ1su/8SWIwsAUfj4xKEccjxOcfmL6BjdYdj47ElNYQXqIVKl/j3X7rXzDSu0eyVPVTcOwuGtXrV/VfadmisX9cKCSwLozj6GxqM9JN6QZ6GYAxHzU7V1UR7RTtnPN6s7JOhql80KmsN7XnRddmWPZpOmtnwunKSrvK7rBygXkNpX1TE24dfTpWzBOeVE6BFxUuiYGCoxuuxfEo6K2deBj/7jZZ3PLprQyqgIDipKjgeC6R3qx1UBHOleY67Y4ZvUCQSjz07+wo+B3OjNfbCSN0vHJJ9NhvyY4CdOtrgbzOchZPhobhxurH8iMf4UDBgugefpXRwpAFhyjkm0VvDE+UfKJFbsKcsPehzbBOxXJKBbyDze+Ov/oTAhY3JjGiUe3h6Hyac9ctnrUxaGFpLhsjZCDiewSBo+AP6J7dQ2bcg9XMmw3ckOD/hVaT/sOi2qWsrG4Qnr7ZmCXMy+yWQc21TL6JvT3yI56MAlE9TMrG4PWkktmTbw6eAyTOmL3lzBqpXKgdJoWLR/Zv0xUkk8+zZsVchja1kLPJAL6ALkRzL7PE+UEH57K5/vim8BaHzKO4Q/4fb1HjbBX6GA+/4nW0CYw3vKsa8Gpt2Av4XwOpAHRGrezm3w2o9fSxabCTMroJ8dsaR4uJiCpn7jq9O6a24PL54gP+9dLnvnjK07DXvIJI2mA5iDv4CJAgz0rNPz+6yAgGtuUkZvqslBOm5zhKy1TVlRuQT315YeYjHPp1JqmQ96j4RHCCGFFlHsYnzaazY8izu+r59JNxUVRipJs2UmUktJXETWn2zKe0LDs8LkPvObvzM4LLGOamVlaOjNKSQRsiUv2Qd0+ERY6sYJHwh40ObGF6Z8u+91wWglcylkY1+bjhCwh9Zs4Gw7JenOkMsJe0BtpJYCwkDIA4L/+PHtaUpgQmaFCGYAuWysAv8OGkv8gmIaSiLwTfiUxg+dqgicEcKAGoYj2pFduWKldP6dg2HyzCYVcMbMJXNf5KIFLcAnJ4IOYf2bBDR35Gbtq9gKUALudgR2O/xxVkI4+DwY2Tc2EdFnnkh/btYaz+seoCQL1cB9+IrxfldR7CLXUlDt+7DUirSEvNLpWA31wA==,iv:d8/OlgrzqF3u7162nMzKfWtqeeLogcwq2Z4FTxRfxjY=,tag:wI5cko+kBoFUXEJOO1CtOQ==,type:str]'
client-key-data: 'ENC[AES256_GCM,data:DIz0rFlKFLIEQaSlyqSgAiY2KK+a1CRDtAXtu5LKgS8kCr/XqRHq41wVVK44v8V1ih8Ca/i0Lie1pheHgdHQicilcturE8Mxfl8T4Eb/6fVy/soo4M+cdAHaZDa1NMW+0ZYrXB67oQbSnE5y8/Q/PQxg02VzWIm0G4OQkkTXjb2OC4+1pJl2tWezyMhdiudc04dO1z0uK3Z3oSX6huedu5lXEP2u9IlFrEDfdEg9Fpw8+HIPMF8hGblVffZkYob78AzuImW3vzTJV/6TDkNdlKbEnHiPAvqRu07jUa9w0rKGfvPeoRi8KUhCmqI+948lsmV1ZGUFXfTzYu4Ln+cQ+x9JT1cX/g/6DqmWUXiMY3Bh2xPyfW+qm66QypFH+wNTjfbUpPK/Fbjfrbt3Eu5XV0beOh9RQIMVQcV4OgOydwREbxxCfUtCRddtDcRuWp0uju9v6c3m48626LXPyO8iKoFVldpMxEAbYdROOar0FXBNner9t2LRX6oWeZijh3bRB11Tmi6y0H3fWfS7datRO+3ben18xWJJTYNIst3e7dUgjgnTriqKcGIzqsxO0rBH2+oT0gHAgDCKzsp53AOEl8LdJWXB5ua6WQFz9o+p3kkDLC+PLwXg1zY3nkVMYrs8a00JqTphRc5X8R6E/4wpYS0Eka6rXKIyAq6a74nCXjOWUy0sBCpwI/8bdckMF3u9uw8GjMmtQINzJv0Pm7Kx6T7wf7ysdhs0I/kup/l1SeckPoSBm14MSoVT5Co+0xyK72SpyAW5f8QFEv2SRp6c3xke1qOEaPAD7ITXlLt61y74yRcKXaiWkAG4tqxcudehRjnOATrC1y8KmkV+V1ZSP9wm1AVvYkYGldkBNTVaDGSZdaw+u9KFK+tfNbMajMrAEMPylINa9ELh5YGKzj7cHeaPVh3C3bgDNZHUD6osrGXvHYaWVqwAaslZVEauSFXvUAVxajcbaTf7RrdoDU24BP4IrQkmkDoSzsFvXiox+xEYXQMZuJP/Vp47e46eobCUxADxM6zpjyaNTwhSV0aofjMsbTjzlvniYzw4coM5mhfwJ029Fcrk8XlKqS/Mad/pFInjwZE4i0NQRwj5ZxI59mbUIQZUEXdXBtIVr02nE2TsHYQ0iYOeUTKALeZztwY8LKoIyIdCOoS3a89LEIjJgHnyesylxVBj46fDkVCkWcRpo6jwgqEQTzvRBjCJQMvb451kQUk6tBp6iW5G+6gViEbATrkHRWpFjbYiGYH74RTalyTxQA9Z6C0FmTTUxnr/4CP41nO/Wj653LrRL+BuJBi91KbfHQjKCltcFdbrZeEkmCNJk5G+5N7puxYldSLD+XJRTssK1+2qk9xM12LUzQB8pqTulKsbpMn+cnWzFwLmRCBsWdn2xattvqgdFoNXM7svCSroRogGx4pK9k4OgiOtM+Q1sOdTOsntLhSGyW6R723vnZ4OfzNbO/zkdqAT9ZmPl5V6g4sKopM4wibuGsHx7G7QEBz0YbYFxkKtUSH8VmNJH6s+liLCGvc9WtneT1S0HbcQjWYkFbWt0tX0N61NbVYEzTpycgXMnz2VbrkSiGkp0llWXMKAys4YimjKjquPxjXV4Dy19W82UBGo5wYG+WBKqwvwrU174Mb981JfZfhZiKHAreH8hy834pLcMGeJKR7BYeEUPG33gn2Ds/O9P3Hrh/ew2Itxw6LNUzvLb5hSwPGbgYkIjUufFKksiSUBpbpyPMXvTUKBL1eje6JYu3uqkUcmWKGVhfyAldlOoFGpUXiulR90KPXVTR3bwpwTyIYp9O5IhFHUlKb3kjBBXQe7z7yxrzPudJSbHljGPPZfyVgTdgYjiN+v35oppJseN6J3fsiSZIMJX7QanNTqwvsoZU3SGA958Le1154Sti5WlD/jMTovUmFVHNfIo+E3gdB64BEfPKf0R5cuWB05aiaeJJPH61I2W/0mK+zlK0gdNKjrzPDTutgkem5/zxYYu/mcnCk/fbBlOiHlAsgwkwSCs7nVUrJ/1aCAtMH0IVYjatslJMMy9p9q7L1YNjiyzRUgbIRa4g2dn+HkxEcZ/iwm4zWXpRYLZ8PdSl812/y8DG98yVxgjj2CeWxEdrviVlYKxivj6Fx2YvWV7H0GPeGLdvFw2C4OLBjrgTEriLFpwYhwE3jqpUh3Ceknoas+p76QYoqa+vJhYS1TeGzuZcsToBZ+Tie1C83MrIcJfp5DRXT0vffhP217YkD17/mQ8f2WBTEDckb1PeT/Tbspk+AAK3p33+yTqRUKppkRN7SU6ZAT2sRPlSA20fdC8ucBlTJWpsZsrnmnDLc/oacV8LGyxaEquDfKzYlunj3MAKLVibCnKxbtoLATOcRcb5XwGMqVrcrnr0KFNWFivV6IGeTGVOyEf3fgyfl6ahn3q7EoSM/QKTjp61+CMWzFsJvsJsVPXYWqy+QRZhiD6lJbezjRcfRVaeu9ZGMGPsgfbHCqUS0u+66QI/uXvUwfG+MZZaxBEpaSyHWSYtP9UGTeB8l1t1sK3qrLp1WMV3EwIevPJtpedDKxcfNBRrtW9G4b2HHqDsOTCPAH6A2FJTtDXqJtJx77IvBTV+z6DMoEJ/H9+F39pDIhKO7QlfQbCr4bL7cW/JeYSXeOPi4Z4y+uLfcC6glyl+ILRK+0u/bDVRk3W5B7uWXHyCwIUmxfEqrYJNKqz5O0LPp8jFzuSnRMLMtGk2vjxYctFLlprajjPuLk6VPZlLhbYV0bqDIPWuQ3XjKwQjfKWiOm0u3KCZSyhe68ImT07mddMgIHtwB39hbXOlhfPKppEnmc/qmr4F4EQMvztvwox8TuHrRip47ChkpOjcC7YlZOccZYR/8rorv/3Jl5V2ozmg/Gb7jV0YY/B4/kabpDQuXCnT0SFA4jQZys3CSBqO6AQOxZ4amZIFm9zbMnc3VLzJGBylsX9BbenLV1ffltLhI3eLpv8l19Yb660fNVu4R5Sw==,iv:d0V7thVsBXSYoEVaC/saH6WpX242EjiJjUpO6gpabxg=,tag:GNKcO01sISM3J/0Hjzkntw==,type:str]'
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
lastmodified: '2021-04-06T15:20:22Z'
mac: 'ENC[AES256_GCM,data:xR6t/C0I8eyJqi9HbodbjYWP/5dunzylUx77/aHqAqU3/zDfznH4jpN4oBE5+HD2AEtqWLavIJ5QjVilHIIp3q9FbDp28JnVWc4tcShceIJzn/E3EkGJohzbVkCVsEUnZ7U70sEfS/15IaJzfDnlZdxRnCLYdTYjCjaXXVaeOr8=,iv:2ksNc3zAY+OfMxgeEghCmy3u+ITiI4OqDVm9pbxzSFA=,tag:h7q+iyfTrtkZ3oiZNqATPQ==,type:str]'
pgp:
- created_at: '2021-04-06T15:20:22Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQEMAyUpShfNkFB/AQf/ekiqVj5BDD2h1DEiKX0kz3sSU2Bem9EblObv+mEkIVzj
5aAMmcFF5W5f+5yNDeb9sN0eWMIl99IeY8Z4GZ/JgkLd1Hf2eDpyYhD522tTewOJ
IgJT21Tv29w+GE1S4erz1ncF2C8b1r5qzHLVKWomX+rj5/Ix29he42+6bXFO0f43
/GX43VWeuRenJ8p2UxeWaANzEdI354UCYCOuOx6vXytsljQ5Qd2tidaI/rmCfiIE
PjZvnbHmwPy4R2jtwtC+yEOs4EFzFB1DFZXl0vvQTcu9ztOTEgibziJZs2EYNcCm
RALZu8lSjLRbSbjGs28mTSCFEAeZkCcldOXWf1fljdJeAUmA87yTpVyFqdh4QYDz
h9OLOgO3YBaKfq/7+YT7wUMh4zXC/BCOKNRCYeAFzKk1GMCgwS2h/1j98Lo8KviR
AoiwcnomoTATIRs/7715GhroBvjHdrdDPQg0FwMB5g==
=3Y4v
-----END PGP MESSAGE-----
fp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4
unencrypted_regex: ^(kind|apiVersion|group|metadata)$
version: 3.6.1

