airship
/
treasuremap
Code Issues Proposed changes

Dex Treasure Map - New Function + Test Site 

This patchset provides the implementation of dex-aio function, which is
used to deploy Dex through a Helm operator, e.g., flux/helm-operator.

A test site (dex-test-site) has been included, which contains manifests
to run the following phase plan:

         clusterctl-init-ephemeral
         controlplane-ephemeral
         initinfra-target
         clusterctl-init-target
         clusterctl-move
         workers-target

         helm-operator-target
         helm-collator-target
         dex-release-target

The first six phases are used to deploy a target cluster on Azure cloud
while the remaining three are for deploying Dex through a Helm operator.

The 'helm-collator-target' phase requires an existing "airshipctl" repo
supporting the function 'helm-chart-collator', which is provide by a
different patchset.

Change-Id: I7057d9a5c78cbcef26bac89a9f5bf06fd0d3ac4d
This commit is contained in:
Sidney Shiba 2021-02-05 16:24:36 -06:00 committed by Sidney Shiba
parent 6145fe5dc3
commit 6e93f0554d
111 changed files with 3184 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
README.md
View File

@ -1,9 +1,80 @@
# Treasuremap
# Deploy Dex on Target Cluster (Azure cloud)
This documentation project outlines a reference architecture for automated
cloud provisioning and management, leveraging a collection of interoperable
open-source tools.
This test site provides the manifests to customize and deploy a target cluster on Azure named ***edge-5g-cluster***.
Once the target cluster has been deployed, manifest in target/workload can be used to deploy the Helm operator, Helm Collator (Helm repository), and Dex itself.
## Dex-AIO Function
## Architecture
To get started, see [architecture](https://airship-treasuremap.readthedocs.io/en/latest/index.html).
The **dex-aio** function provides the manifests to deploy Dex through a Helm Operator.
## Dex Test Site
The **dex-test-site** provides the manifests to deploy a Target cluster on Azure cloud, and workload manifests for the Helm operator, Helm Chart Collator (a.k.a., Helm repository based on ChartMuseum), and Dex.
See **dex-test-site** directory structure below:
```bash
dex-test-site/
├── config
│ └── variable-catalogue.yaml
├── ephemeral
│ └── controlplane
├── metadata.yaml
├── phases
└── target
├── initinfra
├── workers
└── workload
├── dex-helm-release
├── helm-chart-collator
└── helm-operator
```
This test site relies on the *Replacement* transformer to customize it. All customizable values can be found at *config/variable-catalogue.yaml" file.
### Deploying the Target Cluster
The manifests for deploying the Target cluster through *airshipctl phase run* are located in the following tree structure:
```bash
dex-test-site/
├── ephemeral
│ └── controlplane
└── target
├── initinfra
└── workers
```
The sequence for deploying the Target cluster is provided below:
1. Initialize *Airship config* file: invokde *`tools/deployment/22_test_configs.sh`*
2. Create ephemeral cluster: invoke script *`../airshipctl/tools/document/start_kind.sh`*
3. Initialize Ephemeral cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-ephemeral-script.sh`*
4. Deploy Target control plane node(s): invoke script *`tools/deployment/phases/phase-controlplane-ephemeral-script.sh`*
5. Deploy Calico CNI: invoke script *`tools/deployment/phases/phase-initinfra-target-script.sh`*
6. Initialize Target cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-target-script.sh`*
7. Move CAPI resources to Target cluster: *`tools/deployment/phases/phase-clusterctl-move-script.sh`*
8. Deploy Target worker node(s): *`tools/deployment/phases/phase-workers-target-script.sh`*
### Deploying the Workload Services
The manifests for deploying the workload services are located under *target/workload* directory:
```bash
dex-test-site/
└── target
└── workload
├── dex-helm-release
├── helm-chart-collator
└── helm-operator
```
In order to test and validate Dex deployment, you need to first deploy the Helm operator (*manifest/composite/flux-helm*) from *airshipctl* project, as well as the Helm Chart Collator (*manifest/function/helm-chart-collator*) from the same project. These two services are referenced by the *kustomization* file in *target/workload/helm-operator* and *target/workload/helm-chart-collator*, respectively.
The *kustomization* file for deploying *Dex* service is located in *target/workload/dex-helm-release* folder.
New phases have been implemented to deploy the Helm operator, Helm repository and Dex. The corresponding phase manifest can be found in *phases/phases.yaml*.
1. Deploy Helm operator service: invoke script *`tools/deployment/phases/phase-helm-operator-target-script.sh`*
2. Deploy Helm Chart Collator service: invoke script *`tools/deployment/phases/phase-helm-collator-target-script.sh`*
3. Deploy Dex service: invoke script *`tools/deployment/phases/phase-dex-release-target-script.sh`*

4
manifests/function/clusterctl/replacements/kustomization.yaml
View File

@ -1,4 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../airshipctl/manifests/function/clusterctl/replacements
- apiserver-replacements.yaml
- dex-replacements.yaml
- dex-variable-catalogue.yaml

17
manifests/function/dex-aio/README.md Normal file
View File

@ -0,0 +1,17 @@
# DEX-AIO function
The DEX-AIO function deploys the Dex Authentication service as well as provides the Target cluster's API server with OIDC flags configuration.
The rationale to have both located under the ***dex-aio*** function is because the Target cluster's API server and Dex are deployed as tandem, sharing some information such as certificates.
## API Server OIDC Configuration
The folder ***api-server*** contains the manifest needed to configure the OIDC flags as *extraArgs* for the API server for the Target cluster.
The manifests under this folder expects that deployment of Control Plane nodes is done throught CAPI Management Cluster.
Kustomization manifest(s) can be found under *api-server/replacements* with default replacement values located in *catalogue* folder.
## DEX AIO Deployment
The folder ***dex*** contains the manifests needed to deploy ***dex-aio*** service in a Target cluster.
Kustomization manifest(s) can be found under *dex/replacements* with default replacement values located in *catalogue* folder.
## Variable Catalogue for DEX-AIO function
The folder ***catalogue*** contains the variables used to customize the deployment of the API server and Dex.

8
manifests/function/dex-aio/api-server/dex-cert-secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: target-cluster-control-plane-dex-crt
namespace: default
type: Opaque
data:
dex-cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

6
manifests/function/dex-aio/api-server/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../catalogue
- dex-cert-secret.yaml

95
manifests/function/dex-aio/api-server/replacements/apiserver-replacements.yaml Normal file
View File

@ -0,0 +1,95 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: dex-controlplane-replacements
replacements:
# Dex Secrets for Certificates
- source:
objref:
name: dex-catalogue
fieldref: dex.tls.crt-b64
target:
objref:
kind: Secret
name: target-cluster-control-plane-dex-crt
fieldrefs: [".data.dex-cert"]
# KubeadmControlPlane for Dex
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-issuer-url"]
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-client-id"]
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-claim
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-claim"]
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-prefix
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-prefix"]
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-groups-claim
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-groups-claim"]
- source:
objref:
name: dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-ca-file
target:
objref:
kind: KubeadmControlPlane
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-ca-file"]
# - source:
# objref:
# name: dex-catalogue
# fieldref: dex.kubeadm.api-server.extra-volumes.dex
# target:
# objref:
# kind: KubeadmControlPlane
# fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraVolumes[0]"]
# - source:
# objref:
# name: dex-catalogue
# fieldref: dex.kubeadm.files.dex
# target:
# objref:
# kind: KubeadmControlPlane
# fieldrefs: [".spec.kubeadmConfigSpec.files[0]"]

