[WIP] Initail push for stl3 site manifets
Change-Id: I4dfd33fb669738960bf491479fbe5fb6c8aed7b3
This commit is contained in:
parent
1fdcfea301
commit
6683783c45
|
@ -0,0 +1,20 @@
|
|||
# This patches the node02 BMH to be suitable for ephemeral purposes
|
||||
apiVersion: metal3.io/v1alpha1
|
||||
kind: BareMetalHost
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
airshipit.org/ephemeral-node: "true"
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
name: stl3r01s02
|
||||
spec:
|
||||
online: true
|
||||
bmc:
|
||||
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
|
||||
status:
|
||||
provisioning:
|
||||
# we need this status to make sure, that the host is not going to be
|
||||
# reprovisioned by the ephemeral baremetal operator.
|
||||
# when we have more flexible labeling system in place, we will not
|
||||
# deliver this document to ephemeral cluster
|
||||
state: externally provisioned
|
|
@ -0,0 +1,10 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- stl3r01s02
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues/
|
||||
- host-generation.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- networking.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
|
||||
- ../../catalogues/cleanup
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.231" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.12"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: IsoConfiguration
|
||||
metadata:
|
||||
name: isogen
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
builder:
|
||||
networkConfigFileName: network-config
|
||||
outputMetadataFileName: output-metadata.yaml
|
||||
userDataFileName: user-data
|
||||
container:
|
||||
containerRuntime: docker
|
||||
image: sb464f/isogen:latest-ubuntu_focal
|
||||
volume: /srv/image:/config
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/ephemeral
|
||||
- ../catalogues
|
||||
|
||||
generators:
|
||||
- hostgenerator
|
||||
|
||||
patchesStrategicMerge:
|
||||
- baremetalhost.yaml
|
||||
- secret.yaml
|
||||
- image_configuration.yaml
|
||||
- remote_direct_configuration.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/ephemeral/replacements
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: RemoteDirectConfiguration
|
||||
metadata:
|
||||
name: default
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
isoUrl: http://10.254.195.209/ephemeral.iso
|
|
@ -0,0 +1,200 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
airshipit.org/ephemeral-user-data: "true"
|
||||
name: ephemeral-bmc-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
userData: |
|
||||
#cloud-config
|
||||
ssh_pwauth: True
|
||||
ssh_authorized_keys:
|
||||
# TODO(alanmeadows): the ssh key below
|
||||
# -----BEGIN RSA PRIVATE KEY-----
|
||||
# MIIEpAIBAAKCAQEA1Vv55Nt8IdH455BTH1HkOnwzQ5IHlU8hyX7q2S1Z+e6kPqec
|
||||
# pLt6a7+3Ufrwtu1zzzpXvuitqb0FlpbngMfkRW7uWyqvwvCELuK5BlH9GHulFwvP
|
||||
# ANU/hIUwnJt1ICVQhwPM7mypUa0dtVV5SUan0AFnmwFIbcSz0jofaLYK3kZw9D8i
|
||||
# m1w4vx1M4A3mObje4JOY0UqGYTmMYnvb+GS8X8oNiYlL8W3M4WPdaZNBaoclvMhr
|
||||
# V4jw8c5/mYFub6kvf7Kdk8lBKI/tymemuR6YAl83V10zLocPR8NslSHZUidqhA0O
|
||||
# 2JN7Wt6M05HhZ/MCAhfxnPrmPraDMolA84NApwIDAQABAoIBAF65PvDEIRBC0Ga+
|
||||
# RKkbCmCM05WkN4mqYC29EzboU5IKyRCoCXt5YJiFvTXAWy5brZbLKDmxw6ggK2L4
|
||||
# DD+4fzf0UA5ZnT7G2WiXb93GeL9t5ZWdwIF2K4UCPNrKie2Do4TNwyX3SBTi7tWa
|
||||
# 5QYLQGWwufavUyCou80R0PAEIj8b5xY5u3lK03/wfexl3z5FLsiCZVHD/xdZsFgg
|
||||
# 8m32iDrNOBfWaFeOeSGUbCfUtsmD5kbcUus4+/jn6Pdg06S+RV9xfQ9GTUD5iU6K
|
||||
# GixEYPtC3o0KRlNtpZwX5+oWBERiFNTeHRp46t/foXWYSSg6bP5v+wNauTX7VPN7
|
||||
# YDiU3sECgYEA+BgLDEDMHjyiIfgPsAIn5T4oqso52zCgkpmiHLcawLto6nEv75ST
|
||||
# 9NxZjnAKL7RiL6ebAGbX3dBvb9VEPn49j9yw4JKguAkWUJH9s6dZ02RDKnRnaV/N
|
||||
# 4bHtgCmObuZRsJTGDxWhvyVt1KSYqd1e7o0RSPasKXEgJ3MivsGV+l0CgYEA3CiR
|
||||
# H/hjFWrduqpMzYOdz8YqDSw33fr0jYMnyNZclMtBge7nZsxI+txytp5OKrb3JAWH
|
||||
# SYKSLn6Z0Z7Y7brIYDzQW16+j/T4ttc/teq3WSOH3kpsOJ4w+AFE4764zlnCf/HJ
|
||||
# DuPDKXGHg2rJpVdyCGYPX8TgME2VItCAcvTbHtMCgYEAm6aR/90DcxD9c6xrQzUH
|
||||
# DLdj0ktP4ynuBCvpXnSujy7FUxkyRvCDp0M72LaIXYehdl6ES8s6McscryAxUbfo
|
||||
# LcL7Ido8hVoGKwR9FGKxY4Pq887WNnFJ/QihhiAMYZ2UsOGWJU6gDQmRj7C4qxHd
|
||||
# BnNw3cMNHm8ACmAc82sHCm0CgYEAmNWwqbkNT/j4JHXFC4arL2oqFyrzPa7Rxsud
|
||||
# +taVPtY7i7AGBF8c6snO+Oe86/pIZ0FPQcDbKlvI/LSBc8ePAwA0xLlpIRa28ndL
|
||||
# S0a+MatwzuhraIKpDAIViOUF9nppg9id8zA6c7LUmG6xvY6PIzV2xs0ttVqmhZyp
|
||||
# DyTcWPECgYA9zx0rOtEQiRiW6Hd9chsTzMahCHMP27f9Y8a7q3zG9df8YlLuT9Ut
|
||||
# 4iRrM/hCGIYKnRVM7JDPTwJMRX8GR1lw3JwRvnNsaDR+hTvxRd/s0MjC7I2MeHGt
|
||||
# 93hPvw94eLhP65TiJLeMy+rBw5meXnryzVbQ12VlMe//Suq2OrOnog==
|
||||
# -----END RSA PRIVATE KEY-----
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
|
||||
chpasswd:
|
||||
list: |
|
||||
root:Abcd.1234
|
||||
deployer:Abcd.1234
|
||||
expire: False
|
||||
users:
|
||||
- default
|
||||
- name: deployer
|
||||
gecos: deployer
|
||||
ssh_pwauth: True
|
||||
ssh_authorized_keys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
|
||||
runcmd:
|
||||
# TODO(alanmeadows): all of the client-side versions of the certificates below
|
||||
# appear to be in airshipctl:playbooks/vars/test-config.yaml
|
||||
- set -x
|
||||
- export PATH=$PATH:/usr/sbin:/sbin
|
||||
- I=$(ip route show | grep default | awk '{ print $3}'); while ! ping -c5 -q -W10 $I; do echo "interface not up, sleeping for 10 before retry."; sleep 10; done
|
||||
- rm /etc/resolv.conf
|
||||
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
