Dex Treasure Map - New Function + Test Site
This patchset provides the implementation of dex-aio function, which is used to deploy Dex through a Helm operator, e.g., flux/helm-operator. A test site (dex-test-site) has been included, which contains manifests to run the following phase plan: clusterctl-init-ephemeral controlplane-ephemeral initinfra-target clusterctl-init-target clusterctl-move workers-target helm-operator-target helm-collator-target dex-release-target The first six phases are used to deploy a target cluster on Azure cloud while the remaining three are for deploying Dex through a Helm operator. The 'helm-collator-target' phase requires an existing "airshipctl" repo supporting the function 'helm-chart-collator', which is provide by a different patchset. Change-Id: I7057d9a5c78cbcef26bac89a9f5bf06fd0d3ac4d
This commit is contained in:
parent
6145fe5dc3
commit
6e93f0554d
83
README.md
83
README.md
|
@ -1,9 +1,80 @@
|
|||
# Treasuremap
|
||||
# Deploy Dex on Target Cluster (Azure cloud)
|
||||
|
||||
This documentation project outlines a reference architecture for automated
|
||||
cloud provisioning and management, leveraging a collection of interoperable
|
||||
open-source tools.
|
||||
This test site provides the manifests to customize and deploy a target cluster on Azure named ***edge-5g-cluster***.
|
||||
Once the target cluster has been deployed, manifest in target/workload can be used to deploy the Helm operator, Helm Collator (Helm repository), and Dex itself.
|
||||
|
||||
## Dex-AIO Function
|
||||
|
||||
## Architecture
|
||||
To get started, see [architecture](https://airship-treasuremap.readthedocs.io/en/latest/index.html).
|
||||
The **dex-aio** function provides the manifests to deploy Dex through a Helm Operator.
|
||||
|
||||
## Dex Test Site
|
||||
|
||||
The **dex-test-site** provides the manifests to deploy a Target cluster on Azure cloud, and workload manifests for the Helm operator, Helm Chart Collator (a.k.a., Helm repository based on ChartMuseum), and Dex.
|
||||
|
||||
See **dex-test-site** directory structure below:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
├── config
|
||||
│ └── variable-catalogue.yaml
|
||||
├── ephemeral
|
||||
│ └── controlplane
|
||||
├── metadata.yaml
|
||||
├── phases
|
||||
└── target
|
||||
├── initinfra
|
||||
├── workers
|
||||
└── workload
|
||||
├── dex-helm-release
|
||||
├── helm-chart-collator
|
||||
└── helm-operator
|
||||
```
|
||||
|
||||
This test site relies on the *Replacement* transformer to customize it. All customizable values can be found at *config/variable-catalogue.yaml" file.
|
||||
|
||||
### Deploying the Target Cluster
|
||||
|
||||
The manifests for deploying the Target cluster through *airshipctl phase run* are located in the following tree structure:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
├── ephemeral
|
||||
│ └── controlplane
|
||||
└── target
|
||||
├── initinfra
|
||||
└── workers
|
||||
```
|
||||
|
||||
The sequence for deploying the Target cluster is provided below:
|
||||
|
||||
1. Initialize *Airship config* file: invokde *`tools/deployment/22_test_configs.sh`*
|
||||
2. Create ephemeral cluster: invoke script *`../airshipctl/tools/document/start_kind.sh`*
|
||||
3. Initialize Ephemeral cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-ephemeral-script.sh`*
|
||||
4. Deploy Target control plane node(s): invoke script *`tools/deployment/phases/phase-controlplane-ephemeral-script.sh`*
|
||||
5. Deploy Calico CNI: invoke script *`tools/deployment/phases/phase-initinfra-target-script.sh`*
|
||||
6. Initialize Target cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-target-script.sh`*
|
||||
7. Move CAPI resources to Target cluster: *`tools/deployment/phases/phase-clusterctl-move-script.sh`*
|
||||
8. Deploy Target worker node(s): *`tools/deployment/phases/phase-workers-target-script.sh`*
|
||||
|
||||
### Deploying the Workload Services
|
||||
|
||||
The manifests for deploying the workload services are located under *target/workload* directory:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
└── target
|
||||
└── workload
|
||||
├── dex-helm-release
|
||||
├── helm-chart-collator
|
||||
└── helm-operator
|
||||
```
|
||||
|
||||
In order to test and validate Dex deployment, you need to first deploy the Helm operator (*manifest/composite/flux-helm*) from *airshipctl* project, as well as the Helm Chart Collator (*manifest/function/helm-chart-collator*) from the same project. These two services are referenced by the *kustomization* file in *target/workload/helm-operator* and *target/workload/helm-chart-collator*, respectively.
|
||||
|
||||
The *kustomization* file for deploying *Dex* service is located in *target/workload/dex-helm-release* folder.
|
||||
|
||||
New phases have been implemented to deploy the Helm operator, Helm repository and Dex. The corresponding phase manifest can be found in *phases/phases.yaml*.
|
||||
|
||||
1. Deploy Helm operator service: invoke script *`tools/deployment/phases/phase-helm-operator-target-script.sh`*
|
||||
2. Deploy Helm Chart Collator service: invoke script *`tools/deployment/phases/phase-helm-collator-target-script.sh`*
|
||||
3. Deploy Dex service: invoke script *`tools/deployment/phases/phase-dex-release-target-script.sh`*
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../airshipctl/manifests/function/clusterctl/replacements
|
||||
- apiserver-replacements.yaml
|
||||
- dex-replacements.yaml
|
||||
- dex-variable-catalogue.yaml
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
# DEX-AIO function
|
||||
|
||||
The DEX-AIO function deploys the Dex Authentication service as well as provides the Target cluster's API server with OIDC flags configuration.
|
||||
The rationale to have both located under the ***dex-aio*** function is because the Target cluster's API server and Dex are deployed as tandem, sharing some information such as certificates.
|
||||
|
||||
## API Server OIDC Configuration
|
||||
The folder ***api-server*** contains the manifest needed to configure the OIDC flags as *extraArgs* for the API server for the Target cluster.
|
||||
The manifests under this folder expects that deployment of Control Plane nodes is done throught CAPI Management Cluster.
|
||||
|
||||
Kustomization manifest(s) can be found under *api-server/replacements* with default replacement values located in *catalogue* folder.
|
||||
|
||||
## DEX AIO Deployment
|
||||
The folder ***dex*** contains the manifests needed to deploy ***dex-aio*** service in a Target cluster.
|
||||
Kustomization manifest(s) can be found under *dex/replacements* with default replacement values located in *catalogue* folder.
|
||||
|
||||
## Variable Catalogue for DEX-AIO function
|
||||
The folder ***catalogue*** contains the variables used to customize the deployment of the API server and Dex.