6
manifests/function/dex-aio/api-server/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- apiserver-replacements.yaml
- ../../catalogue/cleanup

10
manifests/function/dex-aio/catalogue/cleanup/dex-delete-catalogue.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: dex-catalogue-cleanup
patches: |-
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: dex-catalogue
$patch: delete

5
manifests/function/dex-aio/catalogue/cleanup/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dex-delete-catalogue.yaml

124
manifests/function/dex-aio/catalogue/dex-variable-catalogue.yaml Normal file
View File

@ -0,0 +1,124 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: dex-catalogue
labels:
airshipit.org/deploy-k8s: "false"
dex:
site:
name: Core
endpoints:
hostname: dex.core.local
port:
https: 31556
http: 31554
nodePort:
https: 31556
http: 31554
oidc:
client_id: core-kubernetes
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
service:
type: LoadBalancer
kubeadm:
api-server:
extra-args:
oidc-issuer-url: https://dex.core.local:5556/dex
oidc-client-id: core-kubernetes
oidc-username-claim: email
oidc-username-prefix: "oidc:"
oidc-groups-claim: groups
oidc-ca-file: /etc/kubernetes/certs/dex-cert
extra-volumes:
dex:
{
"hostPath": "/etc/kubernetes/certs/dex-cert",
"mountPath": "/etc/kubernetes/certs/dex-cert",
"name": "dex-cert",
"readOnly": true
}
files:
dex:
{
"contentFrom": {
"secret": {
"key": "dex-cert",
"name": "target-cluster-control-plane-dex-crt"
}
},
"owner": "root:root",
"path": "/etc/kubernetes/certs/dex-cert",
"permissions": "0644"
}
tls:
crt: |
-----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIUQG5rnXCN1XFVgV5J01OzryKcsYAwDQYJKoZIhvcNAQEL
BQAwGzEZMBcGA1UEAwwQamFydmlzLWNhLWlzc3VlcjAeFw0yMTAxMjkxNTU2MDZa
Fw0yMTAyMDgxNTU2MDZaMBsxGTAXBgNVBAMMEGphcnZpcy1jYS1pc3N1ZXIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP+hxPsqvedmLtF0IyJE8U1YYA
v8p1nWlP1pAqUpLY1Vq9ahdnwuff+jPmtoF+f5ws1164Ac+UlzVyt6WgSvVGtnC0
Hsrbsi+PvMh3CtVOj3h/vN5a8ESHG+CoZO/hHEpc9k9BB4qRNTGSr+z7BkWNqTus
lvFYOxnvzvCb8QI5kz5V3KJiREDqSEoow5lYIbVjQoPaj8ofulOZw/CTbhgfwDFx
6T+Q3C3HcG2IrRtD7yeT684S6jDC06CYgGc9FkiyQhsju27IKqWOt1PGccWKPSnA
43oNgkT6A00rfi48ICsppEwxBdz8FPPmTkNMoyG11RMcXAYggmBkXeRVDg2vAgMB
AAGjUzBRMB0GA1UdDgQWBBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAfBgNVHSMEGDAW
gBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQAmSszZ4lBTNW88LK7CoeDcU0X/fWxpRtWi3eXmFssqS+/yMS5w
ys+n4jPPZQDZZbjaGHa0DDYvTWEWx8U9ETqQMd+4dS/2EiwuTiDr3DimnB1NpGbf
/Di2uFQVXt2RkoEYTbTsFK/Gk3E20l75epaspxrc+UaOtjdIl1g/mLVy3Oa8K39h
iC3+nWdmokwImCXMJIqLXssJqJK6XEXCsdaQrqfgp9GibM8Pc+0Rbkcmo+ksrPrj
trq23db6WtKqXVOpa/MTMXblIHjUif7NpzsDpkj470jwNDN9S6IHjEWZaQCMagp8
JFH7vMItGzKqLDTjquMDfvHtw4/U1vmtjRZY
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAz/ocT7Kr3nZi7RdCMiRPFNWGAL/KdZ1pT9aQKlKS2NVavWoX
Z8Ln3/oz5raBfn+cLNdeuAHPlJc1creloEr1RrZwtB7K27Ivj7zIdwrVTo94f7ze
WvBEhxvgqGTv4RxKXPZPQQeKkTUxkq/s+wZFjak7rJbxWDsZ787wm/ECOZM+Vdyi
YkRA6khKKMOZWCG1Y0KD2o/KH7pTmcPwk24YH8Axcek/kNwtx3BtiK0bQ+8nk+vO
EuowwtOgmIBnPRZIskIbI7tuyCqljrdTxnHFij0pwON6DYJE+gNNK34uPCArKaRM
MQXc/BTz5k5DTKMhtdUTHFwGIIJgZF3kVQ4NrwIDAQABAoIBAEBObYKXFF1s7Zmx
n14xq+IdQ5nns4o6ad2t0lXDwnQZRD1dGG+U7G1sx6+GrvOWMYwL69Wpea3QM06N
SkEN7Fk5ABAxlTfpGJuxG6rzRpFL+05D79zefdHo5MYsr59DSBsGbesFkerkL7fT
fcsAXXE36qOq6GUHoTVtHyiYlL+IILJEc4+XPFX+mOxDrRDKaIT5BiV9Kksi7kOZ
FBZjcbBXcwuxSg0uxDm4hMiGshdJp+3Enum7pwXeU7OpaiDCF/icFCeNQ/MZaSP3
TFMNsllQbmTAa/Aej1pU2nA0CucyNkVMvNlRjDi6qpdyp0roBQC62jCZHbG8dDci
eG4UQgECgYEA9sWNDBv0zvQVcsqpwVXUdjsSRuAmtRWxgkC/U72TefvOwav3GeLM
WMiepk4Iy2BqwE/SjAruvuVfOxN+U2/TnuAP/4cz5z8btFnjgtRSGHL+ZZpwcMNb
2mqsaCu86s66tGQrmnrneFmWCVHX0ZOEUQmwH4bV4R4ifd7ETpK4UQ8CgYEA18Ep
aVmt/ka2Cd1I7HgM2eWRBRuErQneDJdIbo3MxU5gXT0MQC2yoaXSTW5x2NvJ8lcK
pTKZgJn54oNTkH1db8ZrwZ3tKFOgug64UpVrteVicjin/HKLfSUQ5YqjgsE3aO53
Wmo9DBJ9qV2eYZVaCnkBvmE7LNs8IiXoOEQlOWECgYEA2b2YZh3o1g8zObWvMcOt
E6Gtz9IK9W+t0DOXXqmBDnpshiFZiILBMnna2v0x71ok94m3SxB+dvxnGfZqWe7r
OF2WYC8JUjsyE+HYyODVi3M0G6y5GBaY3tGPTN+C82D0ByX3/3gA9AWASLrphqf2
cZbty/OqlteDMbM1XetCLWsCgYEAk/ySAwjYJ0kpI6r8kfXmGq8zwWUWo/nYrJo3
vFzWz57qyglNldfCZs3uad4PiMd4xRie3KDQWT1EAPJDJyBWLozS7IL+YGK8I+Jk
24BR2Pn1hJMH5khLFROPe2KUtOMCtp6ajxG/vcARIVJtiFGA6R4G7CaVCDd4D5Qg
rDdRsQECgYAmZTXsx5BUUDkGaeOXNlLj9ZXTGVQDIro6UZ4t4sZ+cZ8Pk1oEnqGu
JI4iknkRTX4zlEDY9TmVij+bU+vpVdwjV7ygoDA7WAYuv91dIji7VXPBIKdJnkmV
UnFZc+n6xY/IkZGhb++ibdy9zj/sR1daCYyHRvy1h4s4+Ho41M598Q==
-----END RSA PRIVATE KEY-----
crt-b64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key-b64: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
idp:
connector:
connectors:
- type: <your connector type, e.g., 'ldap'>
id: <your connector id, e.g., 'ldap'>
name: <your connector name, e.g., 'LDAP'>