|
||||
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
||||
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
|
||||
# Replace xenial with focal or $(lsb_release -cs) once available
|
||||
#- echo "deb https://artifacts-nc.mtn57z.cti.att.com/artifactory/apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- apt update
|
||||
- apt install -y
|
||||
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
containerd.io
|
||||
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
|
||||
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
|
||||
- /tmp/generate-kubelet-flags.sh
|
||||
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
|
||||
- kubeadm init --config /tmp/kubeadm.yaml
|
||||
- mkdir -p /opt/metal3-dev-env/ironic/html/images /var/lib/ironic-persisted-data-volume
|
||||
write_files:
|
||||
- content: |
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
server: https://10.254.125.231:6443
|
||||
name: kubernetes
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: kubernetes-admin
|
||||
name: kubernetes-admin@kubernetes
|
||||
current-context: kubernetes-admin@kubernetes
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: kubernetes-admin
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lVRUZqa1hPbzMvM0YvWkg0eE12bkpTUUhVOUc4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweU1ERXlNekV4TnpReU5EVmFGdzAwT0RBMQpNVGd4TnpReU5EVmFNRjR4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSlVXREVPTUF3R0ExVUVCd3dGClVHeGhibTh4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyZFdKbGNtNWwKZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFsWGR5bHArVwpaVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMbHRGUVdQL2ZJYVdTcllhWEVzNVhiT09XCmVXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWtXd0hkalJYU3dFWEVvWnNuQlZJcVpnUE4KVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWjhDYkhkS0RPMTV2bnc4aXlCVzdIRVM3NQpoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2MFdQcnpoVGQ5M0tBVUJyUEJMNE4yeXdwCldEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3NvSVgrV1FERTV2c213OEhnYkJ1QXBCcm0KVCsrdHMvSFVEM0NMQVFJREFRQUJvMkl3WURBbkJnTlZIU01FSURBZW9SbWtGekFWTVJNd0VRWURWUVFERXdwcgpkV0psY201bGRHVnpnZ0VBTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRREFnUXdNQjBHQTFVZEpRUVdNQlFHCkNDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKVksrcDlpVHNHSm0KZFpRNGhMSE56d01WanZiMC9DaFNLK09FTU95dm02OFFieXI0RUdZRTRzSzY4ZzVzNE9nODNHMkR4M1Z0aHpMWQpUaUhKVkl0NG9YYS8rYzlYMzFqOHFZeTNiNng1Q3VzSUgvZ3JJL3lNT3k2U2hiaEJhNG9YVG9id256NVBlZWJjCm5KMm82aHp2Qno1ZXY5WmRKYkpWZEtScXB4K25jQ0ZmbUdSYzdRenFFV3dpMFFuaEVyVFRUdmhQYWd1cjRJd0IKYktQclpCYkRIZE1KNk5IN0YxUm13MDVvODE1WVZ1Nnp3WlVjZGEyajgwbGZ0Q3MxSjVxcnRINmg4N3ppRXllbwp1dlZiMWxqTjZmWmNiMFFtaGRZNjl6K29xVEZ2U2U5QldnQXdSM0lJMFdUQzI3cS9vYjV6a09KY1JkdWJ5dENRCjlCc0VmMllnSWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbFhkeWxwK1daVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMCmx0RlFXUC9mSWFXU3JZYVhFczVYYk9PV2VXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWsKV3dIZGpSWFN3RVhFb1pzbkJWSXFaZ1BOVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWgo4Q2JIZEtETzE1dm53OGl5Qlc3SEVTNzVoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2CjBXUHJ6aFRkOTNLQVVCclBCTDROMnl3cFdEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3MKb0lYK1dRREU1dnNtdzhIZ2JCdUFwQnJtVCsrdHMvSFVEM0NMQVFJREFRQUJBb0lCQURxRVMwNkJLR1o2RWVreApaQVZaQk1hamJqMmEwVmlsb1lmWUtCTnY2S040NlZnSHVBUlI2bjBOb0JRU09MekxKclpzSm5veEdDWnJZa2NCCllRSHRkTFh5b0dSUExwTzR3YVloVjcwNTd1YXJoV1pINHFobXNKQ2Q3S2J1S2ErRGlPRmlhOHNJemduL3NkZHcKdFVVSEFYQVdPY2xDa1NnQjBaSjNXZTdPcVBiMTlFelA0TW1qQWNGYithWUMvazVITEZxS3psMkFvc3YvUVRRTQpWcTI3NHhWLzRwZHNneE5kWjdiUWhrUG9BelhvOUIrdkFQQ2J1dmhpMzVxdnRGd1RSMUduSmFsUTBDV1ZzQkcwCktwbW8wMXZwYzVpU0wzNkF6QUd6bkIrS1plK3dPRllpaGVaQnI2RnM1TWs2b0pWSFpMeG1KYllHRVN1LzFUdG0KRyticjRna0NnWUVBeExLUGpXaUFQOTd3dk1GMm45L1FXaVMvM0FiYkRvM1NVK0kwdDFWUDhob1dCSEo2aDNQNQpHK3d6T1Y2Q2VUNHpmUFlaZjNFaEJaU2V6SExQV1ZLSFliOXFNQS95TUs4R2NwMXNBZms5U3hkKzdGT1VoUXlJCmFBY0pWelhoRGtkM3kwY1EwZHV0MC8vakNueEV2ZzlYa3doK2NxUGJ4ZmlyTkkxaHJCbWtrMU1DZ1lFQXdvZUcKNHRnY09xS3BQRzVDYzVsSTFhZlNES2s4M2ZmTkxwMHcyT1BjWWI4YlZSREZabTNhVlk4S1Q5emtudmJaa2JaeApNV00xUEFkbGJSMXdJeTV0eHplNzFuSWt2cXNhZVkxcEE3TzBKY1VPc1FBR1VNc3RaSjdjWTlnT3ZtMTZLcU1QCi94UXdVNm5UK1NJdXh6WXBXV3lHUStXclJQV3kwRDJ5Z1ZqcUVkc0NnWUVBdlZVUFB0TkhGN1BWMENyOHJ6azEKaVg5ME9pdFRNamdySzFsQzJ2SEFpVTY0d01FYzFrTTRscnNPTjN1VVpYWU5BNHl6MEdzcG1RQ010a2tRODI2dwpKOU9qTis0eGR0RVNpTUtrMDJXQXJVWkpndHVVeTFqYitCNUZ6Rzl0V1Z4TG9CeWd3UkFPeTFDMHowUDh1MkZ6CkwzRnVuWlRDR0ZhYkhYTzFmMzRUWDBjQ2dZQk9xczRTbUlDNSthUGs2MVgyTjZ2cnMwVlBsM1VrOHB4SVdJc3oKZXRwWnNSWVZqWVcyeVgvOUQ2NkU0M2lWREpDcHk1VDArd0RCT09COGd1WWhaQnBDOFRnR0hmemNHb2ZIVmpkOApwc1NZYlp0bVd2TXk0eWVGUkhVdDcyYnUvWWpsQ3pKaDNrRTQ1RG56eXk0Tm84cU8va05CMi9RcUhBNW5CanhVCjhLY2Y5d0tCZ1FDQ1RQbnBYMTlxQXFMRGtSYkVKMWZXM2Z2NysxamN5QVA4VEpTV3ZmWWQzdklEVk1pcVZkcG4KUjRXMFhVa0ZBVVJYM1hDSTE5SVRNY2Zkd3hybHVrNWtHUERnM3Y1cTh6ZVJRdHRnL0IvNkNoZGt2akxzRnRHdApINEVsOGhxeU4zM09sdHJNWmdER0FlVkd4YUV5N0h5SFVZRmpKalRKdnE1azZJRmIrcVVTVnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
owner: root:root
|
||||
path: /etc/kubernetes/admin.conf
|
||||
permissions: "0640"
|
||||
- path: /tmp/generate-kubelet-flags.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
cat <<EOF>>/etc/default/kubelet
|
||||
KUBELET_EXTRA_ARGS="\
|
||||
--serialize-image-pulls=false"
|
||||
EOF
|
||||
- content: |
|
||||
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
encoding: base64
|
||||
owner: root:root