View File

@ -0,0 +1,5 @@
resources:
- generated/secrets.yaml
transformers:
- decrypt-secrets

View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/target/initinfra-networking

View File

@ -0,0 +1,7 @@
resources:
- ../../../../type/airship-core/target/initinfra
- ../catalogues
transformers:
- ../../../../type/airship-core/target/initinfra/replacements
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements

View File

@ -0,0 +1,4 @@
resources:
- ../../../../function/lma-configs
namespace: lma-infra

View File

@ -0,0 +1,9 @@
resources:
- ../../../../composite/lma-infra
- ../catalogues
- lma-infra-object-store.yaml
transformers:
- ../../../../composite/lma-infra/replacements
namespace: lma-infra

View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: lma-infra-object-store
type: Opaque
stringData:
fluentd-accesskey: admin
fluentd-secretkey: changeme
thanos-config.yaml: |
type: s3
config:
insecure: true
endpoint: minio.lma-infra.svc.cluster.local:9000
bucket: metrics
region: lma-infra
access_key: admin
secret_key: changeme

View File

@ -0,0 +1,14 @@
resources:
- ../../../../composite/monitoring-stack
- ../../../../function/minio
- ../catalogues
- minio-admin-secret.yaml
transformers:
- ../../../../composite/monitoring-stack/replacements
- ../../../../function/minio/replacements
namespace: lma-infra
patches:
- path: patches/minio.yaml

View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: minio-admin-secret
type: Opaque
stringData:
accesskey: admin
secretkey: changeme

View File

@ -0,0 +1,17 @@
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: minio
spec:
values:
replicas: 1
persistence:
enabled: false
existingSecret: minio-admin-secret
buckets:
- name: logs
policy: none
purge: false
- name: metrics
policy: none
purge: false

View File

@ -0,0 +1,19 @@
# Network Policy in calico
Restricting traffic between hosts and the outside world can be achieved
using the following Calico features:
* HostEndpoint resource
* GlobalNetworkPolicy
* FelixConfiguration resource with parameters:
-FailsafeInboundHostPorts
-FailsafeOutboundHostPorts
Generally a cluster-wide policy is applied to every host.
This site based manifest is designed to override the default global
FelixConfiguration based in function directory.
For more information on failsafe rules please refer below.
[Host Protection in Calico](https://docs.projectcalico.org/security/protect-hosts)

View File

@ -0,0 +1,43 @@
apiVersion: projectcalico.org/v3
kind: FelixConfiguration
metadata:
name: default
spec:
failsafeInboundHostPorts:
- protocol: tcp
port: 22
- protocol: udp
port: 68
- protocol: tcp
port: 179
- protocol: tcp
port: 2379
- protocol: tcp
port: 2380
- protocol: tcp
port: 5473
- protocol: tcp
port: 6443
- protocol: tcp
port: 6666
- protocol: tcp
port: 6667
failsafeOutboundHostPorts:
- protocol: udp
port: 53
- protocol: udp
port: 67
- protocol: tcp
port: 179
- protocol: tcp
port: 2379
- protocol: tcp
port: 2380
- protocol: tcp
port: 5473
- protocol: tcp
port: 6443
- protocol: tcp
port: 6666
- protocol: tcp
port: 6667

View File

@ -0,0 +1,5 @@
resources:
- ../../../../type/multi-tenant/network-policies
patchesStrategicMerge:
- calico_failsafe_rules_patch.yaml

View File

@ -0,0 +1,12 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
## NEWSITE_CHANGEME: update with the worker hosts
- stl3r01s06
- stl3r01s02

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../function/treasuremap-cleanup

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: worker

View File

@ -0,0 +1,31 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: worker-1
spec:
template:
spec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.name }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
feature-gates: "IPv6DualStack=true"
files:
- path: "/etc/systemd/system/docker.service.d/http-proxy.conf"
content: |
[Service]
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
preKubeadmCommands:
# Restart docker to apply any proxy settings
- export HOME=/root
- systemctl daemon-reload
- systemctl restart docker
users:
- name: deployer
sshAuthorizedKeys:
- REPLACE_HOST_SSH_KEY
sudo: ALL=(ALL) NOPASSWD:ALL

View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../catalogues
- kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml
- machinedeployment.yaml
transformers:
- ../replacements

View File

@ -0,0 +1,30 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: worker-1
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
## NEWSITE_CHANGEME: update the below with the total number of worker nodes
replicas: 2
selector:
matchLabels:
cluster.x-k8s.io/cluster-name: target-cluster
template:
metadata:
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
version: v1.18.3
bootstrap:
configRef:
name: worker-1
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
infrastructureRef:
name: worker-1
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
---

View File

@ -0,0 +1,17 @@
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: Metal3MachineTemplate
metadata:
name: worker-1
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: worker
image:
## NEWSITE_CHANGEME: update the below ips with the first target node pxe ip
url: http://172.63.0.11/images/control-plane.qcow2
checksum: http://172.63.0.11/images/control-plane.qcow2.md5sum

View File

@ -0,0 +1,20 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-generated-secret-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
- source:
objref:
name: generated-secrets
fieldref: "{.sshKeys.publicKey}"
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- workers-env-vars.yaml
- generated-secrets.yaml

View File

@ -0,0 +1,41 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-env-vars-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2.0.2
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTP_PROXY%"
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTPS_PROXY%"
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_NO_PROXY%"

View File

@ -0,0 +1,8 @@
resources:
- ../../../../type/multi-tenant/target/workload
- ../catalogues
transformers:
- ../../../../function/ingress/replacements
- ../../../../function/sip/replacements
- ../../../../function/synclabeller/replacements
- ../../../../function/vino/replacements