5
manifests/function/dex-aio/catalogue/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dex-variable-catalogue.yaml

8
manifests/function/dex-aio/dex/dex-certs-issuer.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: cert-manager.io/v1alpha3
kind: ClusterIssuer
metadata:
name: dex-ca-issuer
spec:
ca:
secretName: dex-ca-key-pair

9
manifests/function/dex-aio/dex/dex-certs-secrets.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: dex-ca-key-pair
namespace: cert-manager
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

69
manifests/function/dex-aio/dex/dex-helmrelease.yaml Normal file
View File

@ -0,0 +1,69 @@
apiVersion: v1
kind: Namespace
metadata:
name: dex
---
# Dex Helm Charts from Helm Repository (Helm Collator)
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: dex-helm-repo
namespace: collator
spec:
interval: 5m
url: http://helm-chart-collator.collator.svc:8080/
---
# Dex Helm Charts from Git Repository
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: dex-git-repo
namespace: collator
spec:
interval: 5m
url: https://github.com/sshiba/dex-charts.git
ref:
branch: main
commit: bda63b9d0bc9ee46e798b9849bfde476c9f7efe0
---
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: dex-aio
namespace: dex
spec:
releaseName: dex-aio
targetNamespace: dex
interval: 5m
chart:
spec:
chart: dex-aio
# Referencing Dex Helm charts from Helm Collator repo
sourceRef:
kind: HelmRepository
name: dex-helm-repo
namespace: collator
# Referencing Dex Helm charts from Git repo
# sourceRef:
# kind: GitRepository
# name: dex-git-repo
# namespace: collator
# values:
# params:
# site:
# name: Jarvis
# endpoints:
# hostname: dex.jarvis.local
# port:
# https: 5556
# http: 5554
# k8s: 8443
# nodePort:
# https: 31556
# http: 31554
# oidc:
# client_id: jarvis-kubernetes
# client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
# service:
# type: LoadBalancer

8
manifests/function/dex-aio/dex/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../catalogue
- dex-certs-secrets.yaml
- dex-certs-issuer.yaml
- dex-helmrelease.yaml

148
manifests/function/dex-aio/dex/replacements/dex-replacements.yaml Normal file
View File

@ -0,0 +1,148 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: cluster-controlplane-replacements
replacements:
# Dex Secrets for Certificates
- source:
objref:
name: dex-catalogue
fieldref: dex.tls.crt-b64
target:
objref:
kind: Secret
name: dex-ca-key-pair
# fieldrefs using the json form because crt name (i.e., "tls.crt") contains a dot (.)
# the json form starts with a dot (.), which makes the Replacement transformer
# to not base64 encode the data.
fieldrefs: ["{.data.tls\\.crt}"]
- source:
objref:
name: dex-catalogue
fieldref: dex.tls.key-b64
target:
objref:
kind: Secret
name: dex-ca-key-pair
# fieldrefs using the json form because key name (i.e., "tls.key") contains a dot (.)
# the json form starts with a dot (.), which makes the Replacement transformer
# to not base64 encode the data.
fieldrefs: ["{.data.tls\\.key}"]
# Dex HelmRelease Customization
- source:
objref:
name: dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.service.type"]
# Dex HelmRelease Values override
- source:
objref:
name: dex-catalogue
fieldref: dex.site.name
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.site.name"]
- source:
objref:
name: dex-catalogue
fieldref: dex.endpoints.hostname
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.endpoints.hostname"]
- source:
objref:
name: dex-catalogue
fieldref: dex.endpoints.port.https
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.endpoints.port.https"]
- source:
objref:
name: dex-catalogue
fieldref: dex.endpoints.port.http
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.endpoints.port.http"]
- source:
objref:
name: dex-catalogue
fieldref: dex.endpoints.nodePort.https
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.endpoints.nodePort.https"]
- source:
objref:
name: dex-catalogue
fieldref: dex.endpoints.nodePort.http
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.endpoints.nodePort.http"]
- source:
objref:
name: dex-catalogue
fieldref: dex.oidc.client_id
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.oidc.client_id"]
- source:
objref:
name: dex-catalogue
fieldref: dex.oidc.client_secret
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.oidc.client_secret"]
- source:
objref:
name: dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: HelmRelease
name: dex-aio
fieldrefs: ["spec.values.params.service.type"]
# Uncomment the "- source" structure below for enabling to override the Dex Connector data
# - source:
# objref:
# name: dex-catalogue
# fieldref: dex.yaml.connector
# target:
# objref:
# kind: HelmRelease
# name: dex-aio
# fieldrefs: ["{.spec.values.config.dex\\.yaml}"]

6
manifests/function/dex-aio/dex/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dex-replacements.yaml
- ../../catalogue/cleanup

20
manifests/site/dex-bare-test-site/ephemeral/bootstrap/baremetalhost.yaml Normal file
View File

@ -0,0 +1,20 @@
# This patches the node02 BMH to be suitable for ephemeral purposes
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
annotations:
labels:
airshipit.org/ephemeral-node: "true"
airshipit.org/deploy-k8s: "false"
name: node02
spec:
online: true
bmc:
address: redfish+https://localhost:8443/redfish/v1/Systems/air-ephemeral
status:
provisioning:
# we need this status to make sure, that the host is not going to be
# reprovisioned by the ephemeral baremetal operator.
# when we have more flexible labeling system in place, we will not
# deliver this document to ephemeral cluster
state: externally provisioned

10
manifests/site/dex-bare-test-site/ephemeral/bootstrap/hostgenerator/host-generation.yaml Normal file
View File

@ -0,0 +1,10 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- node02

10
manifests/site/dex-bare-test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- patch-delete-catalogues.yaml

35
manifests/site/dex-bare-test-site/ephemeral/bootstrap/hostgenerator/patch-delete-catalogues.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

14
manifests/site/dex-bare-test-site/ephemeral/bootstrap/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/airship-core/ephemeral/bootstrap
- ../catalogues
generators:
- hostgenerator
patchesStrategicMerge:
- baremetalhost.yaml
transformers:
- ../../../../type/airship-core/ephemeral/bootstrap/replacements

4
manifests/site/dex-bare-test-site/ephemeral/catalogues/README.md Executable file
View File

@ -0,0 +1,4 @@
# Catalogue Definitions for Target Cluster
This inherits Site-level catalogues from the neighboring target cluster's
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.