|
||||
path: /etc/kubernetes/pki/ca.crt
|
||||
permissions: "0640"
|
||||
- content: |
|
||||
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBelZGTGpES0NQZUpJRUIvMEVZRk1wbkpUV2x1QUtGM3Bqc2pNcGw1MkdNTHI3TGwwCkdKbWpsNHZPQ1FPeUhmejljSkxPbzRwN0trMUNuZklCZ3E5c2tmSHZ6cW9kVmpyemwzbGRQZG55eXRST3hQakoKbHl4Mm5kYklhM2ZqSy9mcjhBalg1SjQ5RDY0MGpOek9qY082RllZV0VIM3RYcWtYNFJEUjVSektjejJ5RjMrbgpSaEN4Zmk1OWVxRUlQbG14KzlPbDJTNzh5TFptNFZGWk5Bb3pHT096bkNCMEJtbVhxeTM5OTJkK25CUDJuOVUzCmllS3VEUXJYME5JZEFndTZSSnlnekNhd0RIYVIrVWN5RTZUejBxcUxRaUgrRGF6Z1JyaWhnTmpPUzF4dENDZlQKQWlPQ0IrKzZ6Zk5DVWJmdUtscnlwT3dwNTlPQjFIeUI4RUxrVXdJREFRQUJBb0lCQVFDU0lPNFlGa3JFS0swSgpiUFNWRU9XeEFXVjV4ZTNzelFwUjZYQmVhSlM5QXQ1UFdaN2JjMTRQbWgxR0pTODhVTGRBeS92dVFiMXZXaFd6CnZHNSt5TVFKQzV5V0JsVmk3Z281SU5QUUZiTEwwVmRPc1pNbzJTaURKajcyM2hqOVRqTEtZRURvSWdkcmhaMDUKTkY1K1gzT3RwZ1ZHTDVvbDZVdHBrRU1UUWU2RkhYampxU0d2VkRhRnFWS25yemtVZitHcks5dXVYckxqWXpMWgo4bHpEbWd0YXhyN1pobnp4eEZMVUwzMXg0MFkwbGdzSkdTNHAwMncxTFdzL2I2bjBQKzk4TkxvUW5nS2lZdmVUCkM5dlVHT0dWWkJqNnBPTEdocWEzeWZ0Q25hbm1IRkFWTWN2WTllWW9ockFFWXlQenJPRURVR2pHUWJOUldwb24KL093RFI2T0JBb0dCQVBYUVlPM0Nhdm9Tckw5UTNZRmcrblRRWjFEYnpGYmZ4WjhYYVhWNUpDWEkyOG9ObG8wVwo0bCtMSnFHOTcxR2YwVElKeEpUcXRNU3NxSHNpdFZPOEthVHIyQ29XZWoybHZWWGhId3FSd3lhSkM1UllPR2VPCmxHY1MvM0xPejZyeE03bnJpakxUdHFKRDNjMUl1RTNwOERwNjFoTUlBYVI4WFlPNDVUNXMvWGd4QW9HQkFOWFQKVTNpNkZPYWh0ZjJQTTJBMHc0Sysyc2xVeW93VXhUQytBQmJrbUV4aGJiT3ViZ2VPbys1aFpNTjIzcGFnWWt1VgpSZ0lnQkE2Yk81RmRKMkhVRm5HcEdCMjVnOXZpd0k1ejhwZ0tsU3pGM21BT1dGWHBsWlJwT0dMbHpBbmpLS1RLCk1TQXRYS2UveU5IUjltUmFWd2hiK21QajVuTjlLcmQ0Rmd1WWx3ZkRBb0dBS1FwM2hIclhYWlZNbmt5a0R2dmcKRlN6T2N5T2ZoRW1zTnhtems5ZDcvNHIvbDBhWmdrajExcm5tNDA1UTdMSGdQWmgvNTlVZ0JVNUdldmlhaWJaNgp4WHhUQlFQbnVPODVJMk9JeVR6NDlqQWZiTThsNjdSVWRya25TVVhhU2xJbkxyMXl2M1cxb25YdVRGMzkxNVJkCmRZWVl3K2lzVFlndUhOWDhBR1kyRTZFQ2dZRUFveDdRTXUxaVBIOXBJc0kzNDFEZFJjVHJpMlBRRVFWWFdWUFoKSlozR1FaNmgzYzFYeXhRYUl5VFJoZndNMnNRSHVMbHI2dnNablRyM09uSGlOVk5pdTlyUHR2MXJoamQ1eGpMVwpBdjh2eGpRODdQS0VtU1hWSXA4U2tQL1ZwRVZUSUVQUExranN3bHdnaTFDdHN1am9ORXhXdkJXRUhONkQwK3NjCmhrUW1FNWtDZ1lFQWx6QzB5clVOSTBQMHdKQUw0S0JoM21oNDZST2V3TzIyb1FhZ0c4c1N5SjVpT0NIT1VaZDcKVnhPbmRZMVdKM2M5ZktXWmVQVXkvZEhCTUtjY2wvZXJmbkk0aHZ2bnhvejNob0Z2SDdnMHJGVU5vYVZzdlhpaQpPY2NCUURVMzNDdW5WVjRmeGNyNS8xV1NwUzZoT2ZIZDJ1NFZjNnpwQ2dTOXQ3VmFzZ1JweGJjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
encoding: base64
|
||||
owner: root:root
|
||||
path: /etc/kubernetes/pki/ca.key
|
||||
permissions: "0600"
|
||||
- content: |
|
||||
kubernetes:
|
||||
# TODO(alanmeadows) just hard coded for now
|
||||
version: 1.18.3
|
||||
container_runtime:
|
||||
type: docker
|
||||
package_repos:
|
||||
- name: docker-ce-artf
|
||||
url: https://download.docker.com/linux/ubuntu
|
||||
gpgKey: https://download.docker.com/linux/ubuntu/gpg
|
||||
channel: stable
|
||||
tags:
|
||||
- debian
|
||||
- name: kubernetes-artf
|
||||
url: https://apt.kubernetes.io/
|
||||
gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
||||
channel: main
|
||||
versionCodeName: kubernetes-xenial
|
||||
tags:
|
||||
- debian-like
|
||||
- name: docker-ce-artf
|
||||
url: https://download.docker.com/linux/ubuntu
|
||||
gpgKey: https://download.docker.com/linux/ubuntu/gpg
|
||||
channel: stable
|
||||
tags:
|
||||
- ubuntu
|
||||
owner: root:root
|
||||
path: /tmp/konfigadm.yml
|
||||
permissions: "0640"
|
||||
- content: |
|
||||
---
|
||||
apiServer:
|
||||
certSANs:
|
||||
# TODO(alanmeadows) these are the IPs for mtn57r08c004
|
||||
# on both the pxe and calico interfaces and ultimately
|
||||
# should be derived from the ephemeral node
|
||||
- 172.63.0.12
|
||||
- 172.64.0.12
|
||||
#imageRepository: docker.io
|
||||
apiVersion: kubeadm.k8s.io/v1beta2
|
||||
controllerManager: {}
|
||||
dns:
|
||||
type: ""
|
||||
etcd: {}
|
||||
kind: ClusterConfiguration
|
||||
networking:
|
||||
# TODO(alanmeadows): this is the appropriate pod CIDR for RDM9
|
||||
# but should ultimately come from some central definition
|
||||
podSubnet: 172.26.0.0/15
|
||||
scheduler: {}
|
||||
---
|
||||
apiVersion: kubeadm.k8s.io/v1beta2
|
||||
kind: InitConfiguration
|
||||
localAPIEndpoint: {}
|
||||
nodeRegistration:
|
||||
ignorePreflightErrors:
|
||||
- NumCPU
|
||||
- SystemVerification
|
||||
taints: []
|
||||
owner: root:root
|
||||
path: /tmp/kubeadm.yaml
|
||||
permissions: "0640"
|
||||
bootcmd:
|
||||
# TODO(alanmeadows): This just blows away /dev/sda and uses it for ironic image storage
|
||||
# this needs to also account for storage of container images and dynamically find the device
|
||||
# so the same code can be used to discover /dev/sda as /dev/vda and bind mounting is nasty
|
||||
- /sbin/mkfs.ext4 -F /dev/sda
|
||||
- mkdir /mnt/sda
|
||||
- mount /dev/sda /mnt/sda
|
||||
- mkdir -p /opt/metal3-dev-env/ironic/html/images
|
||||
- mkdir -p /mnt/sda/opt/metal3-dev-env/ironic/html/images
|
||||
- mount --bind /mnt/sda/opt/metal3-dev-env/ironic/html/images /opt/metal3-dev-env/ironic/html/images
|
||||
- mkdir -p /var/lib/docker /mnt/sda/var/lib/docker
|
||||
- mount --bind /mnt/sda/var/lib/docker /var/lib/docker
|
||||
- mkdir -p /var/lib/docker-engine /mnt/sda/var/lib/docker-engine
|
||||
- mount --bind /mnt/sda/var/lib/docker-engine /var/lib/docker-engine
|
|
@ -0,0 +1,4 @@
|
|||
# Catalogue Definitions for Ephemeral Cluster
|
||||
|
||||
This inherits Site-level catalogues from the neighboring target cluster's
|
||||
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.
