[WIP] Initail push for stl3 site manifets

Change-Id: I4dfd33fb669738960bf491479fbe5fb6c8aed7b3
This commit is contained in:
Arijit Bose 2021-01-27 10:23:51 -06:00
parent 1fdcfea301
commit 6683783c45
88 changed files with 2996 additions and 0 deletions

View File

@ -0,0 +1,20 @@
# This patches the node02 BMH to be suitable for ephemeral purposes
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
annotations:
labels:
airshipit.org/ephemeral-node: "true"
airshipit.org/deploy-k8s: "false"
name: stl3r01s02
spec:
online: true
bmc:
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
status:
provisioning:
# we need this status to make sure, that the host is not going to be
# reprovisioned by the ephemeral baremetal operator.
# when we have more flexible labeling system in place, we will not
# deliver this document to ephemeral cluster
state: externally provisioned

View File

@ -0,0 +1,10 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- stl3r01s02

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
patchesStrategicMerge:
- networking.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.231" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.12"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,36 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,14 @@
apiVersion: airshipit.org/v1alpha1
kind: IsoConfiguration
metadata:
name: isogen
labels:
airshipit.org/deploy-k8s: "false"
builder:
networkConfigFileName: network-config
outputMetadataFileName: output-metadata.yaml
userDataFileName: user-data
container:
containerRuntime: docker
image: sb464f/isogen:latest-ubuntu_focal
volume: /srv/image:/config

View File

@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/ephemeral
- ../catalogues
generators:
- hostgenerator
patchesStrategicMerge:
- baremetalhost.yaml
- secret.yaml
- image_configuration.yaml
- remote_direct_configuration.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/ephemeral/replacements

View File

@ -0,0 +1,7 @@
apiVersion: airshipit.org/v1alpha1
kind: RemoteDirectConfiguration
metadata:
name: default
labels:
airshipit.org/deploy-k8s: "false"
isoUrl: http://10.254.195.209/ephemeral.iso