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: target-cluster-control-plane-dex-crt
|
||||
namespace: default
|
||||
type: Opaque
|
||||
data:
|
||||
dex-cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../catalogue
|
||||
- dex-cert-secret.yaml
|
|
@ -0,0 +1,95 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: dex-controlplane-replacements
|
||||
replacements:
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.crt-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: target-cluster-control-plane-dex-crt
|
||||
fieldrefs: [".data.dex-cert"]
|
||||
# KubeadmControlPlane for Dex
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-issuer-url"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-client-id"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-claim
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-prefix
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-prefix"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-groups-claim
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-groups-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-ca-file
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-ca-file"]
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.kubeadm.api-server.extra-volumes.dex
|
||||
# target:
|
||||
# objref:
|
||||
# kind: KubeadmControlPlane
|
||||
# fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraVolumes[0]"]
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.kubeadm.files.dex
|
||||
# target:
|
||||
# objref:
|
||||
# kind: KubeadmControlPlane
|
||||
# fieldrefs: [".spec.kubeadmConfigSpec.files[0]"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- apiserver-replacements.yaml
|
||||
- ../../catalogue/cleanup
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: dex-catalogue-cleanup
|
||||
patches: |-
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: dex-catalogue
|
||||
$patch: delete
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-delete-catalogue.yaml
|
|
@ -0,0 +1,124 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: dex-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
dex:
|
||||
site:
|
||||
name: Core
|
||||
endpoints:
|
||||
hostname: dex.core.local
|
||||
port:
|
||||
https: 31556
|
||||
http: 31554
|
||||
nodePort:
|
||||
https: 31556
|
||||
http: 31554
|
||||
oidc:
|
||||
client_id: core-kubernetes
|
||||
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
service:
|
||||
type: LoadBalancer
|
||||
kubeadm:
|
||||
api-server:
|
||||
extra-args:
|
||||
oidc-issuer-url: https://dex.core.local:5556/dex
|
||||
oidc-client-id: core-kubernetes
|
||||
oidc-username-claim: email
|
||||
oidc-username-prefix: "oidc:"
|
||||
oidc-groups-claim: groups
|
||||
oidc-ca-file: /etc/kubernetes/certs/dex-cert
|
||||
extra-volumes:
|
||||
dex:
|
||||
{
|
||||
"hostPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"mountPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"name": "dex-cert",
|
||||
"readOnly": true
|
||||
}
|
||||
files:
|
||||
dex:
|
||||
{
|
||||
"contentFrom": {
|
||||
"secret": {
|
||||
"key": "dex-cert",
|
||||
"name": "target-cluster-control-plane-dex-crt"
|
||||
}
|
||||
},
|
||||
"owner": "root:root",
|
||||
"path": "/etc/kubernetes/certs/dex-cert",
|
||||
"permissions": "0644"
|
||||
}
|
||||
tls:
|
||||
crt: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFzCCAf+gAwIBAgIUQG5rnXCN1XFVgV5J01OzryKcsYAwDQYJKoZIhvcNAQEL
|
||||
BQAwGzEZMBcGA1UEAwwQamFydmlzLWNhLWlzc3VlcjAeFw0yMTAxMjkxNTU2MDZa
|
||||
Fw0yMTAyMDgxNTU2MDZaMBsxGTAXBgNVBAMMEGphcnZpcy1jYS1pc3N1ZXIwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP+hxPsqvedmLtF0IyJE8U1YYA
|
||||
v8p1nWlP1pAqUpLY1Vq9ahdnwuff+jPmtoF+f5ws1164Ac+UlzVyt6WgSvVGtnC0
|
||||
Hsrbsi+PvMh3CtVOj3h/vN5a8ESHG+CoZO/hHEpc9k9BB4qRNTGSr+z7BkWNqTus
|
||||
lvFYOxnvzvCb8QI5kz5V3KJiREDqSEoow5lYIbVjQoPaj8ofulOZw/CTbhgfwDFx
|
||||
6T+Q3C3HcG2IrRtD7yeT684S6jDC06CYgGc9FkiyQhsju27IKqWOt1PGccWKPSnA
|
||||
43oNgkT6A00rfi48ICsppEwxBdz8FPPmTkNMoyG11RMcXAYggmBkXeRVDg2vAgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAfBgNVHSMEGDAW
|
||||
gBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQAmSszZ4lBTNW88LK7CoeDcU0X/fWxpRtWi3eXmFssqS+/yMS5w
|
||||
ys+n4jPPZQDZZbjaGHa0DDYvTWEWx8U9ETqQMd+4dS/2EiwuTiDr3DimnB1NpGbf
|
||||
/Di2uFQVXt2RkoEYTbTsFK/Gk3E20l75epaspxrc+UaOtjdIl1g/mLVy3Oa8K39h
|
||||
iC3+nWdmokwImCXMJIqLXssJqJK6XEXCsdaQrqfgp9GibM8Pc+0Rbkcmo+ksrPrj
|
||||
trq23db6WtKqXVOpa/MTMXblIHjUif7NpzsDpkj470jwNDN9S6IHjEWZaQCMagp8
|
||||
JFH7vMItGzKqLDTjquMDfvHtw4/U1vmtjRZY
|
||||
-----END CERTIFICATE-----
|
||||
key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAz/ocT7Kr3nZi7RdCMiRPFNWGAL/KdZ1pT9aQKlKS2NVavWoX
|
||||
Z8Ln3/oz5raBfn+cLNdeuAHPlJc1creloEr1RrZwtB7K27Ivj7zIdwrVTo94f7ze
|
||||
WvBEhxvgqGTv4RxKXPZPQQeKkTUxkq/s+wZFjak7rJbxWDsZ787wm/ECOZM+Vdyi
|
||||
YkRA6khKKMOZWCG1Y0KD2o/KH7pTmcPwk24YH8Axcek/kNwtx3BtiK0bQ+8nk+vO
|
||||
EuowwtOgmIBnPRZIskIbI7tuyCqljrdTxnHFij0pwON6DYJE+gNNK34uPCArKaRM
|
||||
MQXc/BTz5k5DTKMhtdUTHFwGIIJgZF3kVQ4NrwIDAQABAoIBAEBObYKXFF1s7Zmx
|
||||
n14xq+IdQ5nns4o6ad2t0lXDwnQZRD1dGG+U7G1sx6+GrvOWMYwL69Wpea3QM06N
|
||||
SkEN7Fk5ABAxlTfpGJuxG6rzRpFL+05D79zefdHo5MYsr59DSBsGbesFkerkL7fT
|
||||
fcsAXXE36qOq6GUHoTVtHyiYlL+IILJEc4+XPFX+mOxDrRDKaIT5BiV9Kksi7kOZ
|
||||
FBZjcbBXcwuxSg0uxDm4hMiGshdJp+3Enum7pwXeU7OpaiDCF/icFCeNQ/MZaSP3
|
||||
TFMNsllQbmTAa/Aej1pU2nA0CucyNkVMvNlRjDi6qpdyp0roBQC62jCZHbG8dDci
|
||||
eG4UQgECgYEA9sWNDBv0zvQVcsqpwVXUdjsSRuAmtRWxgkC/U72TefvOwav3GeLM
|
||||
WMiepk4Iy2BqwE/SjAruvuVfOxN+U2/TnuAP/4cz5z8btFnjgtRSGHL+ZZpwcMNb
|
||||
2mqsaCu86s66tGQrmnrneFmWCVHX0ZOEUQmwH4bV4R4ifd7ETpK4UQ8CgYEA18Ep
|
||||
aVmt/ka2Cd1I7HgM2eWRBRuErQneDJdIbo3MxU5gXT0MQC2yoaXSTW5x2NvJ8lcK
|
||||
pTKZgJn54oNTkH1db8ZrwZ3tKFOgug64UpVrteVicjin/HKLfSUQ5YqjgsE3aO53
|
||||
Wmo9DBJ9qV2eYZVaCnkBvmE7LNs8IiXoOEQlOWECgYEA2b2YZh3o1g8zObWvMcOt
|
||||
E6Gtz9IK9W+t0DOXXqmBDnpshiFZiILBMnna2v0x71ok94m3SxB+dvxnGfZqWe7r
|
||||
OF2WYC8JUjsyE+HYyODVi3M0G6y5GBaY3tGPTN+C82D0ByX3/3gA9AWASLrphqf2
|
||||
cZbty/OqlteDMbM1XetCLWsCgYEAk/ySAwjYJ0kpI6r8kfXmGq8zwWUWo/nYrJo3
|
||||
vFzWz57qyglNldfCZs3uad4PiMd4xRie3KDQWT1EAPJDJyBWLozS7IL+YGK8I+Jk
|
||||
24BR2Pn1hJMH5khLFROPe2KUtOMCtp6ajxG/vcARIVJtiFGA6R4G7CaVCDd4D5Qg
|
||||
rDdRsQECgYAmZTXsx5BUUDkGaeOXNlLj9ZXTGVQDIro6UZ4t4sZ+cZ8Pk1oEnqGu
|
||||
JI4iknkRTX4zlEDY9TmVij+bU+vpVdwjV7ygoDA7WAYuv91dIji7VXPBIKdJnkmV
|
||||
UnFZc+n6xY/IkZGhb++ibdy9zj/sR1daCYyHRvy1h4s4+Ho41M598Q==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
crt-b64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
key-b64: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
idp:
|
||||
connector:
|
||||
connectors:
|
||||
- type: <your connector type, e.g., 'ldap'>
|
||||
id: <your connector id, e.g., 'ldap'>
|
||||
name: <your connector name, e.g., 'LDAP'>
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-variable-catalogue.yaml
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1alpha3
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: dex-ca-issuer
|
||||
spec:
|
||||
ca:
|
||||
secretName: dex-ca-key-pair
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: dex-ca-key-pair
|
||||
namespace: cert-manager
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
|
@ -0,0 +1,69 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: dex
|
||||
---
|
||||
# Dex Helm Charts from Helm Repository (Helm Collator)
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: dex-helm-repo
|
||||
namespace: collator
|
||||
spec:
|
||||
interval: 5m
|
||||
url: http://helm-chart-collator.collator.svc:8080/
|
||||
---
|
||||
# Dex Helm Charts from Git Repository
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: dex-git-repo
|
||||
namespace: collator
|
||||
spec:
|
||||
interval: 5m
|
||||
url: https://github.com/sshiba/dex-charts.git
|
||||
ref:
|
||||
branch: main
|
||||
commit: bda63b9d0bc9ee46e798b9849bfde476c9f7efe0
|
||||
---
|
||||
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: dex-aio
|
||||
namespace: dex
|
||||
spec:
|
||||
releaseName: dex-aio
|
||||
targetNamespace: dex
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: dex-aio
|
||||
# Referencing Dex Helm charts from Helm Collator repo
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: dex-helm-repo
|
||||
namespace: collator
|
||||
# Referencing Dex Helm charts from Git repo
|
||||
# sourceRef:
|
||||
# kind: GitRepository
|
||||
# name: dex-git-repo
|
||||
# namespace: collator
|
||||
# values:
|
||||
# params:
|
||||
# site:
|
||||
# name: Jarvis
|
||||
# endpoints:
|
||||
# hostname: dex.jarvis.local
|
||||
# port:
|
||||
# https: 5556
|
||||
# http: 5554
|
||||
# k8s: 8443
|
||||
# nodePort:
|
||||
# https: 31556
|
||||
# http: 31554
|
||||
# oidc:
|
||||
# client_id: jarvis-kubernetes
|
||||
# client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
# service:
|
||||
# type: LoadBalancer
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../catalogue
|
||||
- dex-certs-secrets.yaml
|
||||
- dex-certs-issuer.yaml
|
||||
- dex-helmrelease.yaml
|
|
@ -0,0 +1,148 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.crt-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: dex-ca-key-pair