|
|
@ -0,0 +1,3 @@
|
|||
resources:
|
||||
- smp.yaml
|
||||
- ../../../target/generator/results/cleanup/
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../target/catalogues
|
||||
patchesStrategicMerge:
|
||||
- networking.yaml
|
||||
- versions-airshipctl.yaml
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.230" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.11"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# Override default controlplane image location
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
#<tbd><tbd>
|
||||
files:
|
||||
k8scontrol:
|
||||
# Host the image in a locally served location for CI
|
||||
cluster_controlplane_image:
|
||||
url: http://172.63.0.12:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'
|
|
@ -0,0 +1,10 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- stl3r01s01
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues/
|
||||
- host-generation.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- networking.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
|
||||
- ../../catalogues/cleanup
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
#<tbd><tbd>
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.230" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.11"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
|
||||
# otherwise nodes will hang in 'registering' state for quite a long time
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol
|
||||
- ../../target/catalogues # NOTE: use target networking for this phase
|
||||
- nodes
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
|
||||
patchesStrategicMerge:
|
||||
- versions-catalogues-patch.yaml
|
||||
- patch_controlplane.yaml
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- ../hostgenerator
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/k8s-role: controlplane-host
|
|
@ -0,0 +1,178 @@
|
|||
kind: KubeadmControlPlane
|
||||
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
|
||||
metadata:
|
||||
name: cluster-controlplane
|
||||
spec:
|
||||
replicas: 1
|
||||
version: v1.18.6
|
||||
infrastructureTemplate:
|
||||
kind: Metal3MachineTemplate
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
name: cluster-controlplane
|
||||
kubeadmConfigSpec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.local_hostname }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
initConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.local_hostname }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
|
||||
taints: []
|
||||
clusterConfiguration:
|
||||
imageRepository: "k8s.gcr.io"
|
||||
controllerManager:
|
||||
extraArgs:
|
||||
enable-hostpath-provisioner: "true"
|
||||
apiServer:
|
||||
extraArgs:
|
||||
service-node-port-range: 80-32767
|
||||
networking:
|
||||
dnsDomain: cluster.local
|
||||
podSubnet: 172.16.0.0/16
|
||||
serviceSubnet: 10.96.0.0/16
|
||||
kubeProxyConfiguration:
|
||||
mode: "ipvs"
|
||||
clusterCidr: 172.16.0.0/16
|
||||
preKubeadmCommands:
|
||||
- echo 'root:r00tme' | chpasswd
|
||||
- echo 'ubuntu:r00tme' | chpasswd
|
||||
- |
|
||||
cat <<EOF | tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- swapoff -a
|
||||
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
|
||||
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
|
||||
- /tmp/generate-kubelet-extra-args.sh
|
||||
- modprobe ip_vs
|
||||
- modprobe ip_vs_rr
|
||||
- modprobe ip_vs_wrr
|
||||
- modprobe ip_vs_sh
|
||||
- modprobe nf_conntrack_ipv4
|
||||
- apt-get update && apt-get install -y bridge-utils keepalived ipset ipvsadm
|
||||
- systemctl enable --now keepalived
|
||||
- /tmp/generate-kube-proxy.sh
|
||||
- /tmp/local-storage-setup.sh
|
||||
- /tmp/sysctl.sh
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
||||
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
|
||||
- apt update
|
||||
- apt install -y
|
||||
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
containerd.io
|
||||
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
|
||||
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
|
||||
files:
|
||||
- path: /tmp/generate-kube-proxy.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
for i in $(ls /tmp | grep kubeadm); do
|
||||
cat <<EOF>> /tmp/$i
|
||||
---
|
||||
kind: KubeProxyConfiguration
|
||||
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
||||
mode: ipvs
|
||||
clusterCidr: 172.16.0.0/16
|
||||
EOF
|
||||
done
|
||||
- path: /tmp/local-storage-setup.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
set -x
|
||||
DISK=/dev/sdb
|
||||
PARTITION=${DISK}1
|
||||
MOUNTPOINT=/local-storage/sdb1
|
||||
udevadm settle
|
||||
mkdir -p $MOUNTPOINT
|
||||
if mount | grep $MOUNTPOINT; then
|
||||
echo "disk is already mounted"
|
||||
exit 0
|
||||
fi
|
||||
if ! grep "${PARTITION}" /etc/fstab; then
|
||||
echo "$PARTITION $MOUNTPOINT auto defaults,nofail 0 2" >>/etc/fstab
|
||||
fi
|
||||
if ! ls $PARTITION; then
|
||||
/sbin/sgdisk --new 1 $DISK
|
||||
fi
|
||||
/sbin/mkfs.ext4 $PARTITION -L local-storage -F -E lazy_itable_init=1,lazy_journal_init=1
|
||||
mount $MOUNTPOINT
|
||||
/bin/chown -R etcd:etcd $MOUNTPOINT
|
||||
exit 0
|
||||
- path: /tmp/generate-kubelet-extra-args.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
function get_ip_address_from_interface {
|
||||
local interface=$1
|
||||
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
|
||||
if [ -z "${ip}" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
echo ${ip}
|
||||
}
|
||||
ip=$(get_ip_address_from_interface bond0.54)
|
||||
cat <<EOF>/etc/default/kubelet
|
||||
KUBELET_EXTRA_ARGS="--node-ip=$ip \
|
||||
--feature-gates=CPUManager=true \
|
||||
--cpu-manager-policy=static \
|
||||
--reserved-cpus=0-3 \
|
||||
--cpu-manager-reconcile-period=10s \
|
||||
--feature-gates=TopologyManager=true \
|
||||
--topology-manager-policy=restricted"
|
||||
EOF
|
||||
- path: /etc/keepalived/keepalived.conf
|
||||
content: |
|
||||
! Configuration File for keepalived
|
||||
global_defs {
|
||||
}
|
||||
vrrp_instance KUBERNETES {
|
||||
state BACKUP
|
||||
interface bond0.51
|
||||
virtual_router_id 200
|
||||
priority 101
|
||||
advert_int 1
|
||||
virtual_ipaddress {
|
||||
10.254.125.240
|
||||
}
|
||||
}
|
||||
vrrp_instance INGRESS {
|
||||
state BACKUP
|
||||
interface bond0.51
|
||||
virtual_router_id 199
|
||||
priority 101
|
||||
advert_int 1
|
||||
virtual_ipaddress {
|
||||
10.254.125.239
|
||||
}
|
||||
}
|
||||
- path: "/tmp/sysctl.sh"
|
||||
owner: root:root
|
||||
permissions: '0700'
|
||||
content: |
|
||||
#!/bin/bash -x
|
||||
cat <<EOF>/etc/sysctl.d/99-airship.conf
|
||||
net.ipv4.conf.all.rp_filter=2
|
||||
EOF
|
||||
sysctl -p /etc/sysctl.d/99-airship.conf
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# Patch the versions catalogue to use the site-specific local image URL
|
||||
# TODO: patch this in from a site-networking catalogue in the future
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
files:
|
||||
k8scontrol:
|
||||
cluster_controlplane_image:
|
||||
url: http://172.63.0.12:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'
|
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- ../../../../../../airshipctl/manifests/composite/infra/
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
|
@ -0,0 +1,47 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/path: metal3/configmap_ironic-entrypoints.yaml
|
||||
labels:
|
||||
airshipit.org/stage: initinfra
|
||||
name: ironic-entrypoints
|
||||
namespace: metal3
|
||||
data:
|
||||
init-bootstrap: |
|
||||
#!/usr/bin/env bash
|
||||
set -xe
|
||||
#Configure vars for rendering
|
||||
pushd /ironic-vars
|
||||
rm -f /shared/sed_commands
|
||||
for var_name in $( ls ) ; do
|
||||
echo -n s!\$\($var_name\)! >> /shared/sed_commands
|
||||
cat $var_name >> /shared/sed_commands
|
||||
echo !g >> /shared/sed_commands
|
||||
export $var_name=$(cat $var_name)
|
||||
done
|
||||
popd
|
||||
while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do
|
||||
echo 'Waiting for provisioning ip'
|
||||
sleep 5;
|
||||
done
|
||||
mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/}
|
||||
# Remove log files from last deployment
|
||||
rm -rf /shared/log/httpd/*
|
||||
rm -rf /shared/log/ironic/*
|
||||
rm -rf /shared/log/ironic-inspector/*
|
||||
# Rendering files to shared mount
|
||||
pushd /cfg
|
||||
for f in $( ls ); do
|
||||
sed -f /shared/sed_commands $f > /shared/$f
|
||||
done
|
||||
popd
|
||||
pushd /shared/html/images
|
||||
STATUSCODE=$(curl --silent --insecure --location -O --write-out "%{http_code}" ${QCOW_IMAGE})
|
||||
if test $STATUSCODE -ne 200; then
|
||||
echo "Failed to load ${ARTS[${art}]}"
|
||||
exit 1
|
||||
fi
|
||||
popd
|
||||
chmod -R 0777 /shared/html
|
||||
touch /shared/init_finished
|
|
@ -0,0 +1,15 @@
|
|||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/baremetal-operator
|
||||
- ../../../../../../airshipctl/manifests/function/hwcc
|
||||
- ../../../../../../airshipctl/manifests/function/clusterctl
|
||||
- ../catalogues
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/baremetal-operator/replacements
|
||||
patchesStrategicMerge:
|
||||
- patch_bmo_config.yaml
|
||||
- ironic_entry.yaml
|
||||
- networking.yaml
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.231" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.12"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ironic-vars
|
||||
data:
|
||||
AUTOMATED_CLEAN: "false"
|
||||
IRONIC_AUTOMATED_CLEAN: "false"
|
||||
DHCP_RANGE: 172.63.0.31,172.63.0.126
|
||||
HTTP_PORT: "6180"
|
||||
DEPLOY_KERNEL_PATH: images/ipa-ubuntu-master.kernel
|
||||
DEPLOY_RAMDISK_PATH: images/ipa-ubuntu-master.initramfs
|
||||
DEPLOY_KERNEL_URL: http://172.63.0.12:80/images/ipa-ubuntu-master.kernel
|
||||
DEPLOY_RAMDISK_URL: http://172.63.0.12:80/images/ipa-ubuntu-master.initramfs
|
||||
IRONIC_ENDPOINT: http://172.63.0.12:6385/v1/
|
||||
IRONIC_FAST_TRACK: "false"
|
||||
IRONIC_INSPECTOR_ENDPOINT: http://172.63.0.12:5050/v1/
|
||||
PROVISIONING_IP: 172.63.0.12
|
||||
PROVISIONING_INTERFACE: eno4
|
||||
#QCOW_IMAGE: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
|
||||
QCOW_IMAGE: "http://cloud-images-archive.ubuntu.com/releases/bionic/release-20190722.1/ubuntu-18.04-server-cloudimg-amd64.img"
|
|
@ -0,0 +1,20 @@
|
|||
# This patches the node02 BMH to be suitable for ephemeral purposes
|
||||
apiVersion: metal3.io/v1alpha1
|
||||
kind: BareMetalHost
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
airshipit.org/ephemeral-node: "true"
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
name: stl3r01s02
|
||||
spec:
|
||||
online: true
|
||||
bmc:
|
||||
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
|
||||
status:
|
||||
provisioning:
|
||||
# we need this status to make sure, that the host is not going to be
|
||||
# reprovisioned by the ephemeral baremetal operator.
|
||||
# when we have more flexible labeling system in place, we will not
|
||||
# deliver this document to ephemeral cluster
|
||||
state: externally provisioned
|
|
@ -0,0 +1,14 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
# Note: this list should be kept up to date with
|
||||
# the full list of hosts in the cluster
|
||||
- stl3r01s01
|
||||
- stl3r01s02
|
||||
- stl3r01s03
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../target/catalogues
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
|
||||
- ../../target/catalogues/cleanup
|
|
@ -0,0 +1,41 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: password-secret
|
||||
$patch: delete
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- hostgenerator
|
||||
|
||||
patchesStrategicMerge:
|
||||
- ephemeral-patch.yaml
|
|
@ -0,0 +1,38 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubeConfig
|
||||
metadata:
|
||||
name: default
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
config:
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
|
||||
server: https://10.254.125.230:6443
|
||||
name: target-cluster
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
server: https://10.254.125.231:6443
|
||||
name: ephemeral-cluster
|
||||
contexts:
|
||||
- context:
|
||||
cluster: target-cluster
|
||||
user: target-cluster-admin
|
||||
name: target-cluster
|
||||
- context:
|
||||
cluster: ephemeral-cluster
|
||||
user: ephemeral-cluster-admin
|
||||
name: ephemeral-cluster
|
||||
current-context: ""
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: ephemeral-cluster-admin
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
|
||||
- name: target-cluster-admin
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
|
|
@ -0,0 +1,7 @@
|
|||
resources:
|
||||
- kubeconfig.yaml
|
||||
- ../target/catalogues
|
||||
|
||||
transformers:
|
||||
- update-target.yaml
|
||||
- ../target/catalogues/cleanup
|
|
@ -0,0 +1,70 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: k8scontrol-cluster-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.targetKubeconfig.certificate-authority-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.targetKubeconfig.client-certificate-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.targetKubeconfig.client-key-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.ephemeralKubeconfig.client-key-data}"
|
||||
target:
|
||||
objref:
|
||||
kind: KubeConfig
|
||||
name: default
|
||||
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
phase:
|
||||
path: manifests/site/stl3-site/phases
|
||||
docEntryPointPrefix:
|
||||
inventory:
|
||||
path: manifests/site/stl3-site/host-inventory
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- ../kubeconfig
|
||||
- ../../../../../airshipctl/manifests/phases
|
||||
patchesStrategicMerge:
|
||||
- patch-entrypoints.yaml
|
||||
|
|
@ -0,0 +1,92 @@
|
|||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: bootstrap-iso
|
||||
config:
|
||||
executorRef:
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: IsoConfiguration
|
||||
name: isogen
|
||||
documentEntryPoint: manifests/site/stl3-site/ephemeral/bootstrap
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: BaremetalManager
|
||||
metadata:
|
||||
name: RemoteDirectEphemeral
|
||||
spec:
|
||||
hostSelector:
|
||||
name: stl3r01s02
|
||||
operationOptions:
|
||||
remoteDirect:
|
||||
isoURL: http://10.254.195.209/ephemeral.iso
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: initinfra-ephemeral
|
||||
clusterName: ephemeral-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/ephemeral/initinfra
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: initinfra-networking-ephemeral
|
||||
clusterName: ephemeral-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/ephemeral/initinfra-networking
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: controlplane-ephemeral
|
||||
clusterName: ephemeral-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/ephemeral/controlplane
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: initinfra-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/target/initinfra
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: initinfra-networking-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/target/initinfra-networking
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: controlplane-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
cluster: target-cluster
|
||||
executorRef:
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubernetesApply
|
||||
name: kubernetes-apply
|
||||
documentEntryPoint: manifests/site/stl3-site/target/controlplane
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: workers-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/target/workers
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: workload-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
documentEntryPoint: manifests/site/stl3-site/target/workload
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Catalogue Definitions for Target Cluster
|
||||
|
||||
This inherits Type-level catalogues, and adds in Site-specific values.
|
||||
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
|
||||
customizations on top of this for ephemeral use.
|
|
@ -0,0 +1,4 @@
|
|||
resources:
|
||||
- smp.yaml
|
||||
- ../../generator/results/cleanup/
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,93 @@
|
|||
# Site-level host catalogue. This info feeds the Templater
|
||||
# kustomize plugin config in the hostgenerator-m3 function.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
hosts:
|
||||
m3:
|
||||
stl3r01s01:
|
||||
bootMode: legacy
|
||||
macAddress: E4:43:4B:EE:F4:CB
|
||||
bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.230
|
||||
pxe-ipv4: 172.63.0.11
|
||||
storage-ipv4: 172.62.0.11
|
||||
calico-ipv4: 172.64.0.11
|
||||
hardwareProfile: default # defined in the hostgenerator-m3 function
|
||||
stl3r01s02:
|
||||
bootMode: legacy
|
||||
macAddress: E4:43:4B:EE:B0:43
|
||||
bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.231
|
||||
pxe-ipv4: 172.63.0.12
|
||||
storage-ipv4: 172.62.0.12
|
||||
calico-ipv4: 172.64.0.12
|
||||
hardwareProfile: example # defined in the hardwareprofile-example function
|
||||
stl3r01s03:
|
||||
bootMode: legacy
|
||||
#macAddress: E4:43:4B:EE:D7:B8
|
||||
macAddress: E4:43:4B:EE:D7:D9
|
||||
bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.232
|
||||
pxe-ipv4: 172.63.0.13
|
||||
storage-ipv4: 172.62.0.13
|
||||
calico-ipv4: 172.64.0.13
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||
stl3r01s04:
|
||||
bootMode: legacy
|
||||
#macAddress: E4:43:4B:EE:D7:B8
|
||||
macAddress: E4:43:4B:EE:DD:0F
|
||||
bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.233
|
||||
pxe-ipv4: 172.63.0.14
|
||||
storage-ipv4: 172.62.0.14
|
||||
calico-ipv4: 172.64.0.14
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||
stl3r01s05:
|
||||
bootMode: legacy
|
||||
#macAddress: E4:43:4B:EE:D7:B8
|
||||
macAddress: E4:43:4B:EE:D7:2F
|
||||
bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.234
|
||||
pxe-ipv4: 172.63.0.15
|
||||
storage-ipv4: 172.62.0.15
|
||||
calico-ipv4: 172.64.0.15
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||
stl3r01s06:
|
||||
bootMode: legacy
|
||||
#macAddress: E4:43:4B:EE:D7:B8
|
||||
macAddress: E4:43:4B:EE:F3:B7
|
||||
bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1
|
||||
bmcUsername: root
|
||||
bmcPassword: WWTwwt1!
|
||||
disableCertificateVerification: true
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.254.125.235
|
||||
pxe-ipv4: 172.63.0.16
|
||||
storage-ipv4: 172.62.0.16
|
||||
calico-ipv4: 172.64.0.16
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/type/gating/shared/catalogues
|
||||
- hosts.yaml
|
||||
- ../generator/results
|
||||
|
||||
patchesStrategicMerge:
|
||||
- versions-airshipctl.yaml
|
||||
- networking.yaml
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
#<tbd><tbd>
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.230" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.11"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
# Override default controlplane image location
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
files:
|
||||
k8scontrol:
|
||||
cluster_controlplane_image:
|
||||
url: http://172.63.0.11/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'
|
|
@ -0,0 +1,13 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- stl3r01s01
|
||||
#- stl3r01s02
|
||||
- stl3r01s03
|
||||
- stl3r01s04
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
|
||||
- ../../catalogues
|
||||
- host-generation.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- networking.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
|
||||
- ../../catalogues/cleanup
|
||||
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/cleanup
|
|
@ -0,0 +1,111 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
#<tbd><tbd>
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
serviceCidr: "10.96.0.0/12"
|
||||
podCidr: "192.168.0.0/18"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.254.125.230" # ephemeral will be different
|
||||
port: 6443
|
||||
# NOTE: This stringing is required to do substring replacement.
|
||||
# Ideally, improve this in the future.
|
||||
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
|
||||
|
||||
ironic:
|
||||
provisioningInterface: "eno4"
|
||||
provisioningIp: "172.63.0.11"
|
||||
dhcpRange: "172.63.0.31,172.63.0.126"