6
manifests/site/dex-bare-test-site/ephemeral/catalogues/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../target/catalogues
patchesStrategicMerge:
- networking.yaml

19
manifests/site/dex-bare-test-site/ephemeral/catalogues/networking.yaml Normal file
View File

@ -0,0 +1,19 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
podCidr: "192.168.0.0/24"
controlPlaneEndpoint:
host: "10.23.25.101"
apiserverCertSANs: "[10.23.25.101, 10.23.24.101]"
ironic:
provisioningIp: "10.23.24.101"
dhcpRange: "10.23.24.200,10.23.24.250"

10
manifests/site/dex-bare-test-site/ephemeral/controlplane/hostgenerator/host-generation.yaml Normal file
View File

@ -0,0 +1,10 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- node01

10
manifests/site/dex-bare-test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- patch-delete-catalogues.yaml

35
manifests/site/dex-bare-test-site/ephemeral/controlplane/hostgenerator/patch-delete-catalogues.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

21
manifests/site/dex-bare-test-site/ephemeral/controlplane/kustomization.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/airship-core/ephemeral/controlplane
- ../../target/catalogues # NOTE: use target networking for this phase
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
# otherwise nodes will hang in 'registering' state for quite a long time
- nodes
- site-dex-catalogue.yaml
patchesJson6902:
- target:
group: controlplane.cluster.x-k8s.io
version: v1alpha3
kind: KubeadmControlPlane
name: cluster-controlplane
path: oidc-api-server-flags-bare.json
transformers:
- replacements # Dex Replacement transformer
- ../../../../type/airship-core/ephemeral/controlplane/replacements

12
manifests/site/dex-bare-test-site/ephemeral/controlplane/nodes/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
# Note: this weird extra layer between the .. and ../hostgenerator
# is purely to apply the label below to the generated hosts.
# When can come up with a better way to declare (e.g. via catalogue)
# that the host is a controlplane host, we should get rid of this.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

32
manifests/site/dex-bare-test-site/ephemeral/controlplane/oidc-api-server-flags-bare.json Normal file
View File

@ -0,0 +1,32 @@
[
{
"op": "add",
"path": "/spec/kubeadmConfigSpec/clusterConfiguration/apiServer",
"value": {
"extraVolumes":
[
{
"hostPath": "/etc/kubernetes/certs/dex-cert",
"mountPath": "/etc/kubernetes/certs/dex-cert",
"name": "dex-cert",
"readOnly": true
}
]
}
},
{
"op": "add",
"path": "/spec/kubeadmConfigSpec/files/-",
"value": {
"contentFrom": {
"secret": {
"key": "dex-cert",
"name": "target-cluster-control-plane-dex-crt"
}
},
"owner": "root:root",
"path": "/etc/kubernetes/certs/dex-cert",
"permissions": "0644"
}
}
]

5
manifests/site/dex-bare-test-site/ephemeral/controlplane/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- site-dex-replacements.yaml

84
manifests/site/dex-bare-test-site/ephemeral/controlplane/replacements/site-dex-replacements.yaml Normal file
View File

@ -0,0 +1,84 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: site-dex-controlplane-replacements
replacements:
- source:
objref:
name: site-dex-catalogue
fieldref: dex.site.name
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.site.name"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.endpoints.hostname
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.endpoints.hostname"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.oidc.client_id
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_id"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.oidc.client_secret
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_secret"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.service.type"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-issuer-url"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-client-id"]

54
manifests/site/dex-bare-test-site/ephemeral/controlplane/site-dex-catalogue.yaml Normal file
View File

@ -0,0 +1,54 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: site-dex-catalogue
labels:
airshipit.org/deploy-k8s: "false"
dex:
site:
name: Dex-Site
endpoints:
hostname: dex.site.local
oidc:
client_id: site-kubernetes
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
service:
type: LoadBalancer
kubeadm:
api-server:
extra-args:
oidc-issuer-url: https://dex.site.local:5556/dex
oidc-client-id: site-kubernetes
idp:
connector:
connectors:
- type: github
id: github
name: GitHub
config:
clientID: a81a48be874d99aaa327
clientSecret: d62120afd02f5440e674d31a117710cdf9d0170c
redirectURI: https://dex.site.local:5556/dex/callback
orgs:
- name: airship2
teams:
- cicd-devops
- development
- management
loadAllGroups: false
useLoginAsID: false

2
manifests/site/dex-bare-test-site/ephemeral/initinfra-networking/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/ephemeral/initinfra-networking

5
manifests/site/dex-bare-test-site/ephemeral/initinfra/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- ../../../../type/airship-core/ephemeral/initinfra
- ../catalogues
transformers:
- ../../../../type/airship-core/ephemeral/initinfra/replacements

14
manifests/site/dex-bare-test-site/host-inventory/hostgenerator/host-generation.yaml Normal file
View File

@ -0,0 +1,14 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
# Note: this list should be kept up to date with
# the full list of hosts in the cluster
- node01
- node02
- node03

10
manifests/site/dex-bare-test-site/host-inventory/hostgenerator/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/
- ../../target/catalogues
- host-generation.yaml
transformers:
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- patchesstrategicmerge.yaml

35
manifests/site/dex-bare-test-site/host-inventory/hostgenerator/patchesstrategicmerge.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

5
manifests/site/dex-bare-test-site/host-inventory/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- hostgenerator

38
manifests/site/dex-bare-test-site/kubeconfig/kubeconfig.yaml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: airshipit.org/v1alpha1
kind: KubeConfig
metadata:
name: default
labels:
airshipit.org/deploy-k8s: "false"
config:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
server: https://10.23.25.102:6443
name: target-cluster
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.23.25.101:6443
name: ephemeral-cluster
contexts:
- context:
cluster: target-cluster
user: target-cluster-admin
name: target-cluster
- context:
cluster: ephemeral-cluster
user: ephemeral-cluster-admin
name: ephemeral-cluster
current-context: ""
kind: Config
preferences: {}
users:
- name: ephemeral-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
- name: target-cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

2
manifests/site/dex-bare-test-site/kubeconfig/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- kubeconfig.yaml

6
manifests/site/dex-bare-test-site/metadata.yaml Normal file
View File

@ -0,0 +1,6 @@
phase:
docEntryPointPrefix: manifests/site/test-site
path: manifests/site/test-site/phases
inventory:
path: manifests/site/test-site/host-inventory

6
manifests/site/dex-bare-test-site/phases/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
resources:
- ../kubeconfig
- ../../../type/airship-core/phases
## TODO Consider making a catalogue combined with variable substitution instead
patchesStrategicMerge:
- phase-patch.yaml

10
manifests/site/dex-bare-test-site/phases/phase-patch.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: airshipit.org/v1alpha1
kind: BaremetalManager
metadata:
name: RemoteDirectEphemeral
spec:
hostSelector:
name: node02
operationOptions:
remoteDirect:
isoURL: http://localhost:8099/ephemeral.iso

5
manifests/site/dex-bare-test-site/target/catalogues/README.md Executable file
View File

@ -0,0 +1,5 @@
# Catalogue Definitions for Target Cluster
This inherits Type-level catalogues, and adds in Site-specific values.
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
customizations on top of this for ephemeral use.