|
||||
# fieldrefs using the json form because crt name (i.e., "tls.crt") contains a dot (.)
|
||||
# the json form starts with a dot (.), which makes the Replacement transformer
|
||||
# to not base64 encode the data.
|
||||
fieldrefs: ["{.data.tls\\.crt}"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.key-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: dex-ca-key-pair
|
||||
# fieldrefs using the json form because key name (i.e., "tls.key") contains a dot (.)
|
||||
# the json form starts with a dot (.), which makes the Replacement transformer
|
||||
# to not base64 encode the data.
|
||||
fieldrefs: ["{.data.tls\\.key}"]
|
||||
# Dex HelmRelease Customization
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.service.type"]
|
||||
|
||||
# Dex HelmRelease Values override
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.site.name
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.site.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.hostname
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.hostname"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.port.https
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.port.https"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.port.http
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.port.http"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.nodePort.https
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.nodePort.https"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.nodePort.http
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.nodePort.http"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.oidc.client_id
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.oidc.client_id"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.oidc.client_secret
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.oidc.client_secret"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.service.type"]
|
||||
# Uncomment the "- source" structure below for enabling to override the Dex Connector data
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.yaml.connector
|
||||
# target:
|
||||
# objref:
|
||||
# kind: HelmRelease
|
||||
# name: dex-aio
|
||||
# fieldrefs: ["{.spec.values.config.dex\\.yaml}"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-replacements.yaml
|
||||
- ../../catalogue/cleanup
|
|
@ -0,0 +1,20 @@
|
|||
# This patches the node02 BMH to be suitable for ephemeral purposes
|
||||
apiVersion: metal3.io/v1alpha1
|
||||
kind: BareMetalHost
|
||||
metadata:
|
||||
annotations:
|
||||
labels:
|
||||
airshipit.org/ephemeral-node: "true"
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
name: node02
|
||||
spec:
|
||||
online: true
|
||||
bmc:
|
||||
address: redfish+https://localhost:8443/redfish/v1/Systems/air-ephemeral
|
||||
status:
|
||||
provisioning:
|
||||
# we need this status to make sure, that the host is not going to be
|
||||
# reprovisioned by the ephemeral baremetal operator.
|
||||
# when we have more flexible labeling system in place, we will not
|
||||
# deliver this document to ephemeral cluster
|
||||
state: externally provisioned
|
|
@ -0,0 +1,10 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- node02
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues/
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- patch-delete-catalogues.yaml
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,14 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../type/airship-core/ephemeral/bootstrap
|
||||
- ../catalogues
|
||||
|
||||
generators:
|
||||
- hostgenerator
|
||||
|
||||
patchesStrategicMerge:
|
||||
- baremetalhost.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../type/airship-core/ephemeral/bootstrap/replacements
|
|
@ -0,0 +1,4 @@
|
|||
# Catalogue Definitions for Target Cluster
|
||||
|
||||
This inherits Site-level catalogues from the neighboring target cluster's
|
||||
`catalogues` kustomization, and tweaks a few values for the ephemeral cluster.
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../target/catalogues
|
||||
patchesStrategicMerge:
|
||||
- networking.yaml
|
|
@ -0,0 +1,19 @@
|
|||
# This makes a couple small networking tweaks that are specific to the
|
||||
# ephemeral cluster, on top of the target cluster networking definition.
|
||||
# These values can be overridden at the site, type, etc levels as appropriate.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
podCidr: "192.168.0.0/24"
|
||||
controlPlaneEndpoint:
|
||||
host: "10.23.25.101"
|
||||
apiserverCertSANs: "[10.23.25.101, 10.23.24.101]"
|
||||
|
||||
ironic:
|
||||
provisioningIp: "10.23.24.101"
|
||||
dhcpRange: "10.23.24.200,10.23.24.250"
|
|
@ -0,0 +1,10 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- node01
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues/
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- patch-delete-catalogues.yaml
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,21 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../type/airship-core/ephemeral/controlplane
|
||||
- ../../target/catalogues # NOTE: use target networking for this phase
|
||||
# TODO (dukov) It's recocommended to upload BareMetalHost objects separately
|
||||
# otherwise nodes will hang in 'registering' state for quite a long time
|
||||
- nodes
|
||||
- site-dex-catalogue.yaml
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1alpha3
|
||||
kind: KubeadmControlPlane
|
||||
name: cluster-controlplane
|
||||
path: oidc-api-server-flags-bare.json
|
||||
|
||||
transformers:
|
||||
- replacements # Dex Replacement transformer
|
||||
- ../../../../type/airship-core/ephemeral/controlplane/replacements
|
|
@ -0,0 +1,12 @@
|
|||
# Note: this weird extra layer between the .. and ../hostgenerator
|
||||
# is purely to apply the label below to the generated hosts.
|
||||
# When can come up with a better way to declare (e.g. via catalogue)
|
||||
# that the host is a controlplane host, we should get rid of this.
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- ../hostgenerator
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/k8s-role: controlplane-host
|
|
@ -0,0 +1,32 @@
|
|||
[
|
||||
{
|
||||
"op": "add",
|
||||