|
||||
|
||||
# This section is only relevant when using Metal3 BareMetalHosts, and
|
||||
# is consumed by the `hostgenerator-m3` function.
|
||||
# It defines host-level networking that is common across all BMHs in a site,
|
||||
# and will typically be fully overridden at the Type and Site level.
|
||||
commonHostNetworking:
|
||||
links:
|
||||
- id: eno4
|
||||
name: eno4
|
||||
type: phy
|
||||
mtu: "1500"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp94s0f1
|
||||
name: enp94s0f1
|
||||
type: phy
|
||||
mtu: "9100"
|
||||
# ethernet_mac_address: <from host-catalogue> (optional)
|
||||
- id: enp135s0f0
|
||||
name: enp135s0f0
|
||||
type: phy
|
||||
mtu: 9100
|
||||
- id: bond0
|
||||
name: bond0
|
||||
type: bond
|
||||
bond_links: ["enp94s0f1", "enp135s0f0"]
|
||||
bond_mode: 802.3ad
|
||||
bond_xmit_hash_policy: layer3+4
|
||||
bond_miimon: 100
|
||||
mtu: 9100
|
||||
- id: bond0.61
|
||||
name: bond0.61
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 61
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.62
|
||||
name: bond0.62
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 62
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.64
|
||||
name: bond0.64
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 64
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
- id: bond0.65
|
||||
name: bond0.65
|
||||
type: vlan
|
||||
vlan_link: bond0
|
||||
vlan_id: 65
|
||||
mtu: 9100
|
||||
vlan_mac_address: null
|
||||
networks:
|
||||
- id: oam-ipv4
|
||||
type: ipv4
|
||||
link: bond0.61
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.224
|
||||
routes:
|
||||
- network: 0.0.0.0
|
||||
netmask: 0.0.0.0
|
||||
gateway: 10.254.125.225
|
||||
- id: pxe-ipv4
|
||||
type: ipv4
|
||||
link: eno4
|
||||
# ip_address: <from host-catalogue>
|
||||
netmask: 255.255.255.128
|
||||
- id: storage-ipv4
|
||||
type: ipv4
|
||||
link: bond0.62
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
- id: calico-ipv4
|
||||
type: ipv4
|
||||
link: bond0.64
|
||||
# ip_address:
|
||||
netmask: 255.255.255.128
|
||||
services:
|
||||
- address: 8.8.8.8
|
||||
type: dns
|
||||
- address: 8.8.4.4
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: hardwareprofile-example
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- nodes
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol
|
||||
- ../catalogues
|
||||
- metal3machinetemplate.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- versions-catalogue-patch.yaml
|
||||
- patch_controlplane.yaml
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml
|
||||
name: cluster-controlplane-2
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
hostSelector:
|
||||
matchLabels:
|
||||
airshipit.org/k8s-role: controlplane-host
|
||||
image:
|
||||
checksum: e0d74d3d37e70e4eec1b204f8402ed3c
|
||||
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- ../hostgenerator
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/k8s-role: controlplane-host
|
|
@ -0,0 +1,178 @@
|
|||
kind: KubeadmControlPlane
|
||||
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
|
||||
metadata:
|
||||
name: cluster-controlplane
|
||||
spec:
|
||||
replicas: 3
|
||||
version: v1.18.6
|
||||
infrastructureTemplate:
|
||||
kind: Metal3MachineTemplate
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
name: cluster-controlplane-2
|
||||
kubeadmConfigSpec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.local_hostname }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
initConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.local_hostname }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
|
||||
taints: []
|
||||
clusterConfiguration:
|
||||
imageRepository: "k8s.gcr.io"
|
||||
controllerManager:
|
||||
extraArgs:
|
||||
enable-hostpath-provisioner: "true"
|
||||
apiServer:
|
||||
extraArgs:
|
||||
service-node-port-range: 80-32767
|
||||
networking:
|
||||
dnsDomain: cluster.local
|
||||
podSubnet: 172.16.0.0/16
|
||||
serviceSubnet: 10.96.0.0/16
|
||||
kubeProxyConfiguration:
|
||||
mode: "ipvs"
|
||||
clusterCidr: 172.16.0.0/16
|
||||
preKubeadmCommands:
|
||||
- echo 'root:r00tme' | chpasswd
|
||||
- echo 'ubuntu:r00tme' | chpasswd
|
||||
- |
|
||||
cat <<EOF | tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- swapoff -a
|
||||
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
|
||||
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
|
||||
- /tmp/generate-kubelet-extra-args.sh
|
||||
- modprobe ip_vs
|
||||
- modprobe ip_vs_rr
|
||||
- modprobe ip_vs_wrr
|
||||
- modprobe ip_vs_sh
|
||||
- modprobe nf_conntrack_ipv4
|
||||
- apt-get update && apt-get install -y bridge-utils keepalived ipset ipvsadm
|
||||
- systemctl enable --now keepalived
|
||||
- /tmp/generate-kube-proxy.sh
|
||||
- /tmp/local-storage-setup.sh
|
||||
- /tmp/sysctl.sh
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
||||
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
|
||||
- apt update
|
||||
- apt install -y
|
||||
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
|
||||
containerd.io
|
||||
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
|
||||
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
|
||||
files:
|
||||
- path: /tmp/generate-kube-proxy.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
|
||||
for i in $(ls /tmp | grep kubeadm); do
|
||||
cat <<EOF>> /tmp/$i
|
||||
---
|
||||
kind: KubeProxyConfiguration
|
||||
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
||||
mode: ipvs
|
||||
clusterCidr: 172.16.0.0/16
|
||||
EOF
|
||||
done
|
||||
- path: /tmp/local-storage-setup.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
set -x
|
||||
DISK=/dev/sdb
|
||||
PARTITION=${DISK}1
|
||||
MOUNTPOINT=/local-storage/sdb1
|
||||
udevadm settle
|
||||
mkdir -p $MOUNTPOINT
|
||||
if mount | grep $MOUNTPOINT; then
|
||||
echo "disk is already mounted"
|
||||
exit 0
|
||||
fi
|
||||
if ! grep "${PARTITION}" /etc/fstab; then
|
||||
echo "$PARTITION $MOUNTPOINT auto defaults,nofail 0 2" >>/etc/fstab
|
||||
fi
|
||||
if ! ls $PARTITION; then
|
||||
/sbin/sgdisk --new 1 $DISK
|
||||
fi
|
||||
/sbin/mkfs.ext4 $PARTITION -L local-storage -F -E lazy_itable_init=1,lazy_journal_init=1
|
||||
mount $MOUNTPOINT
|
||||
/bin/chown -R etcd:etcd $MOUNTPOINT
|
||||
exit 0
|
||||
- path: /tmp/generate-kubelet-extra-args.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
function get_ip_address_from_interface {
|
||||
local interface=$1
|
||||
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
|
||||
if [ -z "${ip}" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
echo ${ip}
|
||||
}
|
||||
ip=$(get_ip_address_from_interface bond0.64)
|
||||
cat <<EOF>/etc/default/kubelet
|
||||
KUBELET_EXTRA_ARGS="--node-ip=$ip \
|
||||
--feature-gates=CPUManager=true \
|
||||
--cpu-manager-policy=static \
|
||||
--reserved-cpus=0-3 \
|
||||
--cpu-manager-reconcile-period=10s \
|
||||
--feature-gates=TopologyManager=true \
|
||||
--topology-manager-policy=restricted"
|
||||
EOF
|
||||
- path: /etc/keepalived/keepalived.conf
|
||||
content: |
|
||||
! Configuration File for keepalived
|
||||
global_defs {
|
||||
}
|
||||
vrrp_instance KUBERNETES {
|
||||
state BACKUP
|
||||
interface bond0.51
|
||||
virtual_router_id 200
|
||||
priority 101
|
||||
advert_int 1
|
||||
virtual_ipaddress {
|
||||
10.254.125.240
|
||||
}
|
||||
}
|
||||
vrrp_instance INGRESS {
|
||||
state BACKUP
|
||||
interface bond0.51
|
||||
virtual_router_id 199
|
||||
priority 101
|
||||
advert_int 1
|
||||
virtual_ipaddress {
|
||||
10.254.125.239
|
||||
}
|
||||
}
|
||||
- path: "/tmp/sysctl.sh"
|
||||
owner: root:root
|
||||
permissions: '0700'
|
||||
content: |
|
||||
#!/bin/bash -x
|
||||
cat <<EOF>/etc/sysctl.d/99-airship.conf
|
||||
net.ipv4.conf.all.rp_filter=2
|
||||
EOF
|
||||
sysctl -p /etc/sysctl.d/99-airship.conf
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
@ -0,0 +1,11 @@
|
|||
# Patch the versions catalogue to use the site-specific local image URL
|
||||
# TODO: patch this in from a site-networking catalogue in the future
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
files:
|
||||
k8scontrol:
|
||||
cluster_controlplane_image:
|
||||
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"
|
|
@ -0,0 +1,32 @@
|
|||
# Secrets generator/encrypter/decrypter
|
||||
|
||||
This directory contains an utility that helps generate, encrypt and decrypt
|
||||
secrects. These secrects can be used anywhere in manifests.
|
||||
|
||||
For example we can use PGP key from SOPS example.
|
||||
To get the key we need to run:
|
||||
`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
|
||||
|
||||
and import this key as environment variable:
|
||||
`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
|
||||
|
||||
## Generator
|
||||
|
||||
To generate secrets we use [template](secret-template.yaml) that will be passed
|
||||
to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate`
|
||||
execution.
|
||||
|
||||
## Encrypter
|
||||
|
||||
To encrypt the secrets that have been generated we use generic container executor.