View File

@ -0,0 +1,200 @@
apiVersion: v1
kind: Secret
metadata:
labels:
airshipit.org/ephemeral-user-data: "true"
name: ephemeral-bmc-secret
type: Opaque
stringData:
userData: |
#cloud-config
ssh_pwauth: True
ssh_authorized_keys:
# TODO(alanmeadows): the ssh key below
# -----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEA1Vv55Nt8IdH455BTH1HkOnwzQ5IHlU8hyX7q2S1Z+e6kPqec
# pLt6a7+3Ufrwtu1zzzpXvuitqb0FlpbngMfkRW7uWyqvwvCELuK5BlH9GHulFwvP
# ANU/hIUwnJt1ICVQhwPM7mypUa0dtVV5SUan0AFnmwFIbcSz0jofaLYK3kZw9D8i
# m1w4vx1M4A3mObje4JOY0UqGYTmMYnvb+GS8X8oNiYlL8W3M4WPdaZNBaoclvMhr
# V4jw8c5/mYFub6kvf7Kdk8lBKI/tymemuR6YAl83V10zLocPR8NslSHZUidqhA0O
# 2JN7Wt6M05HhZ/MCAhfxnPrmPraDMolA84NApwIDAQABAoIBAF65PvDEIRBC0Ga+
# RKkbCmCM05WkN4mqYC29EzboU5IKyRCoCXt5YJiFvTXAWy5brZbLKDmxw6ggK2L4
# DD+4fzf0UA5ZnT7G2WiXb93GeL9t5ZWdwIF2K4UCPNrKie2Do4TNwyX3SBTi7tWa
# 5QYLQGWwufavUyCou80R0PAEIj8b5xY5u3lK03/wfexl3z5FLsiCZVHD/xdZsFgg
# 8m32iDrNOBfWaFeOeSGUbCfUtsmD5kbcUus4+/jn6Pdg06S+RV9xfQ9GTUD5iU6K
# GixEYPtC3o0KRlNtpZwX5+oWBERiFNTeHRp46t/foXWYSSg6bP5v+wNauTX7VPN7
# YDiU3sECgYEA+BgLDEDMHjyiIfgPsAIn5T4oqso52zCgkpmiHLcawLto6nEv75ST
# 9NxZjnAKL7RiL6ebAGbX3dBvb9VEPn49j9yw4JKguAkWUJH9s6dZ02RDKnRnaV/N
# 4bHtgCmObuZRsJTGDxWhvyVt1KSYqd1e7o0RSPasKXEgJ3MivsGV+l0CgYEA3CiR
# H/hjFWrduqpMzYOdz8YqDSw33fr0jYMnyNZclMtBge7nZsxI+txytp5OKrb3JAWH
# SYKSLn6Z0Z7Y7brIYDzQW16+j/T4ttc/teq3WSOH3kpsOJ4w+AFE4764zlnCf/HJ
# DuPDKXGHg2rJpVdyCGYPX8TgME2VItCAcvTbHtMCgYEAm6aR/90DcxD9c6xrQzUH
# DLdj0ktP4ynuBCvpXnSujy7FUxkyRvCDp0M72LaIXYehdl6ES8s6McscryAxUbfo
# LcL7Ido8hVoGKwR9FGKxY4Pq887WNnFJ/QihhiAMYZ2UsOGWJU6gDQmRj7C4qxHd
# BnNw3cMNHm8ACmAc82sHCm0CgYEAmNWwqbkNT/j4JHXFC4arL2oqFyrzPa7Rxsud
# +taVPtY7i7AGBF8c6snO+Oe86/pIZ0FPQcDbKlvI/LSBc8ePAwA0xLlpIRa28ndL
# S0a+MatwzuhraIKpDAIViOUF9nppg9id8zA6c7LUmG6xvY6PIzV2xs0ttVqmhZyp
# DyTcWPECgYA9zx0rOtEQiRiW6Hd9chsTzMahCHMP27f9Y8a7q3zG9df8YlLuT9Ut
# 4iRrM/hCGIYKnRVM7JDPTwJMRX8GR1lw3JwRvnNsaDR+hTvxRd/s0MjC7I2MeHGt
# 93hPvw94eLhP65TiJLeMy+rBw5meXnryzVbQ12VlMe//Suq2OrOnog==
# -----END RSA PRIVATE KEY-----
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
chpasswd:
list: |
root:Abcd.1234
deployer:Abcd.1234
expire: False
users:
- default
- name: deployer
gecos: deployer
ssh_pwauth: True
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
runcmd:
# TODO(alanmeadows): all of the client-side versions of the certificates below
# appear to be in airshipctl:playbooks/vars/test-config.yaml
- set -x
- export PATH=$PATH:/usr/sbin:/sbin
- I=$(ip route show | grep default | awk '{ print $3}'); while ! ping -c5 -q -W10 $I; do echo "interface not up, sleeping for 10 before retry."; sleep 10; done
- rm /etc/resolv.conf
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
# Replace xenial with focal or $(lsb_release -cs) once available
#- echo "deb https://artifacts-nc.mtn57z.cti.att.com/artifactory/apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- apt update
- apt install -y
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
containerd.io
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
- /tmp/generate-kubelet-flags.sh
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
- kubeadm init --config /tmp/kubeadm.yaml
- mkdir -p /opt/metal3-dev-env/ironic/html/images /var/lib/ironic-persisted-data-volume
write_files:
- content: |
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.254.125.231:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZekNDQWt1Z0F3SUJBZ0lVRUZqa1hPbzMvM0YvWkg0eE12bkpTUUhVOUc4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZURVRNQkVHQTFVRUF4TUthM1ZpWlhKdVpYUmxjekFlRncweU1ERXlNekV4TnpReU5EVmFGdzAwT0RBMQpNVGd4TnpReU5EVmFNRjR4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSlVXREVPTUF3R0ExVUVCd3dGClVHeGhibTh4RnpBVkJnTlZCQW9NRG5ONWMzUmxiVHB0WVhOMFpYSnpNUmt3RndZRFZRUUREQkJyZFdKbGNtNWwKZEdWekxXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFsWGR5bHArVwpaVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMbHRGUVdQL2ZJYVdTcllhWEVzNVhiT09XCmVXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWtXd0hkalJYU3dFWEVvWnNuQlZJcVpnUE4KVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWjhDYkhkS0RPMTV2bnc4aXlCVzdIRVM3NQpoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2MFdQcnpoVGQ5M0tBVUJyUEJMNE4yeXdwCldEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3NvSVgrV1FERTV2c213OEhnYkJ1QXBCcm0KVCsrdHMvSFVEM0NMQVFJREFRQUJvMkl3WURBbkJnTlZIU01FSURBZW9SbWtGekFWTVJNd0VRWURWUVFERXdwcgpkV0psY201bGRHVnpnZ0VBTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRREFnUXdNQjBHQTFVZEpRUVdNQlFHCkNDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFKVksrcDlpVHNHSm0KZFpRNGhMSE56d01WanZiMC9DaFNLK09FTU95dm02OFFieXI0RUdZRTRzSzY4ZzVzNE9nODNHMkR4M1Z0aHpMWQpUaUhKVkl0NG9YYS8rYzlYMzFqOHFZeTNiNng1Q3VzSUgvZ3JJL3lNT3k2U2hiaEJhNG9YVG9id256NVBlZWJjCm5KMm82aHp2Qno1ZXY5WmRKYkpWZEtScXB4K25jQ0ZmbUdSYzdRenFFV3dpMFFuaEVyVFRUdmhQYWd1cjRJd0IKYktQclpCYkRIZE1KNk5IN0YxUm13MDVvODE1WVZ1Nnp3WlVjZGEyajgwbGZ0Q3MxSjVxcnRINmg4N3ppRXllbwp1dlZiMWxqTjZmWmNiMFFtaGRZNjl6K29xVEZ2U2U5QldnQXdSM0lJMFdUQzI3cS9vYjV6a09KY1JkdWJ5dENRCjlCc0VmMllnSWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbFhkeWxwK1daVVoyMStkalRXbzlrN28wK0doa20xRmduYWpnYUZMUUtZVjhXUUpMCmx0RlFXUC9mSWFXU3JZYVhFczVYYk9PV2VXWjVqR3NlRUtDQXM5Tnh3R3QzSTV6V24yT0lmeGE2MHFDRVc2OWsKV3dIZGpSWFN3RVhFb1pzbkJWSXFaZ1BOVjhJdHNCWW9LcFlWcVc3SnFIRWd1MGtSKzJ0cnJYa1FQVXZhT2YxWgo4Q2JIZEtETzE1dm53OGl5Qlc3SEVTNzVoTk5ON2dXQ0hiTjRNeTI0QXYzSXVaOHhST0xLM2gzcFdrU3hEVzc2CjBXUHJ6aFRkOTNLQVVCclBCTDROMnl3cFdEc3pGSi95Q2M2WEN0czcyUUFiUmE4VWFSSkVuVUhaT0NaREtjQ3MKb0lYK1dRREU1dnNtdzhIZ2JCdUFwQnJtVCsrdHMvSFVEM0NMQVFJREFRQUJBb0lCQURxRVMwNkJLR1o2RWVreApaQVZaQk1hamJqMmEwVmlsb1lmWUtCTnY2S040NlZnSHVBUlI2bjBOb0JRU09MekxKclpzSm5veEdDWnJZa2NCCllRSHRkTFh5b0dSUExwTzR3YVloVjcwNTd1YXJoV1pINHFobXNKQ2Q3S2J1S2ErRGlPRmlhOHNJemduL3NkZHcKdFVVSEFYQVdPY2xDa1NnQjBaSjNXZTdPcVBiMTlFelA0TW1qQWNGYithWUMvazVITEZxS3psMkFvc3YvUVRRTQpWcTI3NHhWLzRwZHNneE5kWjdiUWhrUG9BelhvOUIrdkFQQ2J1dmhpMzVxdnRGd1RSMUduSmFsUTBDV1ZzQkcwCktwbW8wMXZwYzVpU0wzNkF6QUd6bkIrS1plK3dPRllpaGVaQnI2RnM1TWs2b0pWSFpMeG1KYllHRVN1LzFUdG0KRyticjRna0NnWUVBeExLUGpXaUFQOTd3dk1GMm45L1FXaVMvM0FiYkRvM1NVK0kwdDFWUDhob1dCSEo2aDNQNQpHK3d6T1Y2Q2VUNHpmUFlaZjNFaEJaU2V6SExQV1ZLSFliOXFNQS95TUs4R2NwMXNBZms5U3hkKzdGT1VoUXlJCmFBY0pWelhoRGtkM3kwY1EwZHV0MC8vakNueEV2ZzlYa3doK2NxUGJ4ZmlyTkkxaHJCbWtrMU1DZ1lFQXdvZUcKNHRnY09xS3BQRzVDYzVsSTFhZlNES2s4M2ZmTkxwMHcyT1BjWWI4YlZSREZabTNhVlk4S1Q5emtudmJaa2JaeApNV00xUEFkbGJSMXdJeTV0eHplNzFuSWt2cXNhZVkxcEE3TzBKY1VPc1FBR1VNc3RaSjdjWTlnT3ZtMTZLcU1QCi94UXdVNm5UK1NJdXh6WXBXV3lHUStXclJQV3kwRDJ5Z1ZqcUVkc0NnWUVBdlZVUFB0TkhGN1BWMENyOHJ6azEKaVg5ME9pdFRNamdySzFsQzJ2SEFpVTY0d01FYzFrTTRscnNPTjN1VVpYWU5BNHl6MEdzcG1RQ010a2tRODI2dwpKOU9qTis0eGR0RVNpTUtrMDJXQXJVWkpndHVVeTFqYitCNUZ6Rzl0V1Z4TG9CeWd3UkFPeTFDMHowUDh1MkZ6CkwzRnVuWlRDR0ZhYkhYTzFmMzRUWDBjQ2dZQk9xczRTbUlDNSthUGs2MVgyTjZ2cnMwVlBsM1VrOHB4SVdJc3oKZXRwWnNSWVZqWVcyeVgvOUQ2NkU0M2lWREpDcHk1VDArd0RCT09COGd1WWhaQnBDOFRnR0hmemNHb2ZIVmpkOApwc1NZYlp0bVd2TXk0eWVGUkhVdDcyYnUvWWpsQ3pKaDNrRTQ1RG56eXk0Tm84cU8va05CMi9RcUhBNW5CanhVCjhLY2Y5d0tCZ1FDQ1RQbnBYMTlxQXFMRGtSYkVKMWZXM2Z2NysxamN5QVA4VEpTV3ZmWWQzdklEVk1pcVZkcG4KUjRXMFhVa0ZBVVJYM1hDSTE5SVRNY2Zkd3hybHVrNWtHUERnM3Y1cTh6ZVJRdHRnL0IvNkNoZGt2akxzRnRHdApINEVsOGhxeU4zM09sdHJNWmdER0FlVkd4YUV5N0h5SFVZRmpKalRKdnE1azZJRmIrcVVTVnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
owner: root:root
path: /etc/kubernetes/admin.conf
permissions: "0640"
- path: /tmp/generate-kubelet-flags.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
cat <<EOF>>/etc/default/kubelet
KUBELET_EXTRA_ARGS="\
--serialize-image-pulls=false"
EOF
- content: |
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
encoding: base64
owner: root:root
path: /etc/kubernetes/pki/ca.crt
permissions: "0640"
- content: |
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBelZGTGpES0NQZUpJRUIvMEVZRk1wbkpUV2x1QUtGM3Bqc2pNcGw1MkdNTHI3TGwwCkdKbWpsNHZPQ1FPeUhmejljSkxPbzRwN0trMUNuZklCZ3E5c2tmSHZ6cW9kVmpyemwzbGRQZG55eXRST3hQakoKbHl4Mm5kYklhM2ZqSy9mcjhBalg1SjQ5RDY0MGpOek9qY082RllZV0VIM3RYcWtYNFJEUjVSektjejJ5RjMrbgpSaEN4Zmk1OWVxRUlQbG14KzlPbDJTNzh5TFptNFZGWk5Bb3pHT096bkNCMEJtbVhxeTM5OTJkK25CUDJuOVUzCmllS3VEUXJYME5JZEFndTZSSnlnekNhd0RIYVIrVWN5RTZUejBxcUxRaUgrRGF6Z1JyaWhnTmpPUzF4dENDZlQKQWlPQ0IrKzZ6Zk5DVWJmdUtscnlwT3dwNTlPQjFIeUI4RUxrVXdJREFRQUJBb0lCQVFDU0lPNFlGa3JFS0swSgpiUFNWRU9XeEFXVjV4ZTNzelFwUjZYQmVhSlM5QXQ1UFdaN2JjMTRQbWgxR0pTODhVTGRBeS92dVFiMXZXaFd6CnZHNSt5TVFKQzV5V0JsVmk3Z281SU5QUUZiTEwwVmRPc1pNbzJTaURKajcyM2hqOVRqTEtZRURvSWdkcmhaMDUKTkY1K1gzT3RwZ1ZHTDVvbDZVdHBrRU1UUWU2RkhYampxU0d2VkRhRnFWS25yemtVZitHcks5dXVYckxqWXpMWgo4bHpEbWd0YXhyN1pobnp4eEZMVUwzMXg0MFkwbGdzSkdTNHAwMncxTFdzL2I2bjBQKzk4TkxvUW5nS2lZdmVUCkM5dlVHT0dWWkJqNnBPTEdocWEzeWZ0Q25hbm1IRkFWTWN2WTllWW9ockFFWXlQenJPRURVR2pHUWJOUldwb24KL093RFI2T0JBb0dCQVBYUVlPM0Nhdm9Tckw5UTNZRmcrblRRWjFEYnpGYmZ4WjhYYVhWNUpDWEkyOG9ObG8wVwo0bCtMSnFHOTcxR2YwVElKeEpUcXRNU3NxSHNpdFZPOEthVHIyQ29XZWoybHZWWGhId3FSd3lhSkM1UllPR2VPCmxHY1MvM0xPejZyeE03bnJpakxUdHFKRDNjMUl1RTNwOERwNjFoTUlBYVI4WFlPNDVUNXMvWGd4QW9HQkFOWFQKVTNpNkZPYWh0ZjJQTTJBMHc0Sysyc2xVeW93VXhUQytBQmJrbUV4aGJiT3ViZ2VPbys1aFpNTjIzcGFnWWt1VgpSZ0lnQkE2Yk81RmRKMkhVRm5HcEdCMjVnOXZpd0k1ejhwZ0tsU3pGM21BT1dGWHBsWlJwT0dMbHpBbmpLS1RLCk1TQXRYS2UveU5IUjltUmFWd2hiK21QajVuTjlLcmQ0Rmd1WWx3ZkRBb0dBS1FwM2hIclhYWlZNbmt5a0R2dmcKRlN6T2N5T2ZoRW1zTnhtems5ZDcvNHIvbDBhWmdrajExcm5tNDA1UTdMSGdQWmgvNTlVZ0JVNUdldmlhaWJaNgp4WHhUQlFQbnVPODVJMk9JeVR6NDlqQWZiTThsNjdSVWRya25TVVhhU2xJbkxyMXl2M1cxb25YdVRGMzkxNVJkCmRZWVl3K2lzVFlndUhOWDhBR1kyRTZFQ2dZRUFveDdRTXUxaVBIOXBJc0kzNDFEZFJjVHJpMlBRRVFWWFdWUFoKSlozR1FaNmgzYzFYeXhRYUl5VFJoZndNMnNRSHVMbHI2dnNablRyM09uSGlOVk5pdTlyUHR2MXJoamQ1eGpMVwpBdjh2eGpRODdQS0VtU1hWSXA4U2tQL1ZwRVZUSUVQUExranN3bHdnaTFDdHN1am9ORXhXdkJXRUhONkQwK3NjCmhrUW1FNWtDZ1lFQWx6QzB5clVOSTBQMHdKQUw0S0JoM21oNDZST2V3TzIyb1FhZ0c4c1N5SjVpT0NIT1VaZDcKVnhPbmRZMVdKM2M5ZktXWmVQVXkvZEhCTUtjY2wvZXJmbkk0aHZ2bnhvejNob0Z2SDdnMHJGVU5vYVZzdlhpaQpPY2NCUURVMzNDdW5WVjRmeGNyNS8xV1NwUzZoT2ZIZDJ1NFZjNnpwQ2dTOXQ3VmFzZ1JweGJjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
encoding: base64
owner: root:root
path: /etc/kubernetes/pki/ca.key
permissions: "0600"
- content: |
kubernetes:
# TODO(alanmeadows) just hard coded for now
version: 1.18.3
container_runtime:
type: docker
package_repos:
- name: docker-ce-artf
url: https://download.docker.com/linux/ubuntu
gpgKey: https://download.docker.com/linux/ubuntu/gpg
channel: stable
tags:
- debian
- name: kubernetes-artf
url: https://apt.kubernetes.io/
gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg
channel: main
versionCodeName: kubernetes-xenial
tags:
- debian-like
- name: docker-ce-artf
url: https://download.docker.com/linux/ubuntu
gpgKey: https://download.docker.com/linux/ubuntu/gpg
channel: stable
tags:
- ubuntu
owner: root:root
path: /tmp/konfigadm.yml
permissions: "0640"
- content: |
---
apiServer:
certSANs:
# TODO(alanmeadows) these are the IPs for mtn57r08c004
# on both the pxe and calico interfaces and ultimately
# should be derived from the ephemeral node
- 172.63.0.12
- 172.64.0.12
#imageRepository: docker.io
apiVersion: kubeadm.k8s.io/v1beta2
controllerManager: {}
dns:
type: ""
etcd: {}
kind: ClusterConfiguration
networking:
# TODO(alanmeadows): this is the appropriate pod CIDR for RDM9
# but should ultimately come from some central definition
podSubnet: 172.26.0.0/15
scheduler: {}
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint: {}
nodeRegistration:
ignorePreflightErrors:
- NumCPU
- SystemVerification
taints: []
owner: root:root
path: /tmp/kubeadm.yaml
permissions: "0640"
bootcmd:
# TODO(alanmeadows): This just blows away /dev/sda and uses it for ironic image storage
# this needs to also account for storage of container images and dynamically find the device
# so the same code can be used to discover /dev/sda as /dev/vda and bind mounting is nasty
- /sbin/mkfs.ext4 -F /dev/sda
- mkdir /mnt/sda
- mount /dev/sda /mnt/sda
- mkdir -p /opt/metal3-dev-env/ironic/html/images
- mkdir -p /mnt/sda/opt/metal3-dev-env/ironic/html/images
- mount --bind /mnt/sda/opt/metal3-dev-env/ironic/html/images /opt/metal3-dev-env/ironic/html/images
- mkdir -p /var/lib/docker /mnt/sda/var/lib/docker
- mount --bind /mnt/sda/var/lib/docker /var/lib/docker
- mkdir -p /var/lib/docker-engine /mnt/sda/var/lib/docker-engine
- mount --bind /mnt/sda/var/lib/docker-engine /var/lib/docker-engine