"path": "/spec/kubeadmConfigSpec/clusterConfiguration/apiServer",
|
||||
"value": {
|
||||
"extraVolumes":
|
||||
[
|
||||
{
|
||||
"hostPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"mountPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"name": "dex-cert",
|
||||
"readOnly": true
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"op": "add",
|
||||
"path": "/spec/kubeadmConfigSpec/files/-",
|
||||
"value": {
|
||||
"contentFrom": {
|
||||
"secret": {
|
||||
"key": "dex-cert",
|
||||
"name": "target-cluster-control-plane-dex-crt"
|
||||
}
|
||||
},
|
||||
"owner": "root:root",
|
||||
"path": "/etc/kubernetes/certs/dex-cert",
|
||||
"permissions": "0644"
|
||||
}
|
||||
}
|
||||
]
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- site-dex-replacements.yaml
|
|
@ -0,0 +1,84 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: site-dex-controlplane-replacements
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.site.name
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.site.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.endpoints.hostname
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.endpoints.hostname"]
|
||||
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.oidc.client_id
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_id"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.oidc.client_secret
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_secret"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.service.type"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-issuer-url"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-client-id"]
|
|
@ -0,0 +1,54 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: site-dex-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
dex:
|
||||
site:
|
||||
name: Dex-Site
|
||||
endpoints:
|
||||
hostname: dex.site.local
|
||||
oidc:
|
||||
client_id: site-kubernetes
|
||||
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
service:
|
||||
type: LoadBalancer
|
||||
kubeadm:
|
||||
api-server:
|
||||
extra-args:
|
||||
oidc-issuer-url: https://dex.site.local:5556/dex
|
||||
oidc-client-id: site-kubernetes
|
||||
idp:
|
||||
connector:
|
||||
connectors:
|
||||
- type: github
|
||||
id: github
|
||||
name: GitHub
|
||||
config:
|
||||
clientID: a81a48be874d99aaa327
|
||||
clientSecret: d62120afd02f5440e674d31a117710cdf9d0170c
|
||||
redirectURI: https://dex.site.local:5556/dex/callback
|
||||
orgs:
|
||||
- name: airship2
|
||||
teams:
|
||||
- cicd-devops
|
||||
- development
|
||||
- management
|
||||
loadAllGroups: false
|
||||
useLoginAsID: false
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- ../../../../type/airship-core/ephemeral/initinfra-networking
|
|
@ -0,0 +1,5 @@
|
|||
resources:
|
||||
- ../../../../type/airship-core/ephemeral/initinfra
|
||||
- ../catalogues
|
||||
transformers:
|
||||
- ../../../../type/airship-core/ephemeral/initinfra/replacements
|
|
@ -0,0 +1,14 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
# Note: this list should be kept up to date with
|
||||
# the full list of hosts in the cluster
|
||||
- node01
|
||||
- node02
|
||||
- node03
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/
|
||||
- ../../target/catalogues
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- patchesstrategicmerge.yaml
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- hostgenerator
|
|
@ -0,0 +1,38 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubeConfig
|
||||
metadata:
|
||||
name: default
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
config:
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
|
||||
server: https://10.23.25.102:6443
|
||||
name: target-cluster
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRFNU1USXlOakE0TWpneU5Gb1hEVEk1TVRJeU16QTRNamd5TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTFSClM0d3lnajNpU0JBZjlCR0JUS1p5VTFwYmdDaGQ2WTdJektaZWRoakM2K3k1ZEJpWm81ZUx6Z2tEc2gzOC9YQ1MKenFPS2V5cE5RcDN5QVlLdmJKSHg3ODZxSFZZNjg1ZDVYVDNaOHNyVVRzVDR5WmNzZHAzV3lHdDM0eXYzNi9BSQoxK1NlUFErdU5JemN6bzNEdWhXR0ZoQjk3VjZwRitFUTBlVWN5bk05c2hkL3AwWVFzWDR1ZlhxaENENVpzZnZUCnBka3UvTWkyWnVGUldUUUtNeGpqczV3Z2RBWnBsNnN0L2ZkbmZwd1Q5cC9WTjRuaXJnMEsxOURTSFFJTHVrU2MKb013bXNBeDJrZmxITWhPazg5S3FpMEloL2cyczRFYTRvWURZemt0Y2JRZ24wd0lqZ2dmdnVzM3pRbEczN2lwYQo4cVRzS2VmVGdkUjhnZkJDNUZNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJek9BL00xWmRGUElzd2VoWjFuemJ0VFNURG4KRHMyVnhSV0VnclFFYzNSYmV3a1NkbTlBS3MwVGR0ZHdEbnBEL2tRYkNyS2xEeFF3RWg3NFZNSFZYYkFadDdsVwpCSm90T21xdXgxYThKYklDRTljR0FHRzFvS0g5R29jWERZY0JzOTA3ckxIdStpVzFnL0xVdG5hN1dSampqZnBLCnFGelFmOGdJUHZIM09BZ3B1RVVncUx5QU8ya0VnelZwTjZwQVJxSnZVRks2TUQ0YzFmMnlxWGxwNXhrN2dFSnIKUzQ4WmF6d0RmWUVmV3Jrdld1YWdvZ1M2SktvbjVEZ0Z1ZHhINXM2Snl6R3lPVnZ0eG1TY2FvOHNxaCs3UXkybgoyLzFVcU5ZK0hlN0x4d04rYkhwYkIxNUtIMTU5ZHNuS3BRbjRORG1jSTZrVnJ3MDVJMUg5ZGRBbGF0bz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
server: https://10.23.25.101:6443
|
||||
name: ephemeral-cluster
|
||||
contexts:
|
||||
- context:
|
||||
cluster: target-cluster
|
||||
user: target-cluster-admin
|
||||
name: target-cluster
|
||||
- context:
|
||||
cluster: ephemeral-cluster
|
||||
user: ephemeral-cluster-admin
|
||||
name: ephemeral-cluster
|
||||
current-context: ""
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: ephemeral-cluster-admin