|
||||
To start the secrets generate phase we need to execute following phase:
|
||||
`airshipctl phase run secret-generate`
|
||||
The executor run SOPS container and pass the pre-generated secrets to this container.
|
||||
This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated).
|
||||
|
||||
## Decrypter
|
||||
|
||||
To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml).
|
||||
It will run the decrypt sops function when we run
|
||||
`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
|
||||
manifests/site/test-site/target/catalogues/`
|
|
@ -0,0 +1,3 @@
|
|||
generators:
|
||||
- override
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/type/gating/target/generator/
|
|
@ -0,0 +1,3 @@
|
|||
resources:
|
||||
- override
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- ../../../../../../../../../airshipctl/manifests/type/gating/target/generator/cleanup/
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Templater
|
||||
metadata:
|
||||
name: secret-template
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
container:
|
||||
image: quay.io/airshipit/templater:latest
|
||||
envs:
|
||||
- TOLERATE_DECRYPTION_FAILURES
|
||||
template: |
|
||||
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: my-config2
|
||||
annotations:
|
||||
config.k8s.io/function: |
|
||||
container:
|
||||
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
|
||||
envs:
|
||||
- SOPS_IMPORT_PGP
|
||||
data:
|
||||
ignore-mac: true
|
||||
cmd: decrypt
|
||||
{{- if eq $tolerate "true" }}
|
||||
cmd-tolerate-failures: true
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
generators:
|
||||
- configurable-decryption.yaml
|
||||
|
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- generated/secrets.yaml
|
||||
transformers:
|
||||
- decrypt-secrets
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
resources:
|
||||
- ../../../../../../airshipctl/manifests/composite/infra/
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
||||
patchesStrategicMerge:
|
||||
- patch_calico.yaml
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: operator.tigera.io/v1
|
||||
kind: Installation
|
||||
metadata:
|
||||
name: default
|
||||
spec:
|
||||
#registry: docker-open-nc.zc1.cti.att.com
|
||||
calicoNetwork:
|
||||
nodeAddressAutodetectionV4:
|
||||
firstFound: false
|
||||
interface: "bond0.64"
|
|
@ -0,0 +1,19 @@
|
|||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/baremetal-operator
|
||||
- ../../../../../../airshipctl/manifests/function/hwcc
|
||||
- ../../../../../../airshipctl/manifests/function/clusterctl
|
||||
- ../../../../../../airshipctl/manifests/composite/flux-helm
|
||||
- ../catalogues
|
||||
- scripts
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
||||
patchesStrategicMerge:
|
||||
- patch_bmo_config.yaml
|
||||
- patch_ironic_entry.yaml
|
||||
- patch_ironic_image.yaml
|
||||
- patch_ironic.yaml
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/baremetal-operator/replacements
|
||||
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
|
||||
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ironic-vars
|
||||
data:
|
||||
AUTOMATED_CLEAN: "false"
|
||||
IRONIC_AUTOMATED_CLEAN: "false"
|
||||
DHCP_RANGE: 172.63.0.31,172.63.0.126
|
||||
HTTP_PORT: "6180"
|
||||
DEPLOY_KERNEL_PATH: images/ipa-ubuntu-master.kernel
|
||||
DEPLOY_RAMDISK_PATH: images/ipa-ubuntu-master.initramfs
|
||||
DEPLOY_KERNEL_URL: http://172.63.0.11:80/images/ipa-ubuntu-master.kernel
|
||||
DEPLOY_RAMDISK_URL: http://172.63.0.11:80/images/ipa-ubuntu-master.initramfs
|
||||
IRONIC_ENDPOINT: http://172.63.0.11:6385/v1/
|
||||
IRONIC_FAST_TRACK: "false"
|
||||
IRONIC_INSPECTOR_ENDPOINT: http://172.63.0.11:5050/v1/
|
||||
PROVISIONING_IP: 172.63.0.11
|
||||
PROVISIONING_INTERFACE: eno4
|
||||
#QCOW_IMAGE: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
|
||||
QCOW_IMAGE: "http://cloud-images-archive.ubuntu.com/releases/bionic/release-20190722.1/ubuntu-18.04-server-cloudimg-amd64.img"
|
||||
|
|
@ -0,0 +1,155 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ironic
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
name: ironic
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: ironic
|
||||
spec:
|
||||
hostNetwork: true
|
||||
volumes:
|
||||
- name: ironic-storage
|
||||
persistentVolumeClaim:
|
||||
claimName: ironic-pv-claim
|
||||
- name: ironic-config-files
|
||||
configMap:
|
||||
name: ironic-config-files
|
||||
defaultMode: 0644
|
||||
- name: ironic-entrypoints
|
||||
configMap:
|
||||
name: ironic-entrypoints
|
||||
defaultMode: 0700
|
||||
- name: ironic-vars
|
||||
configMap:
|
||||
name: ironic-vars
|
||||
defaultMode: 0644
|
||||
- name: ironic-scripts
|
||||
configMap:
|
||||
name: ironic-scripts
|
||||
defaultMode: 0700
|
||||
nodeSelector: {}
|
||||
initContainers:
|
||||
- name: init-provisioning-ip-up
|
||||
image: quay.io/metal3-io/ironic:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ['/vip-ipaddress']
|
||||
args: ["start"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: ironic-vars
|
||||
volumeMounts:
|
||||
- name: ironic-scripts
|
||||
mountPath: "/vip-ipaddress"
|
||||
subPath: vip-ipaddress
|
||||
securityContext:
|
||||
capabilities:
|
||||
add: ["NET_ADMIN", "SYS_TIME"]
|
||||
- name: init-bootstrap
|
||||
image: "centos"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ['/bin/init-bootstrap']
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: ironic-vars
|
||||
volumeMounts:
|
||||
- name: ironic-storage
|
||||
mountPath: "/shared"
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/init-bootstrap
|
||||
subPath: init-bootstrap
|
||||
- name: ironic-config-files
|
||||
mountPath: /cfg
|
||||
- name: ironic-vars
|
||||
mountPath: /ironic-vars
|
||||
- name: init-images
|
||||
image: quay.io/airshipit/ipa:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ['/bin/init-images']
|
||||
volumeMounts:
|
||||
- name: ironic-storage
|
||||
mountPath: "/shared"
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/init-images
|
||||
subPath: init-images
|
||||
- name: qcow-bundle
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- "cp /qcows/*.qcow2 /qcows/*.qcow2.md5sum /shared/html/images/"
|
||||
image: "quay.io/airshipit/qcow-bundle:latest-ubuntu_focal"
|
||||
imagePullPolicy: IfNotPresent
|
||||
volumeMounts:
|
||||
- mountPath: "/shared"
|
||||
name: ironic-storage
|
||||
containers:
|
||||
- name: dnsmasq
|
||||
image: "quay.io/metal3-io/ironic:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/bin/rundnsmasq"]
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: "/shared"
|
||||
name: ironic-storage
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/rundnsmasq
|
||||
subPath: dnsmasq-entrypoint
|
||||
- name: httpd
|
||||
image: "quay.io/metal3-io/ironic:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
capabilities:
|
||||
add: ["NET_ADMIN"]
|
||||
command: ["/bin/runhttpd"]
|
||||
volumeMounts:
|
||||
- mountPath: "/shared"
|
||||
name: ironic-storage
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/runhttpd
|
||||
subPath: httpd-entrypoint
|
||||
- name: ironic
|
||||
image: "quay.io/metal3-io/ironic:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/bin/runironic"]
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command:
|
||||
- /vip-ipaddress
|
||||
- stop
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: "/shared"
|
||||
name: ironic-storage
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/runironic
|
||||
subPath: ironic-entrypoint
|
||||
- name: ironic-scripts
|
||||
mountPath: /vip-ipaddress
|
||||
subPath: vip-ipaddress
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: ironic-vars
|
||||
- name: ironic-inspector
|
||||
image: "quay.io/metal3-io/ironic-inspector:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
command: ["/bin/runironic-inspector"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: ironic-vars
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: "/shared"
|
||||
name: ironic-storage
|
||||
- name: ironic-entrypoints
|
||||
mountPath: /bin/runironic-inspector
|
||||
subPath: inspector-entrypoint
|
|
@ -0,0 +1,47 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/path: metal3/configmap_ironic-entrypoints.yaml
|
||||
labels:
|
||||
airshipit.org/stage: initinfra
|
||||
name: ironic-entrypoints
|
||||
namespace: metal3
|
||||
data:
|
||||
init-bootstrap: |
|
||||
#!/usr/bin/env bash
|
||||
set -xe
|
||||
#Configure vars for rendering
|
||||
pushd /ironic-vars
|
||||
rm -f /shared/sed_commands
|
||||
for var_name in $( ls ) ; do
|
||||
echo -n s!\$\($var_name\)! >> /shared/sed_commands
|
||||
cat $var_name >> /shared/sed_commands
|
||||
echo !g >> /shared/sed_commands
|
||||
export $var_name=$(cat $var_name)
|
||||
done
|
||||
popd
|
||||
while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do
|
||||
echo 'Waiting for provisioning ip'
|
||||
sleep 5;
|
||||
done
|
||||
mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/}
|
||||
# Remove log files from last deployment
|
||||
rm -rf /shared/log/httpd/*
|
||||
rm -rf /shared/log/ironic/*
|
||||
rm -rf /shared/log/ironic-inspector/*
|
||||
# Rendering files to shared mount
|
||||
pushd /cfg
|
||||
for f in $( ls ); do
|
||||
sed -f /shared/sed_commands $f > /shared/$f
|
||||
done
|
||||
popd
|
||||
pushd /shared/html/images
|
||||
STATUSCODE=$(curl --silent --insecure --location -O --write-out "%{http_code}" ${QCOW_IMAGE})
|
||||
if test $STATUSCODE -ne 200; then
|
||||
echo "Failed to load ${ARTS[${art}]}"
|
||||
exit 1
|
||||
fi
|
||||
popd
|
||||
chmod -R 0777 /shared/html
|
||||
touch /shared/init_finished
|
|
@ -0,0 +1,12 @@
|
|||
#this file is in place until we use latest airshipctl refs.