View File

@ -0,0 +1,4 @@
# Catalogue Definitions for Ephemeral Cluster
This inherits Site-level catalogues from the neighboring target cluster's
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.

View File

@ -0,0 +1,3 @@
resources:
- smp.yaml
- ../../../target/generator/results/cleanup/

View File

@ -0,0 +1,29 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../target/catalogues
patchesStrategicMerge:
- networking.yaml
- versions-airshipctl.yaml

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.230" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,12 @@
# Override default controlplane image location
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
#<tbd><tbd>
files:
k8scontrol:
# Host the image in a locally served location for CI
cluster_controlplane_image:
url: http://172.63.0.12:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'

View File

@ -0,0 +1,10 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- stl3r01s01

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
patchesStrategicMerge:
- networking.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
#<tbd><tbd>
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.230" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,36 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
# otherwise nodes will hang in 'registering' state for quite a long time
- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../../target/catalogues # NOTE: use target networking for this phase
- nodes
transformers:
- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements
patchesStrategicMerge:
- versions-catalogues-patch.yaml
- patch_controlplane.yaml

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

View File

@ -0,0 +1,178 @@
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
metadata:
name: cluster-controlplane
spec:
replicas: 1
version: v1.18.6
infrastructureTemplate:
kind: Metal3MachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
name: cluster-controlplane
kubeadmConfigSpec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.local_hostname }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
initConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.local_hostname }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
taints: []
clusterConfiguration:
imageRepository: "k8s.gcr.io"
controllerManager:
extraArgs:
enable-hostpath-provisioner: "true"
apiServer:
extraArgs:
service-node-port-range: 80-32767
networking:
dnsDomain: cluster.local
podSubnet: 172.16.0.0/16
serviceSubnet: 10.96.0.0/16
kubeProxyConfiguration:
mode: "ipvs"
clusterCidr: 172.16.0.0/16
preKubeadmCommands:
- echo 'root:r00tme' | chpasswd
- echo 'ubuntu:r00tme' | chpasswd
- |
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- sysctl --system
- swapoff -a
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
- /tmp/generate-kubelet-extra-args.sh
- modprobe ip_vs
- modprobe ip_vs_rr
- modprobe ip_vs_wrr
- modprobe ip_vs_sh
- modprobe nf_conntrack_ipv4
- apt-get update && apt-get install -y bridge-utils keepalived ipset ipvsadm
- systemctl enable --now keepalived
- /tmp/generate-kube-proxy.sh
- /tmp/local-storage-setup.sh
- /tmp/sysctl.sh
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
- apt update
- apt install -y
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
containerd.io
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
files:
- path: /tmp/generate-kube-proxy.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
for i in $(ls /tmp | grep kubeadm); do
cat <<EOF>> /tmp/$i
---
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
mode: ipvs
clusterCidr: 172.16.0.0/16
EOF
done
- path: /tmp/local-storage-setup.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
set -x
DISK=/dev/sdb
PARTITION=${DISK}1
MOUNTPOINT=/local-storage/sdb1
udevadm settle
mkdir -p $MOUNTPOINT
if mount | grep $MOUNTPOINT; then
echo "disk is already mounted"
exit 0
fi
if ! grep "${PARTITION}" /etc/fstab; then
echo "$PARTITION $MOUNTPOINT auto defaults,nofail 0 2" >>/etc/fstab
fi
if ! ls $PARTITION; then
/sbin/sgdisk --new 1 $DISK
fi
/sbin/mkfs.ext4 $PARTITION -L local-storage -F -E lazy_itable_init=1,lazy_journal_init=1
mount $MOUNTPOINT
/bin/chown -R etcd:etcd $MOUNTPOINT
exit 0
- path: /tmp/generate-kubelet-extra-args.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
function get_ip_address_from_interface {
local interface=$1
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
echo ${ip}
}
ip=$(get_ip_address_from_interface bond0.54)
cat <<EOF>/etc/default/kubelet
KUBELET_EXTRA_ARGS="--node-ip=$ip \
--feature-gates=CPUManager=true \
--cpu-manager-policy=static \
--reserved-cpus=0-3 \
--cpu-manager-reconcile-period=10s \
--feature-gates=TopologyManager=true \
--topology-manager-policy=restricted"
EOF
- path: /etc/keepalived/keepalived.conf
content: |
! Configuration File for keepalived
global_defs {
}
vrrp_instance KUBERNETES {
state BACKUP
interface bond0.51
virtual_router_id 200
priority 101
advert_int 1
virtual_ipaddress {
10.254.125.240
}
}
vrrp_instance INGRESS {
state BACKUP
interface bond0.51
virtual_router_id 199
priority 101
advert_int 1
virtual_ipaddress {
10.254.125.239
}
}
- path: "/tmp/sysctl.sh"
owner: root:root
permissions: '0700'
content: |
#!/bin/bash -x
cat <<EOF>/etc/sysctl.d/99-airship.conf
net.ipv4.conf.all.rp_filter=2
EOF
sysctl -p /etc/sysctl.d/99-airship.conf
users:
- name: deployer
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
sudo: ALL=(ALL) NOPASSWD:ALL

View File

@ -0,0 +1,11 @@
# Patch the versions catalogue to use the site-specific local image URL
# TODO: patch this in from a site-networking catalogue in the future
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
files:
k8scontrol:
cluster_controlplane_image:
url: http://172.63.0.12:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'

View File

@ -0,0 +1,5 @@
resources:
- ../../../../../../airshipctl/manifests/composite/infra/
commonLabels:
airshipit.org/stage: initinfra

View File

@ -0,0 +1,47 @@
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
config.kubernetes.io/path: metal3/configmap_ironic-entrypoints.yaml
labels:
airshipit.org/stage: initinfra
name: ironic-entrypoints
namespace: metal3
data:
init-bootstrap: |
#!/usr/bin/env bash
set -xe
#Configure vars for rendering
pushd /ironic-vars
rm -f /shared/sed_commands
for var_name in $( ls ) ; do
echo -n s!\$\($var_name\)! >> /shared/sed_commands
cat $var_name >> /shared/sed_commands
echo !g >> /shared/sed_commands
export $var_name=$(cat $var_name)
done
popd
while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do
echo 'Waiting for provisioning ip'
sleep 5;
done
mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/}
# Remove log files from last deployment
rm -rf /shared/log/httpd/*
rm -rf /shared/log/ironic/*
rm -rf /shared/log/ironic-inspector/*
# Rendering files to shared mount
pushd /cfg
for f in $( ls ); do
sed -f /shared/sed_commands $f > /shared/$f
done
popd
pushd /shared/html/images
STATUSCODE=$(curl --silent --insecure --location -O --write-out "%{http_code}" ${QCOW_IMAGE})
if test $STATUSCODE -ne 200; then
echo "Failed to load ${ARTS[${art}]}"
exit 1
fi
popd
chmod -R 0777 /shared/html
touch /shared/init_finished

View File

@ -0,0 +1,15 @@
resources:
- ../../../../../../airshipctl/manifests/function/baremetal-operator
- ../../../../../../airshipctl/manifests/function/hwcc
- ../../../../../../airshipctl/manifests/function/clusterctl
- ../catalogues
commonLabels:
airshipit.org/stage: initinfra
transformers:
- ../../../../../../airshipctl/manifests/function/baremetal-operator/replacements
patchesStrategicMerge:
- patch_bmo_config.yaml
- ironic_entry.yaml
- networking.yaml

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.231" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.12, 172.63.0.12]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.12"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,21 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ironic-vars
data:
AUTOMATED_CLEAN: "false"
IRONIC_AUTOMATED_CLEAN: "false"
DHCP_RANGE: 172.63.0.31,172.63.0.126
HTTP_PORT: "6180"
DEPLOY_KERNEL_PATH: images/ipa-ubuntu-master.kernel
DEPLOY_RAMDISK_PATH: images/ipa-ubuntu-master.initramfs
DEPLOY_KERNEL_URL: http://172.63.0.12:80/images/ipa-ubuntu-master.kernel
DEPLOY_RAMDISK_URL: http://172.63.0.12:80/images/ipa-ubuntu-master.initramfs
IRONIC_ENDPOINT: http://172.63.0.12:6385/v1/
IRONIC_FAST_TRACK: "false"
IRONIC_INSPECTOR_ENDPOINT: http://172.63.0.12:5050/v1/
PROVISIONING_IP: 172.63.0.12
PROVISIONING_INTERFACE: eno4
#QCOW_IMAGE: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
QCOW_IMAGE: "http://cloud-images-archive.ubuntu.com/releases/bionic/release-20190722.1/ubuntu-18.04-server-cloudimg-amd64.img"

View File

@ -0,0 +1,20 @@
# This patches the node02 BMH to be suitable for ephemeral purposes
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
annotations:
labels:
airshipit.org/ephemeral-node: "true"
airshipit.org/deploy-k8s: "false"
name: stl3r01s02
spec:
online: true
bmc:
address: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
status:
provisioning:
# we need this status to make sure, that the host is not going to be
# reprovisioned by the ephemeral baremetal operator.
# when we have more flexible labeling system in place, we will not
# deliver this document to ephemeral cluster
state: externally provisioned

View File

@ -0,0 +1,14 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
# Note: this list should be kept up to date with
# the full list of hosts in the cluster
- stl3r01s01
- stl3r01s02
- stl3r01s03