66
manifests/site/dex-bare-test-site/target/catalogues/hosts.yaml Normal file
View File

@ -0,0 +1,66 @@
# Site-level host catalogue. This info feeds the Templater
# kustomize plugin config in the hostgenerator-m3 function.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
labels:
airshipit.org/deploy-k8s: "false"
hosts:
m3:
node01:
bootMode: UEFI
macAddress: 52:54:00:b6:ed:31
bmcAddress: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-target-1
bmcUsername: root
bmcPassword: r00tme
disableCertificateVerification: false
ipAddresses:
oam-ipv4: 10.23.25.102
pxe-ipv4: 10.23.24.102
macAddresses:
oam: 52:54:00:9b:27:4c
pxe: 52:54:00:b6:ed:31
hardwareProfile: default # defined in the hostgenerator-m3 function
node02:
bootMode: UEFI
macAddress: 52:54:00:b6:ed:02
bmcAddress: redfish+https://10.23.25.1:8443/redfish/v1/Systems/air-ephemeral
bmcUsername: username
bmcPassword: password
disableCertificateVerification: false
ipAddresses:
oam-ipv4: 10.23.25.101
pxe-ipv4: 10.23.24.101
macAddresses:
oam: 52:54:00:9b:27:02
pxe: 52:54:00:b6:ed:02
hardwareProfile: example # defined in the hardwareprofile-example function
node03:
bootMode: UEFI
macAddress: 52:54:00:b6:ed:23
bmcAddress: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-worker-1
bmcUsername: username
bmcPassword: password
disableCertificateVerification: false
ipAddresses:
oam-ipv4: 10.23.25.103
pxe-ipv4: 10.23.24.103
macAddresses:
oam: 52:54:00:9b:27:07
pxe: 52:54:00:b6:ed:23
hardwareProfile: default # defined in the hardwareprofile-example function
node04:
bootMode: UEFI
macAddress: 52:54:00:36:5e:e3
bmcAddress: redfish+http://10.23.25.2:8000/redfish/v1/Systems/air-target-2
bmcUsername: username
bmcPassword: password
ipAddresses:
oam-ipv4: 10.23.25.104
pxe-ipv4: 10.23.24.104
macAddresses:
oam: 52:54:00:dc:ab:04
pxe: 52:54:00:51:0b:e4
hardwareProfile: default # defined in the hardwareprofile-example function

10
manifests/site/dex-bare-test-site/target/catalogues/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../type/airship-core/shared/catalogues
- hosts.yaml
patchesStrategicMerge:
- versions-airshipctl.yaml
- networking.yaml

19
manifests/site/dex-bare-test-site/target/catalogues/networking.yaml Normal file
View File

@ -0,0 +1,19 @@
# This makes a couple small networking tweaks that are specific to the
# ephemeral cluster, on top of the target cluster networking definition.
# These values can be overridden at the site, type, etc levels as appropriate.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
# The catalogue should be overridden as appropriate for different kubernetes
# clusters, e.g. ephemeral vs target vs tenant
kubernetes:
controlPlaneEndpoint:
host: "10.23.25.102"
apiserverCertSANs: "[10.23.25.102, 10.23.24.102]"
ironic:
provisioningIp: "10.23.24.102"
dhcpRange: "10.23.24.200,10.23.24.250"

12
manifests/site/dex-bare-test-site/target/catalogues/versions-airshipctl.yaml Normal file
View File

@ -0,0 +1,12 @@
# Override default controlplane image location
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
files:
k8scontrol:
# Host the image in a locally served location for CI
cluster_controlplane_image:
url: http://10.23.24.1:8099/target-image.qcow2
checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum

2
manifests/site/dex-bare-test-site/target/initinfra-networking/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/target/initinfra-networking

6
manifests/site/dex-bare-test-site/target/initinfra/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
resources:
- ../../../../type/airship-core/target/initinfra
- ../../../../function/hostconfig-operator
- ../catalogues
transformers:
- ../../../../type/airship-core/target/initinfra/replacements

10
manifests/site/dex-bare-test-site/target/workers/hostgenerator/host-generation.yaml Normal file
View File

@ -0,0 +1,10 @@
# Site-level, phase-specific lists of hosts to generate
# This is used by the hostgenerator-m3 function to narrow down the site-level
# host-catalogue to just the hosts needed for a particular phase.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
hosts:
m3:
- node03

10
manifests/site/dex-bare-test-site/target/workers/hostgenerator/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
- ../../catalogues/
- host-generation.yaml
transformers:
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
- patch-delete-catalogues.yaml

35
manifests/site/dex-bare-test-site/target/workers/hostgenerator/patch-delete-catalogues.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: smp
patches: |-
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: host-generation-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: networking
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: env-vars-catalogue
$patch: delete
---
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: versions-airshipctl
$patch: delete

48
manifests/site/dex-bare-test-site/target/workers/kubeadmconfigtemplate.yaml Normal file
View File

@ -0,0 +1,48 @@
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
metadata:
name: worker-1
spec:
template:
spec:
joinConfiguration:
nodeRegistration:
name: '{{ ds.meta_data.name }}'
kubeletExtraArgs:
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
feature-gates: "IPv6DualStack=true"
ntp:
enabled: true
servers:
- 135.188.34.124
- 135.38.244.16
- 135.188.34.84
preKubeadmCommands:
- echo 'root:r00tme' | chpasswd
- echo 'ubuntu:r00tme' | chpasswd
- |
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
- sysctl --system
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
- apt-get update
- apt-get install -y
docker-ce="$(apt policy docker-ce | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
containerd.io
- swapoff -a
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
- apt-mark hold kubelet kubeadm
- systemctl mask ntp
- systemctl enable --now systemd-timesyncd
users:
- name: deployer
sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1
sudo: ALL=(ALL) NOPASSWD:ALL

7
manifests/site/dex-bare-test-site/target/workers/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nodes
- kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml
- machinedeployment.yaml

29
manifests/site/dex-bare-test-site/target/workers/machinedeployment.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: cluster.x-k8s.io/v1alpha3
kind: MachineDeployment
metadata:
name: worker-1
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/cluster-name: target-cluster
template:
metadata:
labels:
cluster.x-k8s.io/cluster-name: target-cluster
spec:
clusterName: target-cluster
version: v1.18.3
bootstrap:
configRef:
name: worker-1
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
kind: KubeadmConfigTemplate
infrastructureRef:
name: worker-1
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
---

10
manifests/site/dex-bare-test-site/target/workers/metal3machinetemplate.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
kind: Metal3MachineTemplate
metadata:
name: worker-1
spec:
template:
spec:
image:
url: http://10.23.24.1:8099/target-image.qcow2
checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum

8
manifests/site/dex-bare-test-site/target/workers/nodes/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ../hostgenerator
commonLabels:
airshipit.org/k8s-role: controlplane-host

2
manifests/site/dex-bare-test-site/target/workload/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- ../../../../type/airship-core/target/workload