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJnQ0ZFdFBveEZYSjVrVFNWTXQ0OVlqcHBQL3hCYnlNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1CVXgKRXpBUkJnTlZCQU1UQ210MVltVnlibVYwWlhNd0hoY05NakF3TVRJME1Ua3hOVEV3V2hjTk1qa3hNakF5TVRreApOVEV3V2pBME1Sa3dGd1lEVlFRRERCQnJkV0psY201bGRHVnpMV0ZrYldsdU1SY3dGUVlEVlFRS0RBNXplWE4wClpXMDZiV0Z6ZEdWeWN6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1iaFhUUmsKVjZiZXdsUjBhZlpBdTBGYWVsOXRtRThaSFEvaGtaSHhuTjc2bDZUUFltcGJvaDRvRjNGMFFqbzROS1o5NVRuWgo0OWNoV240eFJiZVlPU25EcDBpV0Qzd0pXUlZ5aVFvVUFyYTlNcHVPNkVFU1FpbFVGNXNxc0VXUVdVMjBETStBCkdxK1k0Z2c3eDJ1Q0hTdk1GUmkrNEw5RWlXR2xnRDIvb1hXUm5NWEswNExQajZPb3Vkb2Zid2RmT3J6dTBPVkUKUzR0eGtuS1BCY1BUU3YxMWVaWVhja0JEVjNPbExENEZ3dTB3NTcwcnczNzAraEpYdlZxd3Zjb2RjZjZEL1BXWQowamlnd2ppeUJuZ2dXYW04UVFjd1Nud3o0d05sV3hKOVMyWUJFb1ptdWxVUlFaWVk5ZXRBcEpBdFMzTjlUNlQ2ClovSlJRdEdhZDJmTldTYkxEck5qdU1OTGhBYWRMQnhJUHpBNXZWWk5aalJkdEMwU25pMlFUMTVpSFp4d1RxcjQKakRQQ0pYRXU3KytxcWpQVldUaUZLK3JqcVNhS1pqVWZVaUpHQkJWcm5RZkJENHNtRnNkTjB5cm9tYTZOYzRMNQpKS21RV1NHdmd1aG0zbW5sYjFRaVRZanVyZFJQRFNmdmwrQ0NHbnA1QkkvZ1pwMkF1SHMvNUpKVTJlc1ZvL0xsCkVPdHdSOXdXd3dXcTAvZjhXS3R4bVRrMTUyOUp2dFBGQXQweW1CVjhQbHZlYnVwYmJqeW5pL2xWbTJOYmV6dWUKeCtlMEpNbGtWWnFmYkRSS243SjZZSnJHWW1CUFV0QldoSVkzb1pJVTFEUXI4SUlIbkdmYlZoWlR5ME1IMkFCQQp1dlVQcUtSVk80UGkxRTF4OEE2eWVPeVRDcnB4L0pBazVyR2RBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSWNFM1BxZHZDTVBIMnJzMXJESk9ESHY3QWk4S01PVXZPRi90RjlqR2EvSFBJbkh3RlVFNEltbldQeDYKVUdBMlE1bjFsRDFGQlU0T0M4eElZc3VvS1VQVHk1T0t6SVNMNEZnL0lEcG54STlrTXlmNStMR043aG8rblJmawpCZkpJblVYb0tERW1neHZzSWFGd1h6bGtSTDJzL1lKYUZRRzE1Uis1YzFyckJmd2dJOFA5Tkd6aEM1cXhnSmovCm04K3hPMGhXUmJIYklrQ21NekRib2pCSWhaL00rb3VYR1doei9TakpodXhZTVBnek5MZkFGcy9PMTVaSjd3YXcKZ3ZoSGc3L2E5UzRvUCtEYytPa3VrMkV1MUZjL0E5WHpWMzc5aWhNWW5ub3RQMldWeFZ3b0ZZQUg0NUdQcDZsUApCQmwyNnkxc2JMbjl6aGZYUUJIMVpFN0EwZVE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBeHVGZE5HUlhwdDdDVkhScDlrQzdRVnA2WDIyWVR4a2REK0dSa2ZHYzN2cVhwTTlpCmFsdWlIaWdYY1hSQ09qZzBwbjNsT2RuajF5RmFmakZGdDVnNUtjT25TSllQZkFsWkZYS0pDaFFDdHIweW00N28KUVJKQ0tWUVhteXF3UlpCWlRiUU16NEFhcjVqaUNEdkhhNElkSzh3VkdMN2d2MFNKWWFXQVBiK2hkWkdjeGNyVApncytQbzZpNTJoOXZCMTg2dk83UTVVUkxpM0dTY284Rnc5TksvWFY1bGhkeVFFTlhjNlVzUGdYQzdURG52U3ZECmZ2VDZFbGU5V3JDOXloMXgvb1A4OVpqU09LRENPTElHZUNCWnFieEJCekJLZkRQakEyVmJFbjFMWmdFU2htYTYKVlJGQmxoajE2MENra0MxTGMzMVBwUHBuOGxGQzBacDNaODFaSnNzT3MyTzR3MHVFQnAwc0hFZy9NRG05VmsxbQpORjIwTFJLZUxaQlBYbUlkbkhCT3F2aU1NOElsY1M3djc2cXFNOVZaT0lVcjZ1T3BKb3BtTlI5U0lrWUVGV3VkCkI4RVBpeVlXeDAzVEt1aVpybzF6Z3Zra3FaQlpJYStDNkdiZWFlVnZWQ0pOaU82dDFFOE5KKytYNElJYWVua0UKaitCbW5ZQzRlei9ra2xUWjZ4V2o4dVVRNjNCSDNCYkRCYXJUOS94WXEzR1pPVFhuYjBtKzA4VUMzVEtZRlh3KwpXOTV1Nmx0dVBLZUwrVldiWTF0N081N0g1N1FreVdSVm1wOXNORXFmc25wZ21zWmlZRTlTMEZhRWhqZWhraFRVCk5DdndnZ2VjWjl0V0ZsUExRd2ZZQUVDNjlRK29wRlU3ZytMVVRYSHdEcko0N0pNS3VuSDhrQ1Rtc1owQ0F3RUEKQVFLQ0FnQUJ2U1N3ZVpRZW5HSDhsUXY4SURMQzdvU1ZZd0xxNWlCUDdEdjJsN00wYStKNWlXcWwzV2s4ZEVOSQpOYWtDazAwNmkyMCtwVDROdW5mdEZJYzBoTHN6TjBlMkpjRzY1dVlGZnZ2ZHY3RUtZZnNZU3hhU3d4TWJBMlkxCmNCa2NjcGVsUzBhMVpieFYvck16T1RxVUlRNGFQTzJPU3RUeU55b3dWVjhhcXh0QlNPV2pBUlA2VjlBOHNSUDIKNlVGeVFnM2thdjRla3d0S0M5TW85MEVvcGlkSXNnYy9IYk5kQm5tMFJDUnY0bU1DNmVPTXp0NGx0UVNldG0rcwpaRkUwZkM5cjkwRjE4RUVlUjZHTEYxdGhIMzlKTWFFcjYrc3F6TlZXU1VPVGxNN2M5SE55QTJIcnJudnhVUVNOCmF3SkZWSEFOY1hJSjBqcW9icmR6MTdMbGtIRVFGczNLdjRlcDR3REJKMlF0eisxdUFvY1JoV3ZSaWJxWEQ3THgKVmpPdGRyT1h3ZFQxY2ZrKzZRc1RMWUFKR3ptdDdsY1M2QjNnYzJHWmNJWGwyNVlqTUQ1ZVhpa1dEc3hYWmt1UAorb3MzVGhxeGZIS25ITmxtYk9SSVpDMW92Q1NkSTRWZVpzalk0MUs5K0dNaXdXSk1kektpRkp3NlR2blRSUldTCkxod2EzUTlBVmMvTEg0SC9PbU9qWDc0QTNZSWwrRDFVUHd3VzAvMmw4S3BNM0VWZ21XalJMV1ZIRnBNTGJNSlcKZVZKd3dKUmF3bWZLdHZ6bU9KRHlhTXJJblhqTDMvSE1EaWtwU3JhRzFyTnc1SUozOXJZdEFIUUQ1L1VuZlRkSApLNXVjakVucTdPdDMyR1ozcHJvRTU1ZGFBY0hQbktuOGpYZ1ZKTUQyOWh5cEZvL2ZRUUtDQVFFQStBbjRoSDFFCm9GK3FlcWlvYXR3N2cwaVdQUDNCeklxOEZWbWtsRlZBYVF5U28wU2QxWFBybmErR0RFQVd0cHlsVjF5ZkZkR2oKSHc4YXU5NnpUZnRuNWZCRkQxWG1NTkNZeTcrM293V3ArK1NwYUMvMTYzN1dvb3lLRjBjVFNvcWEzZEVuRUtSSwp4TGF2a0lFUTI3OXRBNFVUK0dVK3pTb0NPUFBNNE1JS3poR0FDczZ1anRySzFNcXpwK0JhYldzRlBuN2J1bStVCkRHSFIrNCtab2tBL1Q2N2luYlRxZUwwVzJCNjRMckFURHpZL3Y4NlRGbW1aallEaHRKR1JIWVZUOU9XSXR0RVkKNnZtUDN0a1dOTWt0R2w4bTFiQ0FHQ1JlcGtycUhxWXNMWG5GQ2ZZSFFtOXNpaGgvM3JFVjZ1MUYxZCt0U3JFMgprU1ZVOHhVWDUwbHFNUUtDQVFFQXpVTjZaS0lRNldkT09FR3ZyMExRL1hVczI0bUczN3lGMjhJUDJEcWFBWWVzCnJza2xTdjdlSU9TZWV3MW1CRHVCRkl2bkZvcTVsRlA3cXhWcEIyWjNNSGlDMVNaclZSZjlQTjdCNGFzcmNyMCsKdDB2S0NXWFFIaTVQQXhucXdYb2E2N0Q1bnkwdnlvV0lVUXAyZEZMdkIwQmp0b3MvajJFaHpJZk5WMm1UOW15bgpWQXZOWEdtZnc4SVJCL1diMGkzQ3c0Wityb1l1dTJkRHo2UUwzUFVvN1hLS3ljZzR1UzU1eksvcWZPc09lYm5mCnpsd3ZqbGxNSitmVFFHNzMrQnpINE5IWGs2akZZQzU4eXBrdXd0cmJmYk1pSkZOWThyV1ptL01Nd1VDWlZDQ3kKeUlxQ3FHQVB6b2kyU05zSEtaTlJqN3ZZQ3dQQVd6TzFidjFGcC9hM0xRS0NBUUVBeG0zTGw4cFROVzF6QjgrWApkRzJkV3FpZU1FcmRXRklBcDUvZ1R4NW9lZUdxQ2QxaDJ4cHlldUtwZlhGaitsRVU0Ty9qQU9TRjk5bndqQzFjCkNsMit2Ni9ZdjZ6N2l6L0ZqUEpoNlpRbGFiT0RaeXMvTkZkelEvVGtvRHluRFRJWE5LOFc3blJRc0ZCcDRWT3YKZGUwTlBBeWhiazBvMFo3eXlqY1lSeEpVN0lnSmhCdldmOGcvRGI3ZnZNUjU4eUR6d0F4aW9pS1RNTmlzMFBBUAplMEtrbzQySUU1eGhHNWhDQjBHRUhTMlZBYzFuY0gzRkk5LzFETVAzVEtwTGltOVlQQW5JdG1CTzYrUWNtYTNYCjJ3QzZDV2ZudkhvSDc4aGd3KzRZbjg1V2QwYjhQN3pJRC9qdHZ3aGNlMzMxeDh4cjJ1Nm5ScUxBd1pzNCs0SjcKYmZkSWNRS0NBUUFDL2JlNzNheTNhZnoyenVZN2ZKTEZEcjhQbCtweU9qSU5LTC9JVzlwQXFYUjN1NUNpamlJNApnbnhZdUxKQzM0Y2JBSXJtaGpEOEcxa3dmZ2hneGpwNFoxa290LzJhYU5ZVTIvNGhScmhFWE1PY01pdUloWVpKCjJrem1jNnM3RklkdDVjOU5aWUFyeUZSYk1mYlY3UnQwbEppZllWb1V3Y3FYUzJkUG5jYzlNUW9qTEdUYXN1TlUKRy9EWmw5ZWtjV3hFSXlLWGNuY2QzZnhiK3p6OUJFbUxaRDduZjlacnhHU2IrZmhGeDdzWFJRRWc1YkQvdHdkbwpFWFcvbTU1YmJEZnhhNzFqZG5NaDJxdVEzRGlWT0ZFNGZMTERxcjlDRWlsaDMySFJNeHJJNGcwWTVRUFFaazMwCnFZTldmbktWUllOTHYrWC9DeGZ6ZkVacGpxRkVPRkVsQW9JQkFRQ0t6R2JGdmx6d1BaUmh4czd2VXYxOXlIUXAKQzFmR3gwb0tpRDFSNWZwWVBrT0VRQWVudEFKRHNyYVRsNy9rSDY5V09VbUQ1T3gxbWpyRFB0a1M4WnhXYlJXeApGYjJLK3JxYzRtcGFacGROV09OTkszK3RNZmsrb0FRcWUySU1JV253NUhmbVpjNE1QY0t0bkZQYlJTTkF0aktwCkQ2aG9oL3BXMmdjRFA0cVpNWVZvRW04MVZYZEZDUGhOYitNYnUvU3gyaFB4U0dXYTVGaTczeEtwWWp5M3BISlQKWFoyY2lHN0VNQ3NKZW9HS2FRdmNCY1kvNGlSRGFoV0hWcmlsSVhJQXJQdXdmVUIybzZCZFR0allHeU5sZ2NmeApxWEt4aXBTaEE2VlNienVnR3pkdEdNeEUyekRHVEkxOXFSQy96OUNEREM1ZTJTQUZqbEJUV0QyUHJjcU4KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
|
||||
- name: target-cluster-admin