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../target/catalogues
- host-generation.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
- ../../target/catalogues/cleanup

View File

@ -0,0 +1,41 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: password-secret
$patch: delete

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- hostgenerator
patchesStrategicMerge:
- ephemeral-patch.yaml

View File

@ -0,0 +1,38 @@
apiVersion: airshipit.org/v1alpha1
kind: KubeConfig
metadata:
name: default
labels:
airshipit.org/deploy-k8s: "false"
config:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
server: https://10.254.125.230:6443
name: target-cluster
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.254.125.231:6443
name: ephemeral-cluster
contexts:
- context:
cluster: target-cluster
user: target-cluster-admin
name: target-cluster
- context:
cluster: ephemeral-cluster
user: ephemeral-cluster-admin
name: ephemeral-cluster
current-context: ""
kind: Config
preferences: {}
users:
- name: ephemeral-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
- name: target-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

View File

@ -0,0 +1,7 @@
resources:
- kubeconfig.yaml
- ../target/catalogues
transformers:
- update-target.yaml
- ../target/catalogues/cleanup

View File

@ -0,0 +1,70 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: k8scontrol-cluster-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=target-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.targetKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=target-cluster-admin].user.client-key-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.certificate-authority-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.clusters.[name=ephemeral-cluster].cluster.certificate-authority-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-certificate-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-certificate-data"]
- source:
objref:
kind: VariableCatalogue
name: generated-secrets
fieldref: "{.ephemeralKubeconfig.client-key-data}"
target:
objref:
kind: KubeConfig
name: default
fieldrefs: [".config.users.[name=ephemeral-cluster-admin].user.client-key-data"]

View File

@ -0,0 +1,6 @@
phase:
path: manifests/site/stl3-site/phases
docEntryPointPrefix:
inventory:
path: manifests/site/stl3-site/host-inventory

View File

@ -0,0 +1,6 @@
resources:
- ../kubeconfig
- ../../../../../airshipctl/manifests/phases
patchesStrategicMerge:
- patch-entrypoints.yaml

View File

@ -0,0 +1,92 @@
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: bootstrap-iso
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: IsoConfiguration
name: isogen
documentEntryPoint: manifests/site/stl3-site/ephemeral/bootstrap
---
apiVersion: airshipit.org/v1alpha1
kind: BaremetalManager
metadata:
name: RemoteDirectEphemeral
spec:
hostSelector:
name: stl3r01s02
operationOptions:
remoteDirect:
isoURL: http://10.254.195.209/ephemeral.iso
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-ephemeral
clusterName: ephemeral-cluster
config:
documentEntryPoint: manifests/site/stl3-site/ephemeral/initinfra
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-networking-ephemeral
clusterName: ephemeral-cluster
config:
documentEntryPoint: manifests/site/stl3-site/ephemeral/initinfra-networking
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: controlplane-ephemeral
clusterName: ephemeral-cluster
config:
documentEntryPoint: manifests/site/stl3-site/ephemeral/controlplane
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-target
clusterName: target-cluster
config:
documentEntryPoint: manifests/site/stl3-site/target/initinfra
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: initinfra-networking-target
clusterName: target-cluster
config:
documentEntryPoint: manifests/site/stl3-site/target/initinfra-networking
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: controlplane-target
clusterName: target-cluster
config:
cluster: target-cluster
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: manifests/site/stl3-site/target/controlplane
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workers-target
clusterName: target-cluster
config:
documentEntryPoint: manifests/site/stl3-site/target/workers
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: workload-target
clusterName: target-cluster
config:
documentEntryPoint: manifests/site/stl3-site/target/workload

View File

@ -0,0 +1,5 @@
# Catalogue Definitions for Target Cluster
This inherits Type-level catalogues, and adds in Site-specific values.
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
customizations on top of this for ephemeral use.

View File

@ -0,0 +1,4 @@
resources:
- smp.yaml
- ../../generator/results/cleanup/

View File

@ -0,0 +1,29 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,93 @@
# Site-level host catalogue. This info feeds the Templater
# kustomize plugin config in the hostgenerator-m3 function.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
labels:
airshipit.org/deploy-k8s: "false"
hosts:
m3:
stl3r01s01:
bootMode: legacy
macAddress: E4:43:4B:EE:F4:CB
bmcAddress: redfish+https://10.253.200.35/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.230
pxe-ipv4: 172.63.0.11
storage-ipv4: 172.62.0.11
calico-ipv4: 172.64.0.11
hardwareProfile: default # defined in the hostgenerator-m3 function
stl3r01s02:
bootMode: legacy
macAddress: E4:43:4B:EE:B0:43
bmcAddress: redfish+https://10.253.200.36/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.231
pxe-ipv4: 172.63.0.12
storage-ipv4: 172.62.0.12
calico-ipv4: 172.64.0.12
hardwareProfile: example # defined in the hardwareprofile-example function
stl3r01s03:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:D9
bmcAddress: redfish+https://10.253.200.37/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.232
pxe-ipv4: 172.63.0.13
storage-ipv4: 172.62.0.13
calico-ipv4: 172.64.0.13
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s04:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:DD:0F
bmcAddress: redfish+https://10.253.200.38/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.233
pxe-ipv4: 172.63.0.14
storage-ipv4: 172.62.0.14
calico-ipv4: 172.64.0.14
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s05:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:D7:2F
bmcAddress: redfish+https://10.253.200.39/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.234
pxe-ipv4: 172.63.0.15
storage-ipv4: 172.62.0.15
calico-ipv4: 172.64.0.15
hardwareProfile: default # defined in the hardwareprofile-example function
stl3r01s06:
bootMode: legacy
#macAddress: E4:43:4B:EE:D7:B8
macAddress: E4:43:4B:EE:F3:B7
bmcAddress: redfish+https://10.253.200.40/redfish/v1/Systems/System.Embedded.1
bmcUsername: root
bmcPassword: WWTwwt1!
disableCertificateVerification: true
ipAddresses:
oam-ipv4: 10.254.125.235
pxe-ipv4: 172.63.0.16
storage-ipv4: 172.62.0.16
calico-ipv4: 172.64.0.16
hardwareProfile: default # defined in the hardwareprofile-example function

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/type/gating/shared/catalogues
- hosts.yaml
- ../generator/results
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
#<tbd><tbd>
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.230" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,10 @@
# Override default controlplane image location
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
files:
k8scontrol:
cluster_controlplane_image:
url: http://172.63.0.11/ubuntu-18.04-server-cloudimg-amd64.img
checksum: 'e0d74d3d37e70e4eec1b204f8402ed3c'

View File

@ -0,0 +1,13 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- stl3r01s01
#- stl3r01s02
- stl3r01s03
- stl3r01s04

View File

@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example
- ../../catalogues
- host-generation.yaml
patchesStrategicMerge:
- networking.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup
- ../../../../../../../airshipctl/manifests/function/hardwareprofile-example/cleanup