100
manifests/site/dex-test-site/README.md Normal file
View File

@ -0,0 +1,100 @@
# Deploy Dex on Target Cluster (Azure cloud)
This test site provides the manifests to customize and deploy a target cluster on Azure named ***dex-target-cluster*** as well as Dex service.
## Dex-AIO Function
The **dex-aio** function provides the manifests to deploy Dex through a Helm Operator, and pulling correspoding charts from a Helm Collator.
This function relies on charts being available in the Target cluster through the Helm Collator service (aka, Helm repository).
> NOTE: Refer to the functions for the Helm operator and Helm (Chart) Collator in the ***airshipit/airshipctl*** project.
## Dex Test Site
The **dex-test-site** provides the manifests to deploy a Target cluster on Azure cloud, and workload manifests for the Helm operator, Helm Chart Collator (a.k.a., Helm repository based on ChartMuseum), and Dex.
See **dex-test-site** directory structure below:
```bash
dex-test-site/
├── config
│ └── variable-catalogue.yaml
├── ephemeral
│ └── controlplane
├── metadata.yaml
├── phases
└── target
├── initinfra
├── workers
└── workload
├── dex-helm-release
├── helm-chart-collator
└── helm-operator
```
This test site relies on the *Replacement* transformer and Kustomize patches to customize it. All customizable values can be found at *config/variable-catalogue.yaml" file.
### Deploying the Target Cluster
The manifests for deploying the Target cluster through *airshipctl phase run* are located in the following tree structure:
```bash
dex-test-site/
├── ephemeral
│ └── controlplane
└── target
├── initinfra
└── workers
```
The sequence for deploying the Target cluster is provided below:
1. Initialize *Airship config* file: invokde *`tools/deployment/22_test_configs.sh`*
2. Create ephemeral cluster: invoke script *`../airshipctl/tools/document/start_kind.sh`*
3. Initialize Ephemeral cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-ephemeral-script.sh`*
4. Deploy Target control plane node(s): invoke script *`tools/deployment/phases/phase-controlplane-ephemeral-script.sh`*
5. Deploy Calico CNI: invoke script *`tools/deployment/phases/phase-initinfra-target-script.sh`*
6. Initialize Target cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-target-script.sh`*
7. Move CAPI resources to Target cluster: *`tools/deployment/phases/phase-clusterctl-move-script.sh`*
8. Deploy Target worker node(s): *`tools/deployment/phases/phase-workers-target-script.sh`*
> NOTE: The phase **clusterctl-init-ephemeral** provides the OIDC flags for the Target cluster's API Server, which is required for integrating with Dex service.
### Workload Phases
Three phases have been implemented for testing the deployment of Dex.
```bash
dex-test-site/
└── phases
└── phases.yaml
├── dex-helm-release
├── helm-chart-collator
└── helm-operator
```
- **helm-operator**: Used to deploy *flux/helm-controller* (aka, Helm operator) and corresponding services.
- **helm-chart-collator**: Used to deploy a Helm repository based on ChartMuseum, which contains Dex Helm charts.
- **dex-helm-release**: Used to deploy Dex through the Helm operator.
### Deploying the Workload Services
The manifests for deploying the workload services are located under *target/workload* directory:
```bash
dex-test-site/
└── target
└── workload
├── dex-helm-release
├── helm-chart-collator
└── helm-operator
```
In order to test and validate Dex deployment, you need to first deploy the Helm operator (*manifest/composite/flux-helm*) from *airshipctl* project, as well as the Helm Chart Collator (*manifest/function/helm-chart-collator*) from the same project. These two services are referenced by the *kustomization* file in *target/workload/helm-operator* and *target/workload/helm-chart-collator*, respectively.
The *kustomization* file for deploying *Dex* service is located in *target/workload/dex-helm-release* folder.
New phases have been implemented to deploy the Helm operator, Helm repository and Dex. The corresponding phase manifest can be found in *phases/phases.yaml*.
1. Deploy Helm operator service: invoke script *`tools/deployment/phases/phase-helm-operator-target-script.sh`*
2. Deploy Helm Chart Collator service: invoke script *`tools/deployment/phases/phase-helm-collator-target-script.sh`*
3. Deploy Dex service: invoke script *`tools/deployment/phases/phase-dex-release-target-script.sh`*

45
manifests/site/dex-test-site/config/cluster-variable-catalogue.yaml Normal file
View File

@ -0,0 +1,45 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: cluster-catalogue
labels:
airshipit.org/deploy-k8s: "false"
kubernetes:
subscriptionID: cb3e23d3-b697-4c4f-a1a7-529e308691e4
location: centralus
k8sVersion: v1.18.10
# Cluster
clusterName: dex-target-cluster
resourceGroup: dex-target-cluster-rg
virtualNet: dex-target-cluster-vnet
# Control Plane
controlPlaneName: dex-target-cluster-control-plane
kubeadmSecretName: dex-target-cluster-control-plane-azure-json
controlPlaneVMSize: Standard_B2s
controlPlaneReplicas: 1
# Workers
workerName: dex-target-cluster-md-0
kubeadmConfigSecretName: dex-target-cluster-md-0-azure-json
workerVMSize: Standard_B2s
workerReplicas: 1
# ConfigMap
clusterMap:
dex-target-cluster:
parent: ephemeral-cluster
ephemeral-cluster: {}
sshPublicKey: "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDdG9ESENIZzFIeGJ6VjZXeWdQSENJYmwzYUIwQThMMG1PemNHc0pFQ0MvbDFpYVI3K2JTMUk0U2x6TnlzSjNqb3BqQUtwZzB5SUpOMkJDZHBEenI2akNxUnFEMG8zY3NXMlAyQTBRUGpwcTgyVnhtTnlIWUZqUmxjZTh3dnU4c1FUR1RPZWtOZktucmZnOWRuQnJubmErRHJYZDk4YTUvendweko3UStNRlI2NlpnT3d5U1dJMEk4UUloV0dnNWxJakVPR3Y5S2pMSC9aeHRtNWFmZy9ISjlqUDNHSFlrRk9sU2pXUk5nRHc1eTh2T0YvU2JQaTFSVExGTVlnNUdqTzFsZVFDaitoOTZRRmk2d1JyRFlVcEdKWlVJZ2VJTjE5UWJEZVBLc0xzQzl2VVJ4KzdrUFY2K0REd2VmUThoVVYvVUEwSWg0amhxL2ZIekhqL3RkdlNxRUlFUmVTSFZiZlMrUUJFWDNrS3BrWTJsNlFjMHd4dXhhWDN3aVVzOGkxM2Q5QVdSYjZydHNnSjFzQmxWUk8xaGhrYlVMcUE4YTJsc28wVGhSSWh1VzQ1eGdUZnc5eC9TWXBzTWplVEorOVVPU2VIeVJFOTJDMmwwNTVCSlJ0TDh0OEtmT3hHa3VjRkZjNnpERm8vajgydGdTZHdHSUQyRFVaTEY2SXp0blpEdlZJZUw1aFlhNE9NUUdleURhNlV5OVE2NmkwRTB1bzJEb0lqdGxGV1VsNlRpRExzSDlnZEJNWlJ3dTFYcm52VFJTdWJJMnFzWGtEK015VU5KUXJENzRFVVptS0M2WjhHN3RDOGFjUE1xdCtJWnRoRklQa016ZXh5SGs2R09vdDZyR29JMVZNcjNVUUQyb3ZYdTh6T2ZOaXZLOFJ4N3Q3ai9PMkJKd3JyTHc9PSBzaWRuZXkuc2hpYmFAZXJpY3Nzb24uY29tCg=="

6
manifests/site/dex-test-site/config/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-variable-catalogue.yaml
- site-dex-catalogue.yaml

54
manifests/site/dex-test-site/config/site-dex-catalogue.yaml Normal file
View File

@ -0,0 +1,54 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: site-dex-catalogue
labels:
airshipit.org/deploy-k8s: "false"
dex:
site:
name: Dex-Site
endpoints:
hostname: dex.site.local
oidc:
client_id: site-kubernetes
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
service:
type: LoadBalancer
kubeadm:
api-server:
extra-args:
oidc-issuer-url: https://dex.site.local:5556/dex
oidc-client-id: site-kubernetes
idp:
connector:
connectors:
- type: github
id: github
name: GitHub
config:
clientID: a81a48be874d99aaa327
clientSecret: d62120afd02f5440e674d31a117710cdf9d0170c
redirectURI: https://dex.site.local:5556/dex/callback
orgs:
- name: airship2
teams:
- cicd-devops
- development
- management
loadAllGroups: false
useLoginAsID: false