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lJZmdId0V1Z1ViRWN3RFFZSktvWklodmNOQVFFTEJRQXdHVEVYTUJVR0ExVUUKQXd3T1MzVmlaWEp1WlhSbGN5QkJVRWt3SGhjTk1qQXdPVEUxTURFd05ETTNXaGNOTWpFd09URTFNREV5TWpRMgpXakEwTVJjd0ZRWURWUVFLRXc1emVYTjBaVzA2YldGemRHVnljekVaTUJjR0ExVUVBeE1RYTNWaVpYSnVaWFJsCmN5MWhaRzFwYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTh6N0l4ay8yVVMKQlBRdjNSaWlpbjdUb1lPQThQZll5eTRXTEh3MTBwMVYwZGw2dFNlekR5Z3llcndHTHlyT0x3VUVYQ29oMlVnbQovS2M0Ukw1ZVllQkQxbFJkemxjWU4rdVVtVllJUjBKeUNCbUIyMnFlQzhjZEhlenEyMG0xQzRRMkRsUjZwUG1ZCi9SZUhjVVZaQnVVNnRoZkc0WC9OSkREWFI1K21PMHFZZFpHcGJwR3lNSDlBMTlBdXFMUTdFR1VUMENTR0wrdzkKY1BPcjk4WXI0RkVBV0lkRWRsMjFrekM5MW9ma3llZ3VuUjdnSHBtQkNxa0hUKzlmelQyZ2pVdlkvVW9UeTRncwpDbzBodVpzdGxQb3VaSGRDbWlRZ2ZXOEMzNnNhTnJZb0d6NDhkTDgzbWlWdi9GVG1jcTFUMW45NVI5a0gyNFdOCnRTRXFDQVNXTVVNQ0F3RUFBYU5JTUVZd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0cKQVFVRkJ3TUNNQjhHQTFVZEl3UVlNQmFBRkRsc210eE1HOHJKMDB2Mkk5VlN5bk5JY1llS01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUNZTVIrcTdQTlM0allyYS91RHlPQk1VTmNwcGkvczZPeFpDVFUzdFdVa1hVSXU0VmYwClVuSWtva1h0cjd4eENhVVI2MXZxZ1A4dmVDVWZOMU5MRC9wbFFXY3hINFlSaE40ZGJkQ3BHa3lwTkNIRVNqTlQKRXhWdEx5MnFGaEdqenZjQVZuTThKaEV6SFJsTEJIWW1VaU9mVDhLeUd0djJPaWlHNW00WE5VRmNsYVJYS2xrdgpTaHQ0WGFnZHRXSVFPUGFvQm9sY3IwL0lZOGlXUkJxSmV0TnhsL2crMExqcEJHVnRCZ0RpdDlzT0NFVlhpbEhSCjlIbGZNQldIWlg4bUZUWTcwa3pUVDVCTnVpTXRrOGNKR1dCTzJtK3ZMb0pBWW9reTZ5L2hHQmdiNkwzeExjMmQKcDh2dUgvSEN6SDBuTWxubDFNODlZak4vRVFGTlhDemN5TmRwCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenpQc2pHVC9aUklFOUMvZEdLS0tmdE9oZzREdzk5akxMaFlzZkRYU25WWFIyWHExCko3TVBLREo2dkFZdktzNHZCUVJjS2lIWlNDYjhwemhFdmw1aDRFUFdWRjNPVnhnMzY1U1pWZ2hIUW5JSUdZSGIKYXA0THh4MGQ3T3JiU2JVTGhEWU9WSHFrK1pqOUY0ZHhSVmtHNVRxMkY4YmhmODBrTU5kSG42WTdTcGgxa2FsdQprYkl3ZjBEWDBDNm90RHNRWlJQUUpJWXY3RDF3ODZ2M3hpdmdVUUJZaDBSMlhiV1RNTDNXaCtUSjZDNmRIdUFlCm1ZRUtxUWRQNzEvTlBhQ05TOWo5U2hQTGlDd0tqU0c1bXkyVStpNWtkMEthSkNCOWJ3TGZxeG8ydGlnYlBqeDAKdnplYUpXLzhWT1p5clZQV2YzbEgyUWZiaFkyMUlTb0lCSll4UXdJREFRQUJBb0lCQUNYTTN6YXRwam9XRTNsSQowaGtRYmh1OUdCWVppOXhyWElYSDNjMjdNL1VvRnVTS0VrcHZ6REFWSlhidjJlTUJRbXF6NU94NnlGejFYOXBSCjFaaTFOejNtb2s4NTNjN2R5RFhlSWlzanozdzd1V2FOM2kyUkw2emZqdm9Oem51ZjM3MzY3cHBTMVk0RGJ3aS8KMk5aQjY1UWVKZUlva2pMeWhjdXpPb25SbGJlQnpNZUNERmd3eUlBN2h4SXdpZzZWeG5FOG9sbDlGaC9sN0hGdApTcCt4dllwWmpoQnhGZVJCTHQ2T0JHM09ndkdZZE1oSDZtcU9HMHM3Qi9rZXI5N2xVeUQ5ZVdxQWxoY1BGMXZKCm80M0FWYm8vSVUxNDdwYW9HYldRb3VrSWxuZnhjK0Rvd1dqR2FUeTVTY1Fqc2ZCNVJHTTNMTTlDNTJxVU9aUGwKVDI5eWU0RUNnWUVBNkdwOEVObFRWamFpbnhRQURaRHpJeFYzNHV4RTNYVDhmbGVIZlpxTmJ5M1IwYjU5SGNYVAo0NVJlbmRNMHhIZDdSdnpkZXNoQlYxMTBVaWhRZ2RIajg2eWlrbElUZmE2S2FpSlJiME5Hd2hPQWx3MFZkTTNoCjJKZkdsVUlTWFhuOS9CaEZPMFdpQTRmZHR4M3BlL0pidUIxa3VYZ3UwU0pXRFJkdlJGWGVZRE1DZ1lFQTVEcDUKRk44Njg1MFExUzBTMmRtMnBhVXd5bWJHRlhhOUlRdHlhazMwcVpPOTVDN05qR0daMkxvb2c3eVcvd092TEtucQo4WWhFSFV4TGxCWGlUdnZ3K1JHMXowTW9IaEVGR055SU1IMnNyakJST2l5TVRIeU9vWGNBMTFtZitBNkVKQkMyCkt5T1pKSGRSamFSVUc3bjFYQW4xWVVhUGFZS1NjSE5GV3kwdG1yRUNnWUJwSlN1RnI5d3M1OERBZVJyaENFK0cKOHNKdkRmYkZ2WlF4VUVZQ3cvWHljMmMySFppYTdKSEVwcTM3ZHI2cmwyWlZJamJNd21ZVk1UbGJwZE51TjllSgp1UE0vZ1JSQ1NzRmg3SzZzeUdIdGtVY2VqeFBDNlJXZ21HR0Z5d05sK0xlMzRmOElKcU42TjNCTjFLRjVxcFptCkFCNCtiaW00QVhHdXNJaHRBTy8rMHdLQmdHRFgwd01oU2lHUFYxSXR3eDcvdS9vRDQzVXZNUVJ3a3daUGxpZzMKbGdiUzh6TzlER2x5RE5jaS93Z1BZVDhxc0ExU3VLZnV1NEIzSEdiazlsZXZubXdCc05VVzJSSVJCTW1zNG5rNQpDcW9MUkp4YnhOaTd6Y1lEK2k1bkVITXdyYStrQzdpNGJVWkUveTBNT3NoZEd4a0gvTUJmTVlHQzcyS1o5eWNlClA0aXhBb0dCQU5BdmJiL3h4VDhvOW1hU0FaV2MvblNWdEw5ckFiMGtHQlBTS3J0QW1wYkdxMitDNjlOeTVBMUUKdW9iN2dzdjJ3NDJIUHJnLzBUTElTSUZhV2kvUi9XUWRkRjFqclFqNTV6N0VpWFFVQ1I0c0NxRGRPU2FZdjAxVgp1NnlsQ2pmVUlGZVVQb3hIQzliTzdpZ01PYkJtcEhHU0RLZzE1cWp4blVpOFpxajRaK24yCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- kubeconfig.yaml
|
|
@ -0,0 +1,6 @@
|
|||
phase:
|
||||
docEntryPointPrefix: manifests/site/test-site
|
||||
path: manifests/site/test-site/phases
|
||||
|
||||
inventory:
|
||||
path: manifests/site/test-site/host-inventory
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- ../kubeconfig
|
||||
- ../../../type/airship-core/phases
|
||||
## TODO Consider making a catalogue combined with variable substitution instead
|
||||
patchesStrategicMerge:
|
||||
- phase-patch.yaml
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: BaremetalManager
|
||||
metadata:
|
||||
name: RemoteDirectEphemeral
|
||||
spec:
|
||||
hostSelector:
|
||||
name: node02
|
||||
operationOptions:
|
||||
remoteDirect:
|
||||
isoURL: http://localhost:8099/ephemeral.iso
|
|
@ -0,0 +1,5 @@
|
|||
# Catalogue Definitions for Target Cluster
|
||||
|
||||
This inherits Type-level catalogues, and adds in Site-specific values.
|
||||
The neighboring ephemeral cluster's `catalogues` entrypoint applies further
|
||||
customizations on top of this for ephemeral use.
|
|
@ -0,0 +1,66 @@
|
|||
# Site-level host catalogue. This info feeds the Templater
|
||||
# kustomize plugin config in the hostgenerator-m3 function.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
hosts:
|
||||
m3:
|
||||
node01:
|
||||
bootMode: UEFI
|
||||
macAddress: 52:54:00:b6:ed:31
|
||||
bmcAddress: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-target-1
|
||||
bmcUsername: root
|
||||
bmcPassword: r00tme
|
||||
disableCertificateVerification: false
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.23.25.102
|
||||
pxe-ipv4: 10.23.24.102
|
||||
macAddresses:
|
||||
oam: 52:54:00:9b:27:4c
|
||||
pxe: 52:54:00:b6:ed:31
|
||||
hardwareProfile: default # defined in the hostgenerator-m3 function
|
||||
node02:
|
||||
bootMode: UEFI
|
||||
macAddress: 52:54:00:b6:ed:02
|
||||
bmcAddress: redfish+https://10.23.25.1:8443/redfish/v1/Systems/air-ephemeral
|
||||
bmcUsername: username
|
||||
bmcPassword: password
|
||||
disableCertificateVerification: false
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.23.25.101
|
||||
pxe-ipv4: 10.23.24.101
|
||||
macAddresses:
|
||||
oam: 52:54:00:9b:27:02
|
||||
pxe: 52:54:00:b6:ed:02
|
||||
hardwareProfile: example # defined in the hardwareprofile-example function
|
||||
node03:
|
||||
bootMode: UEFI
|
||||
macAddress: 52:54:00:b6:ed:23
|
||||
bmcAddress: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-worker-1
|
||||
bmcUsername: username
|
||||
bmcPassword: password
|
||||
disableCertificateVerification: false
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.23.25.103
|
||||
pxe-ipv4: 10.23.24.103
|
||||
macAddresses:
|
||||
oam: 52:54:00:9b:27:07
|
||||
pxe: 52:54:00:b6:ed:23
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
||||
node04:
|
||||
bootMode: UEFI
|
||||
macAddress: 52:54:00:36:5e:e3
|
||||
bmcAddress: redfish+http://10.23.25.2:8000/redfish/v1/Systems/air-target-2
|
||||
bmcUsername: username
|
||||
bmcPassword: password
|
||||
ipAddresses:
|
||||
oam-ipv4: 10.23.25.104
|
||||
pxe-ipv4: 10.23.24.104
|
||||
macAddresses:
|
||||
oam: 52:54:00:dc:ab:04
|
||||
pxe: 52:54:00:51:0b:e4
|
||||
hardwareProfile: default # defined in the hardwareprofile-example function
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../type/airship-core/shared/catalogues
|
||||
- hosts.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- versions-airshipctl.yaml