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ironic
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- image: quay.io/airshipit/ipa:latest
|
||||
name: init-images
|
|
@ -0,0 +1,10 @@
|
|||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
namespace: metal3
|
||||
|
||||
configMapGenerator:
|
||||
- name: ironic-scripts
|
||||
files:
|
||||
- vip-ipaddress
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
# Copyright 2018 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
set -ex
|
||||
COMMAND="${@:-start}"
|
||||
# The following are standard ironic pod environment variables
|
||||
# PROVISIONING_IP - IP address we expect to assign to provisioning bridge
|
||||
# PROVISIONING_INTERFACE - the physical interface name, normally 'provisioning'
|
||||
# to reflect a bridge named provisioning with eno4 as a member
|
||||
function test_vip () {
|
||||
ip addr show ${PROVISIONING_INTERFACE} | \
|
||||
awk "/inet / && /${PROVISIONING_INTERFACE}/{print \$2 }" | \
|
||||
awk -F '/' '{ print $1 }' | \
|
||||
grep -q "${PROVISIONING_IP%/*}"
|
||||
}
|
||||
function start () {
|
||||
ip link show ${PROVISIONING_INTERFACE} > /dev/null || ip link add ${PROVISIONING_INTERFACE} type dummy
|
||||
if ! test_vip; then
|
||||
ip addr add ${PROVISIONING_IP}/32 dev ${PROVISIONING_INTERFACE}
|
||||
fi
|
||||
ip link set ${PROVISIONING_INTERFACE} up
|
||||
garp_interface=$(ip route list match "${PROVISIONING_IP}" scope link | \
|
||||
awk '$2 == "dev" { print $3; exit }')
|
||||
if [ -n "${garp_interface}" ]; then
|
||||
arping -U -c 3 -I "${garp_interface}" "${PROVISIONING_IP%/*}" || true
|
||||
fi
|
||||
}
|
||||
function sleep () {
|
||||
exec bash -c "while :; do sleep 2073600; done"
|
||||
}
|
||||
function stop () {
|
||||
ip link show ${PROVISIONING_INTERFACE} > /dev/null || exit 0
|
||||
if test_vip; then
|
||||
ip addr del ${PROVISIONING_IP}/32 dev ${PROVISIONING_INTERFACE}
|
||||
fi
|
||||
}
|
||||
$COMMAND
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- stl3r01s05
|
||||
- stl3r01s06
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
|
||||
- ../../catalogues/cleanup
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,93 @@
|
|||
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.name }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
ntp:
|
||||
enabled: true
|
||||
servers:
|
||||
- time.google.com
|
||||
- time1.google.com
|
||||
- time2.google.com
|
||||
preKubeadmCommands:
|
||||
- echo 'root:r00tme' | chpasswd
|
||||
- echo 'ubuntu:r00tme' | chpasswd
|
||||
- |
|
||||
cat <<EOF | tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- swapoff -a
|
||||
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
|
||||
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
|
||||
- /tmp/generate-kubelet-extra-args.sh
|
||||
- /tmp/generate-kube-proxy.sh
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- apt-get update
|
||||
- apt-get install -y
|
||||
docker-ce="$(apt policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
containerd.io
|
||||
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
|
||||
- apt-mark hold kubelet kubeadm
|
||||
- systemctl mask ntp
|
||||
- systemctl enable --now systemd-timesyncd
|
||||
files:
|
||||
- path: /tmp/generate-kube-proxy.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
|
||||
for i in $(ls /tmp | grep kubeadm); do
|
||||
cat <<EOF>> /tmp/$i
|
||||
---
|
||||
kind: KubeProxyConfiguration
|
||||
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
||||
mode: ipvs
|
||||
clusterCidr: 172.16.0.0/16
|
||||
EOF
|
||||
done
|
||||
- path: /tmp/generate-kubelet-extra-args.sh
|
||||
permissions: "0700"
|
||||
owner: root:root
|
||||
content: |
|
||||
#!/bin/bash
|
||||
function get_ip_address_from_interface {
|
||||
local interface=$1
|
||||
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
|
||||
if [ -z "${ip}" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
echo ${ip}
|
||||
}
|
||||
ip=$(get_ip_address_from_interface bond0.54)
|
||||
cat <<EOF>/etc/default/kubelet
|
||||
KUBELET_EXTRA_ARGS="--node-ip=$ip \
|
||||
--feature-gates=CPUManager=true \
|
||||
--feature-gates=TopologyManager=true \
|
||||
--cpu-manager-policy=static \
|
||||
--cpu-manager-reconcile-period=10s \
|
||||
--reserved-cpus=0-3 \
|
||||
--serialize-image-pulls=false \
|
||||
--topology-manager-policy=restricted"
|
||||
EOF
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- nodes
|
||||
- kubeadmconfigtemplate.yaml
|
||||
- metal3machinetemplate.yaml
|
||||
- machinedeployment.yaml
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: cluster.x-k8s.io/v1alpha3
|
||||
kind: MachineDeployment
|
||||
metadata:
|
||||
name: worker-1
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
version: v1.18.6
|
||||
bootstrap:
|
||||
configRef:
|
||||
name: worker-1
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
infrastructureRef:
|
||||
name: worker-1
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
hostSelector:
|
||||
matchLabels:
|
||||
airshipit.org/k8s-role: worker
|
||||
image:
|
||||
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- ../hostgenerator
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/k8s-role: worker
|
||||
|
|
@ -0,0 +1,63 @@
|
|||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.name }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
feature-gates: "IPv6DualStack=true"
|
||||
ntp:
|
||||
enabled: true
|
||||
servers:
|
||||
- 135.188.34.124
|
||||
- 135.38.244.16
|
||||
- 135.188.34.84
|
||||
preKubeadmCommands:
|
||||
- echo 'root:r00tme' | chpasswd
|
||||
- echo 'ubuntu:r00tme' | chpasswd
|
||||
- |
|
||||
cat <<EOF | tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- |
|
||||
mkdir -p /etc/systemd/system/docker.service.d/
|
||||
cat <<EOF | tee /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||
[Service]
|
||||
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
|
||||
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
|
||||
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
|
||||
EOF
|
||||
- export HTTP_PROXY=REPLACEMENT_HTTP_PROXY
|
||||
- export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY
|
||||
- export http_proxy=${HTTP_PROXY}
|
||||
- export https_proxy=${HTTPS_PROXY}
|
||||
- export NO_PROXY=REPLACEMENT_NO_PROXY
|
||||
- export no_proxy=${NO_PROXY}
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- apt-get update
|
||||
- apt-get install -y
|
||||
docker-ce="$(apt policy docker-ce | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
containerd.io
|
||||
- swapoff -a
|
||||
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
|
||||
- apt-mark hold kubelet kubeadm
|
||||
- systemctl mask ntp
|
||||
- systemctl enable --now systemd-timesyncd
|
||||
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
@ -0,0 +1,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues
|
||||
- ../../../../../../../airshipctl/manifests/type/gating/hwccprofiles
|
||||
- kubeadmconfigtemplate.yaml
|
||||
- metal3machinetemplate.yaml
|
||||
- machinedeployment.yaml
|
||||
|
||||
transformers:
|
||||
- ../replacements
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: cluster.x-k8s.io/v1alpha3
|
||||
kind: MachineDeployment
|
||||
metadata:
|
||||
name: worker-1
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
version: v1.18.3
|
||||
bootstrap:
|
||||
configRef:
|
||||
name: worker-1
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
infrastructureRef:
|
||||
name: worker-1
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
---
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
image:
|
||||
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
|
||||
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- workers-env-vars.yaml
|
|
@ -0,0 +1,38 @@
|
|||
# These rules inject env vars into the workers.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: workers-env-vars-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
replacements:
|
||||
# Replace the proxy vars
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTP_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTP_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTPS_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTPS_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.NO_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_NO_PROXY%"]
|
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues
|
||||
- ../../../../../../airshipctl/manifests/type/gating/target/workload
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/type/gating/target/workload/ingress/replacements
|
Loading…
Reference in New Issue