19
manifests/site/dex-test-site/ephemeral/controlplane/kustomization.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/k8scontrol-capz/v0.4.9
- ../../../../function/dex-aio/api-server
- ../../config
patchesJson6902:
- target:
group: controlplane.cluster.x-k8s.io
version: v1alpha3
kind: KubeadmControlPlane
name: target-cluster-control-plane
path: oidc_api_server_flags.json
transformers:
- replacements
- ../../../../function/dex-aio/api-server/replacements

27
manifests/site/dex-test-site/ephemeral/controlplane/oidc_api_server_flags.json Normal file
View File

@ -0,0 +1,27 @@
[
{
"op": "add",
"path": "/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes/-",
"value": {
"hostPath": "/etc/kubernetes/certs/dex-cert",
"mountPath": "/etc/kubernetes/certs/dex-cert",
"name": "dex-cert",
"readOnly": true
}
},
{
"op": "add",
"path": "/spec/kubeadmConfigSpec/files/-",
"value": {
"contentFrom": {
"secret": {
"key": "dex-cert",
"name": "target-cluster-control-plane-dex-crt"
}
},
"owner": "root:root",
"path": "/etc/kubernetes/certs/dex-cert",
"permissions": "0644"
}
}
]

182
manifests/site/dex-test-site/ephemeral/controlplane/replacements/cluster-replacements.yaml Normal file
View File

@ -0,0 +1,182 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: cluster-controlplane-replacements
replacements:
# Kind Cluster replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Cluster
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Cluster
fieldrefs: ["spec.infrastructureRef.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneName
target:
objref:
kind: Cluster
fieldrefs: ["spec.controlPlaneRef.name"]
# Kind AzureCluster replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: AzureCluster
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.subscriptionID
target:
objref:
kind: AzureCluster
fieldrefs: ["spec.subscriptionID"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.resourceGroup
target:
objref:
kind: AzureCluster
fieldrefs: ["spec.resourceGroup"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.virtualNet
target:
objref:
kind: AzureCluster
fieldrefs: ["spec.networkSpec.vnet.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.location
target:
objref:
kind: AzureCluster
fieldrefs: ["spec.location"]
# KubeadmControlPlane replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneName
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneName
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["spec.infrastructureTemplate.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneReplicas
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["spec.replicas"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.k8sVersion
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["spec.version"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["spec.kubeadmConfigSpec.controllerManager.extraArgs.cluster-name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.kubeadmSecretName
target:
objref:
kind: KubeadmControlPlane
fieldrefs: ["spec.kubeadmConfigSpec.files.0.contentFrom.secret.name"]
# AzureMachineTemplate replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneName
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.location
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.location"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.controlPlaneVMSize
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.vmSize"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.sshPublicKey
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.sshPublicKey"]
# Dex Secrets for Certificates
- source:
objref:
name: dex-catalogue
fieldref: dex.tls.crt
target:
objref:
kind: Secret
name: target-cluster-control-plane-dex-crt
fieldrefs: ["data.dex-cert"]

6
manifests/site/dex-test-site/ephemeral/controlplane/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- site-dex-replacements.yaml
- cluster-replacements.yaml

74
manifests/site/dex-test-site/ephemeral/controlplane/replacements/site-dex-replacements.yaml Normal file
View File

@ -0,0 +1,74 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: site-dex-controlplane-replacements
replacements:
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-issuer-url"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-client-id"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-claim
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-username-claim"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-prefix
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-username-prefix"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-groups-claim
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-groups-claim"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.kubeadm.api-server.extra-args.oidc-ca-file
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-ca-file"]

3
manifests/site/dex-test-site/metadata.yaml Normal file
View File

@ -0,0 +1,3 @@
phase:
path: manifests/site/dex-test-site/phases
docEntryPointPrefix: manifests/site/dex-test-site

18
manifests/site/dex-test-site/phases/infrastructure-providers.json Normal file
View File

@ -0,0 +1,18 @@
[{
"op": "replace",
"path": "/init-options/infrastructure-providers",
"value": ["azure:v0.4.9"]
},
{
"op": "replace",
"path": "/providers/0",
"value": {
"name": "azure",
"type": "InfrastructureProvider",
"variable-substitution": true,
"versions": {
"v0.4.9": "airshipctl/manifests/function/capz/v0.4.9"
}
}
}
]

18
manifests/site/dex-test-site/phases/kustomization.yaml Normal file
View File

@ -0,0 +1,18 @@
resources:
- ../../../../../airshipctl/manifests/phases
- ../config
- phases.yaml
transformers:
- replacements.yaml
patchesStrategicMerge:
- plan.yaml
patchesJson6902:
- target:
group: airshipit.org
version: v1alpha1
kind: Clusterctl
name: "clusterctl_init"
path: infrastructure-providers.json

35
manifests/site/dex-test-site/phases/phases.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: helm-operator-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workload/flux-helm
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: helm-collator-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workload/helm-chart-collator
---
apiVersion: airshipit.org/v1alpha1
kind: Phase
metadata:
name: dex-release-target
clusterName: target-cluster
config:
executorRef:
apiVersion: airshipit.org/v1alpha1
kind: KubernetesApply
name: kubernetes-apply
documentEntryPoint: target/workload/dex-aio

33
manifests/site/dex-test-site/phases/plan.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: airshipit.org/v1alpha1
kind: PhasePlan
metadata:
name: phasePlan
phaseGroups:
- name: group1
phases:
# Deploy Target Cluster
- name: clusterctl-init-ephemeral
- name: controlplane-ephemeral
- name: initinfra-target
- name: clusterctl-init-target
- name: clusterctl-move
- name: workers-target
# Deploying Workload
- name: helm-operator-target
- name: helm-collator-target
- name: dex-release-target
---
apiVersion: airshipit.org/v1alpha1
kind: Clusterctl
metadata:
name: clusterctl_init
env-vars: true
---
apiVersion: airshipit.org/v1alpha1
kind: ClusterMap
metadata:
name: main-map
map:
cluster-name:
parent: ephemeral-cluster
ephemeral-cluster: {}

118
manifests/site/dex-test-site/phases/replacements.yaml Normal file
View File

@ -0,0 +1,118 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: cluster-controlplane-replacements
replacements:
# Updating Phase initinfra-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: initinfra-target
fieldrefs: ["metadata.clusterName"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: initinfra-target
fieldrefs: ["config.cluster"]
# Updating Phase clusterctl-init-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: clusterctl-init-target
fieldrefs: ["metadata.clusterName"]
# Updating Phase clusterctl-move
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: clusterctl-move
fieldrefs: ["metadata.clusterName"]
# Updating Phase workers-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: workers-target
fieldrefs: ["metadata.clusterName"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: workers-target
fieldrefs: ["config.cluster"]
# Updating Phase helm-operator-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: helm-operator-target
fieldrefs: ["metadata.clusterName"]
# Updating Phase helm-collator-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: helm-collator-target
fieldrefs: ["metadata.clusterName"]
# Updating Phase dex-release-target
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: Phase
name: dex-release-target
fieldrefs: ["metadata.clusterName"]
# ClusterMap substitution
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterMap
target:
objref:
kind: ClusterMap
name: main-map
fieldrefs: ["map"]

6
manifests/site/dex-test-site/target/initinfra/kustomization.yaml Executable file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/cni/calico-capz/v3
commonLabels:
airshipit.org/stage: initinfra

8
manifests/site/dex-test-site/target/workers/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/workers-capz/v0.4.9
- ../../config
transformers:
- replacements.yaml