|
||||
- networking.yaml
|
|
@ -0,0 +1,19 @@
|
|||
# This makes a couple small networking tweaks that are specific to the
|
||||
# ephemeral cluster, on top of the target cluster networking definition.
|
||||
# These values can be overridden at the site, type, etc levels as appropriate.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
|
||||
# The catalogue should be overridden as appropriate for different kubernetes
|
||||
# clusters, e.g. ephemeral vs target vs tenant
|
||||
kubernetes:
|
||||
controlPlaneEndpoint:
|
||||
host: "10.23.25.102"
|
||||
apiserverCertSANs: "[10.23.25.102, 10.23.24.102]"
|
||||
|
||||
ironic:
|
||||
provisioningIp: "10.23.24.102"
|
||||
dhcpRange: "10.23.24.200,10.23.24.250"
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# Override default controlplane image location
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
|
||||
files:
|
||||
k8scontrol:
|
||||
# Host the image in a locally served location for CI
|
||||
cluster_controlplane_image:
|
||||
url: http://10.23.24.1:8099/target-image.qcow2
|
||||
checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- ../../../../type/airship-core/target/initinfra-networking
|
|
@ -0,0 +1,6 @@
|
|||
resources:
|
||||
- ../../../../type/airship-core/target/initinfra
|
||||
- ../../../../function/hostconfig-operator
|
||||
- ../catalogues
|
||||
transformers:
|
||||
- ../../../../type/airship-core/target/initinfra/replacements
|
|
@ -0,0 +1,10 @@
|
|||
# Site-level, phase-specific lists of hosts to generate
|
||||
# This is used by the hostgenerator-m3 function to narrow down the site-level
|
||||
# host-catalogue to just the hosts needed for a particular phase.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
hosts:
|
||||
m3:
|
||||
- node03
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
|
||||
- ../../catalogues/
|
||||
- host-generation.yaml
|
||||
|
||||
transformers:
|
||||
- ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements
|
||||
- patch-delete-catalogues.yaml
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: smp
|
||||
patches: |-
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: host-generation-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: networking
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: env-vars-catalogue
|
||||
$patch: delete
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: versions-airshipctl
|
||||
$patch: delete
|
|
@ -0,0 +1,48 @@
|
|||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
joinConfiguration:
|
||||
nodeRegistration:
|
||||
name: '{{ ds.meta_data.name }}'
|
||||
kubeletExtraArgs:
|
||||
node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker'
|
||||
provider-id: 'metal3://{{ ds.meta_data.uuid }}'
|
||||
feature-gates: "IPv6DualStack=true"
|
||||
ntp:
|
||||
enabled: true
|
||||
servers:
|
||||
- 135.188.34.124
|
||||
- 135.38.244.16
|
||||
- 135.188.34.84
|
||||
preKubeadmCommands:
|
||||
- echo 'root:r00tme' | chpasswd
|
||||
- echo 'ubuntu:r00tme' | chpasswd
|
||||
- |
|
||||
cat <<EOF | tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||
- echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list
|
||||
- apt-get update
|
||||
- apt-get install -y
|
||||
docker-ce="$(apt policy docker-ce | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
docker-ce-cli="$(apt policy docker-ce-cli | grep 19.03.9 | sort | head -n 1 | tr -s " " | cut -d ' ' -f 2 )"
|
||||
containerd.io
|
||||
- swapoff -a
|
||||
- apt-get install -y kubelet=1.18.6-00 kubeadm=1.18.6-00
|
||||
- apt-mark hold kubelet kubeadm
|
||||
- systemctl mask ntp
|
||||
- systemctl enable --now systemd-timesyncd
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1
|
||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- nodes
|
||||
- kubeadmconfigtemplate.yaml
|
||||
- metal3machinetemplate.yaml
|
||||
- machinedeployment.yaml
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: cluster.x-k8s.io/v1alpha3
|
||||
kind: MachineDeployment
|
||||
metadata:
|
||||
name: worker-1
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
cluster.x-k8s.io/cluster-name: target-cluster
|
||||
spec:
|
||||
clusterName: target-cluster
|
||||
version: v1.18.3
|
||||
bootstrap:
|
||||
configRef:
|
||||
name: worker-1
|
||||
apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3
|
||||
kind: KubeadmConfigTemplate
|
||||
infrastructureRef:
|
||||
name: worker-1
|
||||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
---
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
|
||||
kind: Metal3MachineTemplate
|
||||
metadata:
|
||||
name: worker-1
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
image:
|
||||
url: http://10.23.24.1:8099/target-image.qcow2
|
||||
checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
generators:
|
||||
- ../hostgenerator
|
||||
|
||||
commonLabels:
|
||||
airshipit.org/k8s-role: controlplane-host
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- ../../../../type/airship-core/target/workload
|
|
@ -0,0 +1,100 @@
|
|||
# Deploy Dex on Target Cluster (Azure cloud)
|
||||
|
||||
This test site provides the manifests to customize and deploy a target cluster on Azure named ***dex-target-cluster*** as well as Dex service.
|
||||
|
||||
## Dex-AIO Function
|
||||
|
||||
The **dex-aio** function provides the manifests to deploy Dex through a Helm Operator, and pulling correspoding charts from a Helm Collator.
|
||||
This function relies on charts being available in the Target cluster through the Helm Collator service (aka, Helm repository).
|
||||
|
||||
> NOTE: Refer to the functions for the Helm operator and Helm (Chart) Collator in the ***airshipit/airshipctl*** project.
|
||||
|
||||
## Dex Test Site
|
||||
|
||||
The **dex-test-site** provides the manifests to deploy a Target cluster on Azure cloud, and workload manifests for the Helm operator, Helm Chart Collator (a.k.a., Helm repository based on ChartMuseum), and Dex.
|
||||
|
||||
See **dex-test-site** directory structure below:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
├── config
|
||||
│ └── variable-catalogue.yaml
|
||||
├── ephemeral
|
||||
│ └── controlplane
|
||||
├── metadata.yaml
|
||||
├── phases
|
||||
└── target
|
||||
├── initinfra
|
||||
├── workers
|
||||
└── workload
|
||||
├── dex-helm-release
|
||||
├── helm-chart-collator
|
||||
└── helm-operator
|
||||
```
|
||||
|
||||
This test site relies on the *Replacement* transformer and Kustomize patches to customize it. All customizable values can be found at *config/variable-catalogue.yaml" file.
|
||||
|
||||
### Deploying the Target Cluster
|
||||
|
||||
The manifests for deploying the Target cluster through *airshipctl phase run* are located in the following tree structure:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
├── ephemeral
|
||||
│ └── controlplane
|
||||
└── target
|
||||
├── initinfra
|
||||
└── workers
|
||||
```
|
||||
|
||||
The sequence for deploying the Target cluster is provided below:
|
||||
|
||||
1. Initialize *Airship config* file: invokde *`tools/deployment/22_test_configs.sh`*
|
||||
2. Create ephemeral cluster: invoke script *`../airshipctl/tools/document/start_kind.sh`*
|
||||
3. Initialize Ephemeral cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-ephemeral-script.sh`*
|
||||
4. Deploy Target control plane node(s): invoke script *`tools/deployment/phases/phase-controlplane-ephemeral-script.sh`*
|
||||
5. Deploy Calico CNI: invoke script *`tools/deployment/phases/phase-initinfra-target-script.sh`*
|
||||
6. Initialize Target cluster with CAPI/CAPZ components: invoke script *`tools/deployment/phases/phase-clusterctl-init-target-script.sh`*
|
||||
7. Move CAPI resources to Target cluster: *`tools/deployment/phases/phase-clusterctl-move-script.sh`*
|
||||
8. Deploy Target worker node(s): *`tools/deployment/phases/phase-workers-target-script.sh`*
|
||||
|
||||
> NOTE: The phase **clusterctl-init-ephemeral** provides the OIDC flags for the Target cluster's API Server, which is required for integrating with Dex service.
|
||||
|
||||
### Workload Phases
|
||||
Three phases have been implemented for testing the deployment of Dex.
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
└── phases
|
||||
└── phases.yaml
|
||||
├── dex-helm-release
|
||||
├── helm-chart-collator
|
||||
└── helm-operator
|
||||
```
|
||||
|
||||
- **helm-operator**: Used to deploy *flux/helm-controller* (aka, Helm operator) and corresponding services.
|
||||
- **helm-chart-collator**: Used to deploy a Helm repository based on ChartMuseum, which contains Dex Helm charts.
|
||||
- **dex-helm-release**: Used to deploy Dex through the Helm operator.
|
||||
|
||||
### Deploying the Workload Services
|
||||
|
||||
The manifests for deploying the workload services are located under *target/workload* directory:
|
||||
|
||||
```bash
|
||||
dex-test-site/
|
||||
└── target
|
||||
└── workload
|
||||
├── dex-helm-release
|
||||
├── helm-chart-collator
|
||||
└── helm-operator
|
||||
```
|
||||
|
||||
In order to test and validate Dex deployment, you need to first deploy the Helm operator (*manifest/composite/flux-helm*) from *airshipctl* project, as well as the Helm Chart Collator (*manifest/function/helm-chart-collator*) from the same project. These two services are referenced by the *kustomization* file in *target/workload/helm-operator* and *target/workload/helm-chart-collator*, respectively.
|
||||
|
||||
The *kustomization* file for deploying *Dex* service is located in *target/workload/dex-helm-release* folder.
|
||||
|
||||
New phases have been implemented to deploy the Helm operator, Helm repository and Dex. The corresponding phase manifest can be found in *phases/phases.yaml*.