View File

@ -0,0 +1,111 @@
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
labels:
airshipit.org/deploy-k8s: "false"
#<tbd><tbd>
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
serviceCidr: "10.96.0.0/12"
podCidr: "192.168.0.0/18"
controlPlaneEndpoint:
host: "10.254.125.230" # ephemeral will be different
port: 6443
# NOTE: This stringing is required to do substring replacement.
# Ideally, improve this in the future.
apiserverCertSANs: "[172.64.0.11, 172.63.0.11]"
ironic:
provisioningInterface: "eno4"
provisioningIp: "172.63.0.11"
dhcpRange: "172.63.0.31,172.63.0.126"
# This section is only relevant when using Metal3 BareMetalHosts, and
# is consumed by the `hostgenerator-m3` function.
# It defines host-level networking that is common across all BMHs in a site,
# and will typically be fully overridden at the Type and Site level.
commonHostNetworking:
links:
- id: eno4
name: eno4
type: phy
mtu: "1500"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp94s0f1
name: enp94s0f1
type: phy
mtu: "9100"
# ethernet_mac_address: <from host-catalogue> (optional)
- id: enp135s0f0
name: enp135s0f0
type: phy
mtu: 9100
- id: bond0
name: bond0
type: bond
bond_links: ["enp94s0f1", "enp135s0f0"]
bond_mode: 802.3ad
bond_xmit_hash_policy: layer3+4
bond_miimon: 100
mtu: 9100
- id: bond0.61
name: bond0.61
type: vlan
vlan_link: bond0
vlan_id: 61
mtu: 9100
vlan_mac_address: null
- id: bond0.62
name: bond0.62
type: vlan
vlan_link: bond0
vlan_id: 62
mtu: 9100
vlan_mac_address: null
- id: bond0.64
name: bond0.64
type: vlan
vlan_link: bond0
vlan_id: 64
mtu: 9100
vlan_mac_address: null
- id: bond0.65
name: bond0.65
type: vlan
vlan_link: bond0
vlan_id: 65
mtu: 9100
vlan_mac_address: null
networks:
- id: oam-ipv4
type: ipv4
link: bond0.61
# ip_address: <from host-catalogue>
netmask: 255.255.255.224
routes:
- network: 0.0.0.0
netmask: 0.0.0.0
gateway: 10.254.125.225
- id: pxe-ipv4
type: ipv4
link: eno4
# ip_address: <from host-catalogue>
netmask: 255.255.255.128
- id: storage-ipv4
type: ipv4
link: bond0.62
# ip_address:
netmask: 255.255.255.128
- id: calico-ipv4
type: ipv4
link: bond0.64
# ip_address:
netmask: 255.255.255.128
services:
- address: 8.8.8.8
type: dns
- address: 8.8.4.4
type: dns

View File

@ -0,0 +1,41 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: hardwareprofile-example
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes
- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../catalogues
- metal3machinetemplate.yaml
patchesStrategicMerge:
- versions-catalogue-patch.yaml
- patch_controlplane.yaml
commonLabels:
airshipit.org/stage: initinfra
transformers:
- ../../../../../../airshipctl/manifests/function/k8scontrol/replacements

View File

@ -0,0 +1,17 @@
---
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
metadata:
annotations:
config.kubernetes.io/path: metal3machinetemplate_cluster-controlplane-2.yaml
name: cluster-controlplane-2
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: controlplane-host
image:
checksum: e0d74d3d37e70e4eec1b204f8402ed3c
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

View File

@ -0,0 +1,178 @@
kind: KubeadmControlPlane
apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
metadata:
name: cluster-controlplane
spec:
replicas: 3
version: v1.18.6
infrastructureTemplate:
kind: Metal3MachineTemplate
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
name: cluster-controlplane-2
kubeadmConfigSpec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.local_hostname }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
initConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.local_hostname }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=controlplane'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
taints: []
clusterConfiguration:
imageRepository: "k8s.gcr.io"
controllerManager:
extraArgs:
enable-hostpath-provisioner: "true"
apiServer:
extraArgs:
service-node-port-range: 80-32767
networking:
dnsDomain: cluster.local
podSubnet: 172.16.0.0/16
serviceSubnet: 10.96.0.0/16
kubeProxyConfiguration:
mode: "ipvs"
clusterCidr: 172.16.0.0/16
preKubeadmCommands:
- echo 'root:r00tme' | chpasswd
- echo 'ubuntu:r00tme' | chpasswd
- |
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- sysctl --system
- swapoff -a
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
- /tmp/generate-kubelet-extra-args.sh
- modprobe ip_vs
- modprobe ip_vs_rr
- modprobe ip_vs_wrr
- modprobe ip_vs_sh
- modprobe nf_conntrack_ipv4
- apt-get update && apt-get install -y bridge-utils keepalived ipset ipvsadm
- systemctl enable --now keepalived
- /tmp/generate-kube-proxy.sh
- /tmp/local-storage-setup.sh
- /tmp/sysctl.sh
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
- apt update
- apt install -y
docker-ce="$(apt-cache policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
docker-ce-cli="$(apt-cache policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2)"
containerd.io
- apt install -y kubelet=1.18.6-00 kubeadm=1.18.6-00 kubectl=1.18.6-00
- apt-mark hold docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl
files:
- path: /tmp/generate-kube-proxy.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
for i in $(ls /tmp | grep kubeadm); do
cat <<EOF>> /tmp/$i
---
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
mode: ipvs
clusterCidr: 172.16.0.0/16
EOF
done
- path: /tmp/local-storage-setup.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
set -x
DISK=/dev/sdb
PARTITION=${DISK}1
MOUNTPOINT=/local-storage/sdb1
udevadm settle
mkdir -p $MOUNTPOINT
if mount | grep $MOUNTPOINT; then
echo "disk is already mounted"
exit 0
fi
if ! grep "${PARTITION}" /etc/fstab; then
echo "$PARTITION $MOUNTPOINT auto defaults,nofail 0 2" >>/etc/fstab
fi
if ! ls $PARTITION; then
/sbin/sgdisk --new 1 $DISK
fi
/sbin/mkfs.ext4 $PARTITION -L local-storage -F -E lazy_itable_init=1,lazy_journal_init=1
mount $MOUNTPOINT
/bin/chown -R etcd:etcd $MOUNTPOINT
exit 0
- path: /tmp/generate-kubelet-extra-args.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
function get_ip_address_from_interface {
local interface=$1
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
echo ${ip}
}
ip=$(get_ip_address_from_interface bond0.64)
cat <<EOF>/etc/default/kubelet
KUBELET_EXTRA_ARGS="--node-ip=$ip \
--feature-gates=CPUManager=true \
--cpu-manager-policy=static \
--reserved-cpus=0-3 \
--cpu-manager-reconcile-period=10s \
--feature-gates=TopologyManager=true \
--topology-manager-policy=restricted"
EOF
- path: /etc/keepalived/keepalived.conf
content: |
! Configuration File for keepalived
global_defs {
}
vrrp_instance KUBERNETES {
state BACKUP
interface bond0.51
virtual_router_id 200
priority 101
advert_int 1
virtual_ipaddress {
10.254.125.240
}
}
vrrp_instance INGRESS {
state BACKUP
interface bond0.51
virtual_router_id 199
priority 101
advert_int 1
virtual_ipaddress {
10.254.125.239
}
}
- path: "/tmp/sysctl.sh"
owner: root:root
permissions: '0700'
content: |
#!/bin/bash -x
cat <<EOF>/etc/sysctl.d/99-airship.conf
net.ipv4.conf.all.rp_filter=2
EOF
sysctl -p /etc/sysctl.d/99-airship.conf
users:
- name: deployer
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
sudo: ALL=(ALL) NOPASSWD:ALL

View File

@ -0,0 +1,11 @@
# Patch the versions catalogue to use the site-specific local image URL
# TODO: patch this in from a site-networking catalogue in the future
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
files:
k8scontrol:
cluster_controlplane_image:
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"

View File

@ -0,0 +1,32 @@
# Secrets generator/encrypter/decrypter
This directory contains an utility that helps generate, encrypt and decrypt
secrects. These secrects can be used anywhere in manifests.
For example we can use PGP key from SOPS example.
To get the key we need to run:
`curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
and import this key as environment variable:
`export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
## Generator
To generate secrets we use [template](secret-template.yaml) that will be passed
to kustomize as [generators](kustomization.yaml) during `airshipctl phase run secret-generate`
execution.
## Encrypter
To encrypt the secrets that have been generated we use generic container executor.
To start the secrets generate phase we need to execute following phase:
`airshipctl phase run secret-generate`
The executor run SOPS container and pass the pre-generated secrets to this container.
This container encrypt the secrets and write it to directory specified in `kustomizeSinkOutputDir`(results/generated).
## Decrypter
To decrypt previously encrypted secrets we use [decrypt-secrets.yaml](results/decrypt-secrets.yaml).
It will run the decrypt sops function when we run
`KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/`

View File

@ -0,0 +1,3 @@
generators:
- override

View File

@ -0,0 +1,2 @@
resources:
- ../../../../../../../airshipctl/manifests/type/gating/target/generator/

View File

@ -0,0 +1,3 @@
resources:
- override

View File

@ -0,0 +1,2 @@
resources:
- ../../../../../../../../../airshipctl/manifests/type/gating/target/generator/cleanup/