126
manifests/site/dex-test-site/target/workers/replacements.yaml Normal file
View File

@ -0,0 +1,126 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: cluster-worker-replacements
replacements:
# Kind MachineDeployment replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerName
target:
objref:
kind: MachineDeployment
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerReplicas
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.replicas"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.clusterName"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.template.spec.clusterName"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.k8sVersion
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.template.spec.version"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.clusterName
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.template.spec.bootstrap.clusterName"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerName
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.template.spec.bootstrap.configRef.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerName
target:
objref:
kind: MachineDeployment
fieldrefs: ["spec.template.spec.infrastructureRef.name"]
# KubeadmConfigTemplate replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerName
target:
objref:
kind: KubeadmConfigTemplate
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.kubeadmConfigSecretName
target:
objref:
kind: KubeadmConfigTemplate
fieldrefs: [".spec.template.spec.files.0.contentFrom.secret.name"]
# AzureMachineTemplate replacements
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerName
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["metadata.name"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.location
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.location"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.workerVMSize
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.vmSize"]
- source:
objref:
name: cluster-catalogue
fieldref: kubernetes.sshPublicKey
target:
objref:
kind: AzureMachineTemplate
fieldrefs: ["spec.template.spec.sshPublicKey"]

10
manifests/site/dex-test-site/target/workload/dex-aio/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../config
- ../../../../../type/airship-core/target/workload/dex-aio
transformers:
- replacements
- ../../../../../type/airship-core/target/workload/dex-aio/replacements

5
manifests/site/dex-test-site/target/workload/dex-aio/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- site-dex-replacements.yaml

76
manifests/site/dex-test-site/target/workload/dex-aio/replacements/site-dex-replacements.yaml Normal file
View File

@ -0,0 +1,76 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: site-cluster-controlplane-replacements
replacements:
# Dex VariableCatalogue Values override
- source:
objref:
name: site-dex-catalogue
fieldref: dex.site.name
target:
objref:
kind: VariableCatalogue
name: type-dex-catalogue
fieldrefs: [".dex.site.name"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.endpoints.hostname
target:
objref:
kind: VariableCatalogue
name: type-dex-catalogue
fieldrefs: [".dex.endpoints.hostname"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.oidc.client_id
target:
objref:
kind: VariableCatalogue
name: type-dex-catalogue
fieldrefs: [".dex.oidc.client_id"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.oidc.client_secret
target:
objref:
kind: VariableCatalogue
name: type-dex-catalogue
fieldrefs: [".dex.oidc.client_secret"]
- source:
objref:
name: site-dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: VariableCatalogue
name: type-dex-catalogue
fieldrefs: [".dex.service.type"]
# Uncomment "-source" structure below to add your IDP Connector data
# - source:
# objref:
# name: site-dex-catalogue
# fieldref: dex.idp.connector.connectors
# target:
# objref:
# kind: VariableCatalogue
# name: type-dex-catalogue
# fieldrefs: ["dex.idp.connector.connectors"]

5
manifests/site/dex-test-site/target/workload/flux-helm/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../type/airship-core/target/workload/flux-helm/

23
manifests/site/dex-test-site/target/workload/helm-chart-collator/collator-catalogue.yaml Normal file
View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: site-collator-catalogue
labels:
airshipit.org/deploy-k8s: "false"
collator:
image: quay.io/sshiba/helm-chart-collator:latest

10
manifests/site/dex-test-site/target/workload/helm-chart-collator/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- collator-catalogue.yaml
- ../../../../../type/airship-core/target/workload/helm-chart-collator/
transformers:
- replacements
- ../../../../../type/airship-core/target/workload/helm-chart-collator/replacements

29
manifests/site/dex-test-site/target/workload/helm-chart-collator/replacements/collator-replacements.yaml Normal file
View File

@ -0,0 +1,29 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: site-dex-controlplane-replacements
replacements:
- source:
objref:
name: site-collator-catalogue
fieldref: collator.image
target:
objref:
kind: VariableCatalogue
name: type-collator-catalogue
fieldrefs: [".collator.image"]

5
manifests/site/dex-test-site/target/workload/helm-chart-collator/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- collator-replacements.yaml

1
manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml
View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../../../../function/dex-aio/api-server

1
manifests/type/airship-core/ephemeral/controlplane/replacements/kustomization.yaml
View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/k8scontrol/replacements
- ../../../../../function/dex-aio/api-server/replacements

6
manifests/type/airship-core/target/workload/dex-aio/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- type-dex-catalogue.yaml
- ../../../../../function/dex-aio/dex

10
manifests/type/airship-core/target/workload/dex-aio/replacements/dex-cleanup-catalogue.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: dex-type-catalogue-cleanup
patches: |-
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-dex-catalogue
$patch: delete

7
manifests/type/airship-core/target/workload/dex-aio/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- type-dex-replacements.yaml
- ../../../../../../function/dex-aio/dex/replacements
- dex-cleanup-catalogue.yaml

75
manifests/type/airship-core/target/workload/dex-aio/replacements/type-dex-replacements.yaml Normal file
View File

@ -0,0 +1,75 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: type-cluster-controlplane-replacements
replacements:
# Dex VariableCatalogue Values override
- source:
objref:
name: type-dex-catalogue
fieldref: dex.site.name
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.site.name"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.endpoints.hostname
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.endpoints.hostname"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.oidc.client_id
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_id"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.oidc.client_secret
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_secret"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.service.type"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.idp.connector.connectors
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: ["dex.idp.connector.connectors"]

42
manifests/type/airship-core/target/workload/dex-aio/type-dex-catalogue.yaml Normal file
View File

@ -0,0 +1,42 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-dex-catalogue
labels:
airshipit.org/deploy-k8s: "false"
dex:
site:
name: Dex-Type
endpoints:
hostname: dex.type.local
oidc:
client_id: type-kubernetes
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
service:
type: LoadBalancer
kubeadm:
api-server:
extra-args:
oidc-issuer-url: https://dex.type.local:5556/dex
oidc-client-id: type-kubernetes
idp:
connector:
connectors:
- type: ldap
id: ldap
name: LDAP

5
manifests/type/airship-core/target/workload/flux-helm/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/composite/flux-helm

6
manifests/type/airship-core/target/workload/helm-chart-collator/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- type-collator-catalogue.yaml
- ../../../../../../../airshipctl/manifests/function/helm-chart-collator

10
manifests/type/airship-core/target/workload/helm-chart-collator/replacements/collator-cleanup-catalogue.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: collator-type-catalogue-cleanup
patches: |-
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-collator-catalogue
$patch: delete

30
manifests/type/airship-core/target/workload/helm-chart-collator/replacements/collator-replacements.yaml Normal file
View File

@ -0,0 +1,30 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: type-dex-controlplane-replacements
replacements:
# Dex Secrets for Certificates
- source:
objref:
name: type-collator-catalogue
fieldref: collator.image
target:
objref:
kind: Deployment
name: helm-chart-collator
fieldrefs: [".spec.template.spec.containers[0]image"]

6
manifests/type/airship-core/target/workload/helm-chart-collator/replacements/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- collator-replacements.yaml
- collator-cleanup-catalogue.yaml

23
manifests/type/airship-core/target/workload/helm-chart-collator/type-collator-catalogue.yaml Normal file
View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-collator-catalogue
labels:
airshipit.org/deploy-k8s: "false"
collator:
image: quay.io/airshipit/type-helm-chart-collator:latest

Some files were not shown because too many files have changed in this diff Show More