View File

@ -0,0 +1,29 @@
apiVersion: airshipit.org/v1alpha1
kind: Templater
metadata:
name: secret-template
annotations:
config.kubernetes.io/function: |
container:
image: quay.io/airshipit/templater:latest
envs:
- TOLERATE_DECRYPTION_FAILURES
template: |
{{- $tolerate := env "TOLERATE_DECRYPTION_FAILURES" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config2
annotations:
config.k8s.io/function: |
container:
image: gcr.io/kpt-fn-contrib/sops:v0.1.0
envs:
- SOPS_IMPORT_PGP
data:
ignore-mac: true
cmd: decrypt
{{- if eq $tolerate "true" }}
cmd-tolerate-failures: true
{{- end }}

View File

@ -0,0 +1,3 @@
generators:
- configurable-decryption.yaml

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,5 @@
resources:
- generated/secrets.yaml
transformers:
- decrypt-secrets

View File

@ -0,0 +1,7 @@
resources:
- ../../../../../../airshipctl/manifests/composite/infra/
commonLabels:
airshipit.org/stage: initinfra
patchesStrategicMerge:
- patch_calico.yaml

View File

@ -0,0 +1,10 @@
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
#registry: docker-open-nc.zc1.cti.att.com
calicoNetwork:
nodeAddressAutodetectionV4:
firstFound: false
interface: "bond0.64"

View File

@ -0,0 +1,19 @@
resources:
- ../../../../../../airshipctl/manifests/function/baremetal-operator
- ../../../../../../airshipctl/manifests/function/hwcc
- ../../../../../../airshipctl/manifests/function/clusterctl
- ../../../../../../airshipctl/manifests/composite/flux-helm
- ../catalogues
- scripts
commonLabels:
airshipit.org/stage: initinfra
patchesStrategicMerge:
- patch_bmo_config.yaml
- patch_ironic_entry.yaml
- patch_ironic_image.yaml
- patch_ironic.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/baremetal-operator/replacements
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements

View File

@ -0,0 +1,22 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ironic-vars
data:
AUTOMATED_CLEAN: "false"
IRONIC_AUTOMATED_CLEAN: "false"
DHCP_RANGE: 172.63.0.31,172.63.0.126
HTTP_PORT: "6180"
DEPLOY_KERNEL_PATH: images/ipa-ubuntu-master.kernel
DEPLOY_RAMDISK_PATH: images/ipa-ubuntu-master.initramfs
DEPLOY_KERNEL_URL: http://172.63.0.11:80/images/ipa-ubuntu-master.kernel
DEPLOY_RAMDISK_URL: http://172.63.0.11:80/images/ipa-ubuntu-master.initramfs
IRONIC_ENDPOINT: http://172.63.0.11:6385/v1/
IRONIC_FAST_TRACK: "false"
IRONIC_INSPECTOR_ENDPOINT: http://172.63.0.11:5050/v1/
PROVISIONING_IP: 172.63.0.11
PROVISIONING_INTERFACE: eno4
#QCOW_IMAGE: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
QCOW_IMAGE: "http://cloud-images-archive.ubuntu.com/releases/bionic/release-20190722.1/ubuntu-18.04-server-cloudimg-amd64.img"

View File

@ -0,0 +1,155 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ironic
spec:
replicas: 1
selector:
matchLabels:
name: ironic
template:
metadata:
labels:
name: ironic
spec:
hostNetwork: true
volumes:
- name: ironic-storage
persistentVolumeClaim:
claimName: ironic-pv-claim
- name: ironic-config-files
configMap:
name: ironic-config-files
defaultMode: 0644
- name: ironic-entrypoints
configMap:
name: ironic-entrypoints
defaultMode: 0700
- name: ironic-vars
configMap:
name: ironic-vars
defaultMode: 0644
- name: ironic-scripts
configMap:
name: ironic-scripts
defaultMode: 0700
nodeSelector: {}
initContainers:
- name: init-provisioning-ip-up
image: quay.io/metal3-io/ironic:latest
imagePullPolicy: IfNotPresent
command: ['/vip-ipaddress']
args: ["start"]
envFrom:
- configMapRef:
name: ironic-vars
volumeMounts:
- name: ironic-scripts
mountPath: "/vip-ipaddress"
subPath: vip-ipaddress
securityContext:
capabilities:
add: ["NET_ADMIN", "SYS_TIME"]
- name: init-bootstrap
image: "centos"
imagePullPolicy: IfNotPresent
command: ['/bin/init-bootstrap']
envFrom:
- configMapRef:
name: ironic-vars
volumeMounts:
- name: ironic-storage
mountPath: "/shared"
- name: ironic-entrypoints
mountPath: /bin/init-bootstrap
subPath: init-bootstrap
- name: ironic-config-files
mountPath: /cfg
- name: ironic-vars
mountPath: /ironic-vars
- name: init-images
image: quay.io/airshipit/ipa:latest
imagePullPolicy: IfNotPresent
command: ['/bin/init-images']
volumeMounts:
- name: ironic-storage
mountPath: "/shared"
- name: ironic-entrypoints
mountPath: /bin/init-images
subPath: init-images
- name: qcow-bundle
command:
- sh
- -c
- "cp /qcows/*.qcow2 /qcows/*.qcow2.md5sum /shared/html/images/"
image: "quay.io/airshipit/qcow-bundle:latest-ubuntu_focal"
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: "/shared"
name: ironic-storage
containers:
- name: dnsmasq
image: "quay.io/metal3-io/ironic:latest"
imagePullPolicy: IfNotPresent
command: ["/bin/rundnsmasq"]
securityContext:
privileged: true
volumeMounts:
- mountPath: "/shared"
name: ironic-storage
- name: ironic-entrypoints
mountPath: /bin/rundnsmasq
subPath: dnsmasq-entrypoint
- name: httpd
image: "quay.io/metal3-io/ironic:latest"
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add: ["NET_ADMIN"]
command: ["/bin/runhttpd"]
volumeMounts:
- mountPath: "/shared"
name: ironic-storage
- name: ironic-entrypoints
mountPath: /bin/runhttpd
subPath: httpd-entrypoint
- name: ironic
image: "quay.io/metal3-io/ironic:latest"
imagePullPolicy: IfNotPresent
command: ["/bin/runironic"]
lifecycle:
preStop:
exec:
command:
- /vip-ipaddress
- stop
securityContext:
privileged: true
volumeMounts:
- mountPath: "/shared"
name: ironic-storage
- name: ironic-entrypoints
mountPath: /bin/runironic
subPath: ironic-entrypoint
- name: ironic-scripts
mountPath: /vip-ipaddress
subPath: vip-ipaddress
envFrom:
- configMapRef:
name: ironic-vars
- name: ironic-inspector
image: "quay.io/metal3-io/ironic-inspector:latest"
imagePullPolicy: IfNotPresent
command: ["/bin/runironic-inspector"]
envFrom:
- configMapRef:
name: ironic-vars
securityContext:
privileged: true
volumeMounts:
- mountPath: "/shared"
name: ironic-storage
- name: ironic-entrypoints
mountPath: /bin/runironic-inspector
subPath: inspector-entrypoint

View File

@ -0,0 +1,47 @@
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
config.kubernetes.io/path: metal3/configmap_ironic-entrypoints.yaml
labels:
airshipit.org/stage: initinfra
name: ironic-entrypoints
namespace: metal3
data:
init-bootstrap: |
#!/usr/bin/env bash
set -xe
#Configure vars for rendering
pushd /ironic-vars
rm -f /shared/sed_commands
for var_name in $( ls ) ; do
echo -n s!\$\($var_name\)! >> /shared/sed_commands
cat $var_name >> /shared/sed_commands
echo !g >> /shared/sed_commands
export $var_name=$(cat $var_name)
done
popd
while ! ip -br addr show | grep -q "$PROVISIONING_IP/"; do
echo 'Waiting for provisioning ip'
sleep 5;
done
mkdir -p /shared/{tftpboot,ironic_prometheus_exporter,html/{images,pxelinux.cfg},log/{dnsmasq,httpd,ironic,ironic-inspector/ramdisk,mariadb}/}
# Remove log files from last deployment
rm -rf /shared/log/httpd/*
rm -rf /shared/log/ironic/*
rm -rf /shared/log/ironic-inspector/*
# Rendering files to shared mount
pushd /cfg
for f in $( ls ); do
sed -f /shared/sed_commands $f > /shared/$f
done
popd
pushd /shared/html/images
STATUSCODE=$(curl --silent --insecure --location -O --write-out "%{http_code}" ${QCOW_IMAGE})
if test $STATUSCODE -ne 200; then
echo "Failed to load ${ARTS[${art}]}"
exit 1
fi
popd
chmod -R 0777 /shared/html
touch /shared/init_finished

View File

@ -0,0 +1,12 @@
#this file is in place until we use latest airshipctl refs.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ironic
spec:
template:
spec:
initContainers:
- image: quay.io/airshipit/ipa:latest
name: init-images

View File

@ -0,0 +1,10 @@
generatorOptions:
disableNameSuffixHash: true
namespace: metal3
configMapGenerator:
- name: ironic-scripts
files:
- vip-ipaddress

View File

@ -0,0 +1,49 @@
#!/bin/bash
# Copyright 2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
COMMAND="${@:-start}"
# The following are standard ironic pod environment variables
# PROVISIONING_IP - IP address we expect to assign to provisioning bridge
# PROVISIONING_INTERFACE - the physical interface name, normally 'provisioning'
# to reflect a bridge named provisioning with eno4 as a member
function test_vip () {
ip addr show ${PROVISIONING_INTERFACE} | \
awk "/inet / && /${PROVISIONING_INTERFACE}/{print \$2 }" | \
awk -F '/' '{ print $1 }' | \
grep -q "${PROVISIONING_IP%/*}"
}
function start () {
ip link show ${PROVISIONING_INTERFACE} > /dev/null || ip link add ${PROVISIONING_INTERFACE} type dummy
if ! test_vip; then
ip addr add ${PROVISIONING_IP}/32 dev ${PROVISIONING_INTERFACE}
fi
ip link set ${PROVISIONING_INTERFACE} up
garp_interface=$(ip route list match "${PROVISIONING_IP}" scope link | \
awk '$2 == "dev" { print $3; exit }')
if [ -n "${garp_interface}" ]; then
arping -U -c 3 -I "${garp_interface}" "${PROVISIONING_IP%/*}" || true
fi
}
function sleep () {
exec bash -c "while :; do sleep 2073600; done"
}
function stop () {
ip link show ${PROVISIONING_INTERFACE} > /dev/null || exit 0
if test_vip; then
ip addr del ${PROVISIONING_IP}/32 dev ${PROVISIONING_INTERFACE}
fi
}
$COMMAND

View File

@ -0,0 +1,11 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- stl3r01s05
- stl3r01s06

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/cleanup
- ../../catalogues/cleanup

View File

@ -0,0 +1,35 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

View File

@ -0,0 +1,93 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: worker-1
spec:
template:
spec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.name }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
ntp:
enabled: true
servers:
- time.google.com
- time1.google.com
- time2.google.com
preKubeadmCommands:
- echo 'root:r00tme' | chpasswd
- echo 'ubuntu:r00tme' | chpasswd
- |
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- sysctl --system
- swapoff -a
- echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
- echo 'nameserver 8.8.4.4' >> /etc/resolv.conf
- /tmp/generate-kubelet-extra-args.sh
- /tmp/generate-kube-proxy.sh
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu/ $(lsb_release -cs) stable" | tee -a /etc/apt/sources.list
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- apt-get update
- apt-get install -y
docker-ce="$(apt policy docker-ce | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.12 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
containerd.io
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
- apt-mark hold kubelet kubeadm
- systemctl mask ntp
- systemctl enable --now systemd-timesyncd
files:
- path: /tmp/generate-kube-proxy.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
for i in $(ls /tmp | grep kubeadm); do
cat <<EOF>> /tmp/$i
---
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
mode: ipvs
clusterCidr: 172.16.0.0/16
EOF
done
- path: /tmp/generate-kubelet-extra-args.sh
permissions: "0700"
owner: root:root
content: |
#!/bin/bash
function get_ip_address_from_interface {
local interface=$1
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
echo ${ip}
}
ip=$(get_ip_address_from_interface bond0.54)
cat <<EOF>/etc/default/kubelet
KUBELET_EXTRA_ARGS="--node-ip=$ip \
--feature-gates=CPUManager=true \
--feature-gates=TopologyManager=true \
--cpu-manager-policy=static \
--cpu-manager-reconcile-period=10s \
--reserved-cpus=0-3 \
--serialize-image-pulls=false \
--topology-manager-policy=restricted"
EOF
users:
- name: deployer
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNUWhtyuxtB03tNm6SmGTplh4lsRhNfV0xH4zXHYkN/hDn+BMxq0kNqF705RJNqRKclboq1yaGWWgrv+G74t2xRNcFm52rdelmVCp0x27S6ozSb+FpOqmppK+P5cQQjAsDmaFYL3tlz3TBlhlSduuIakQaBCSngRjQabETDLWdI7XsdJOQPSTTPM86WWwuHVI5LISv4z4xmz+uYnCxl4P0rLWbAHh7fXKEH5dw4scqm2g+CW5bdSzrVPjl3THy7Ba5uQtF9RvCoCusy+dLQHLm0Ej0/f+/En1T525SmKGJBO7fzLl1AC+0snRyvQC26z0ROcrSaVvRySM12OwShfr arijit@arijit-VirtualBox
sudo: ALL=(ALL) NOPASSWD:ALL

View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes
- kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml
- machinedeployment.yaml

View File

@ -0,0 +1,29 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: worker-1
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
replicas: 2
selector:
matchLabels:
cluster.x-k8s.io/cluster-name: target-cluster
template:
metadata:
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
version: v1.18.6
bootstrap:
configRef:
name: worker-1
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
infrastructureRef:
name: worker-1
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate

View File

@ -0,0 +1,15 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
metadata:
name: worker-1
spec:
template:
spec:
hostSelector:
matchLabels:
airshipit.org/k8s-role: worker
image:
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: worker

View File

@ -0,0 +1,63 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: worker-1
spec:
template:
spec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.name }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
feature-gates: "IPv6DualStack=true"
ntp:
enabled: true
servers:
- 135.188.34.124
- 135.38.244.16
- 135.188.34.84
preKubeadmCommands:
- echo 'root:r00tme' | chpasswd
- echo 'ubuntu:r00tme' | chpasswd
- |
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- sysctl --system
- |
mkdir -p /etc/systemd/system/docker.service.d/
cat <<EOF | tee /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
EOF
- export HTTP_PROXY=REPLACEMENT_HTTP_PROXY
- export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY
- export http_proxy=${HTTP_PROXY}
- export https_proxy=${HTTPS_PROXY}
- export NO_PROXY=REPLACEMENT_NO_PROXY
- export no_proxy=${NO_PROXY}
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- apt-get update
- apt-get install -y
docker-ce="$(apt policy docker-ce | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
containerd.io
- swapoff -a
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
- apt-mark hold kubelet kubeadm
- systemctl mask ntp
- systemctl enable --now systemd-timesyncd
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
users:
- name: deployer
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1
sudo: ALL=(ALL) NOPASSWD:ALL

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues
- ../../../../../../../airshipctl/manifests/type/gating/hwccprofiles
- kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml
- machinedeployment.yaml
transformers:
- ../replacements

View File

@ -0,0 +1,29 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: worker-1
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/cluster-name: target-cluster
template:
metadata:
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
version: v1.18.3
bootstrap:
configRef:
name: worker-1
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
infrastructureRef:
name: worker-1
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
---

View File

@ -0,0 +1,10 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
metadata:
name: worker-1
spec:
template:
spec:
image:
url: http://172.63.0.11:80/images/ubuntu-18.04-server-cloudimg-amd64.img
checksum: "e0d74d3d37e70e4eec1b204f8402ed3c"

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- workers-env-vars.yaml

View File

@ -0,0 +1,38 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-env-vars-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTP_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTPS_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_NO_PROXY%"]

View File

@ -0,0 +1,5 @@
resources:
- ../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues
- ../../../../../../airshipctl/manifests/type/gating/target/workload
transformers:
- ../../../../../../airshipctl/manifests/type/gating/target/workload/ingress/replacements