|
||||
|
||||
1. Deploy Helm operator service: invoke script *`tools/deployment/phases/phase-helm-operator-target-script.sh`*
|
||||
2. Deploy Helm Chart Collator service: invoke script *`tools/deployment/phases/phase-helm-collator-target-script.sh`*
|
||||
3. Deploy Dex service: invoke script *`tools/deployment/phases/phase-dex-release-target-script.sh`*
|
|
@ -0,0 +1,45 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: cluster-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
kubernetes:
|
||||
subscriptionID: cb3e23d3-b697-4c4f-a1a7-529e308691e4
|
||||
location: centralus
|
||||
k8sVersion: v1.18.10
|
||||
# Cluster
|
||||
clusterName: dex-target-cluster
|
||||
resourceGroup: dex-target-cluster-rg
|
||||
virtualNet: dex-target-cluster-vnet
|
||||
# Control Plane
|
||||
controlPlaneName: dex-target-cluster-control-plane
|
||||
kubeadmSecretName: dex-target-cluster-control-plane-azure-json
|
||||
controlPlaneVMSize: Standard_B2s
|
||||
controlPlaneReplicas: 1
|
||||
# Workers
|
||||
workerName: dex-target-cluster-md-0
|
||||
kubeadmConfigSecretName: dex-target-cluster-md-0-azure-json
|
||||
workerVMSize: Standard_B2s
|
||||
workerReplicas: 1
|
||||
# ConfigMap
|
||||
clusterMap:
|
||||
dex-target-cluster:
|
||||
parent: ephemeral-cluster
|
||||
ephemeral-cluster: {}
|
||||
sshPublicKey: "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDdG9ESENIZzFIeGJ6VjZXeWdQSENJYmwzYUIwQThMMG1PemNHc0pFQ0MvbDFpYVI3K2JTMUk0U2x6TnlzSjNqb3BqQUtwZzB5SUpOMkJDZHBEenI2akNxUnFEMG8zY3NXMlAyQTBRUGpwcTgyVnhtTnlIWUZqUmxjZTh3dnU4c1FUR1RPZWtOZktucmZnOWRuQnJubmErRHJYZDk4YTUvendweko3UStNRlI2NlpnT3d5U1dJMEk4UUloV0dnNWxJakVPR3Y5S2pMSC9aeHRtNWFmZy9ISjlqUDNHSFlrRk9sU2pXUk5nRHc1eTh2T0YvU2JQaTFSVExGTVlnNUdqTzFsZVFDaitoOTZRRmk2d1JyRFlVcEdKWlVJZ2VJTjE5UWJEZVBLc0xzQzl2VVJ4KzdrUFY2K0REd2VmUThoVVYvVUEwSWg0amhxL2ZIekhqL3RkdlNxRUlFUmVTSFZiZlMrUUJFWDNrS3BrWTJsNlFjMHd4dXhhWDN3aVVzOGkxM2Q5QVdSYjZydHNnSjFzQmxWUk8xaGhrYlVMcUE4YTJsc28wVGhSSWh1VzQ1eGdUZnc5eC9TWXBzTWplVEorOVVPU2VIeVJFOTJDMmwwNTVCSlJ0TDh0OEtmT3hHa3VjRkZjNnpERm8vajgydGdTZHdHSUQyRFVaTEY2SXp0blpEdlZJZUw1aFlhNE9NUUdleURhNlV5OVE2NmkwRTB1bzJEb0lqdGxGV1VsNlRpRExzSDlnZEJNWlJ3dTFYcm52VFJTdWJJMnFzWGtEK015VU5KUXJENzRFVVptS0M2WjhHN3RDOGFjUE1xdCtJWnRoRklQa016ZXh5SGs2R09vdDZyR29JMVZNcjNVUUQyb3ZYdTh6T2ZOaXZLOFJ4N3Q3ai9PMkJKd3JyTHc9PSBzaWRuZXkuc2hpYmFAZXJpY3Nzb24uY29tCg=="
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- cluster-variable-catalogue.yaml
|
||||
- site-dex-catalogue.yaml
|
|
@ -0,0 +1,54 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: site-dex-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
dex:
|
||||
site:
|
||||
name: Dex-Site
|
||||
endpoints:
|
||||
hostname: dex.site.local
|
||||
oidc:
|
||||
client_id: site-kubernetes
|
||||
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
service:
|
||||
type: LoadBalancer
|
||||
kubeadm:
|
||||
api-server:
|
||||
extra-args:
|
||||
oidc-issuer-url: https://dex.site.local:5556/dex
|
||||
oidc-client-id: site-kubernetes
|
||||
idp:
|
||||
connector:
|
||||
connectors:
|
||||
- type: github
|
||||
id: github
|
||||
name: GitHub
|
||||
config:
|
||||
clientID: a81a48be874d99aaa327
|
||||
clientSecret: d62120afd02f5440e674d31a117710cdf9d0170c
|
||||
redirectURI: https://dex.site.local:5556/dex/callback
|
||||
orgs:
|
||||
- name: airship2
|
||||
teams:
|
||||
- cicd-devops
|
||||
- development
|
||||
- management
|
||||
loadAllGroups: false
|
||||
useLoginAsID: false
|
|
@ -0,0 +1,19 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol-capz/v0.4.9
|
||||
- ../../../../function/dex-aio/api-server
|
||||
- ../../config
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1alpha3
|
||||
kind: KubeadmControlPlane
|
||||
name: target-cluster-control-plane
|
||||
path: oidc_api_server_flags.json
|
||||
|
||||
transformers:
|
||||
- replacements
|
||||
- ../../../../function/dex-aio/api-server/replacements
|
|
@ -0,0 +1,27 @@
|
|||
[
|
||||
{
|
||||
"op": "add",
|
||||
"path": "/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes/-",
|
||||
"value": {
|
||||
"hostPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"mountPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"name": "dex-cert",
|
||||
"readOnly": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"op": "add",
|
||||
"path": "/spec/kubeadmConfigSpec/files/-",
|
||||
"value": {
|
||||
"contentFrom": {
|
||||
"secret": {
|
||||
"key": "dex-cert",
|
||||
"name": "target-cluster-control-plane-dex-crt"
|
||||
}
|
||||
},
|
||||
"owner": "root:root",
|
||||
"path": "/etc/kubernetes/certs/dex-cert",
|
||||
"permissions": "0644"
|
||||
}
|
||||
}
|
||||
]
|
|
@ -0,0 +1,182 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Kind Cluster replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Cluster
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Cluster
|
||||
fieldrefs: ["spec.infrastructureRef.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneName
|
||||
target:
|
||||
objref:
|
||||
kind: Cluster
|
||||
fieldrefs: ["spec.controlPlaneRef.name"]
|
||||
|
||||
# Kind AzureCluster replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: AzureCluster
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.subscriptionID
|
||||
target:
|
||||
objref:
|
||||
kind: AzureCluster
|
||||
fieldrefs: ["spec.subscriptionID"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.resourceGroup
|
||||
target:
|
||||
objref:
|
||||
kind: AzureCluster
|
||||
fieldrefs: ["spec.resourceGroup"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.virtualNet
|
||||
target:
|
||||
objref:
|
||||
kind: AzureCluster
|
||||
fieldrefs: ["spec.networkSpec.vnet.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.location
|
||||
target:
|
||||
objref:
|
||||
kind: AzureCluster
|
||||
fieldrefs: ["spec.location"]
|
||||
|
||||
# KubeadmControlPlane replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["spec.infrastructureTemplate.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneReplicas
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["spec.replicas"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.k8sVersion
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["spec.version"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["spec.kubeadmConfigSpec.controllerManager.extraArgs.cluster-name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.kubeadmSecretName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: ["spec.kubeadmConfigSpec.files.0.contentFrom.secret.name"]
|
||||
|
||||
# AzureMachineTemplate replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneName
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.location
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.location"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.controlPlaneVMSize
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.vmSize"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.sshPublicKey
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.sshPublicKey"]
|
||||
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.crt
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: target-cluster-control-plane-dex-crt
|
||||
fieldrefs: ["data.dex-cert"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- site-dex-replacements.yaml
|
||||
- cluster-replacements.yaml
|
|
@ -0,0 +1,74 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: site-dex-controlplane-replacements
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-issuer-url"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-client-id"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-claim
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-username-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-prefix
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-username-prefix"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-groups-claim
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-groups-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-ca-file
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.kubeadm.api-server.extra-args.oidc-ca-file"]
|
|
@ -0,0 +1,3 @@
|
|||
phase:
|
||||
path: manifests/site/dex-test-site/phases
|
||||
docEntryPointPrefix: manifests/site/dex-test-site
|
|
@ -0,0 +1,18 @@
|
|||
[{
|
||||
"op": "replace",
|
||||
"path": "/init-options/infrastructure-providers",
|
||||
"value": ["azure:v0.4.9"]
|
||||
},
|
||||
{
|
||||
"op": "replace",
|
||||
"path": "/providers/0",
|
||||
"value": {
|
||||
"name": "azure",
|
||||
"type": "InfrastructureProvider",
|
||||
"variable-substitution": true,
|
||||
"versions": {
|
||||
"v0.4.9": "airshipctl/manifests/function/capz/v0.4.9"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
|
@ -0,0 +1,18 @@
|
|||
resources:
|
||||
- ../../../../../airshipctl/manifests/phases
|
||||
- ../config
|
||||
- phases.yaml
|
||||
|
||||
transformers:
|
||||
- replacements.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- plan.yaml
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: airshipit.org
|
||||
version: v1alpha1
|
||||
kind: Clusterctl
|
||||
name: "clusterctl_init"
|
||||
path: infrastructure-providers.json
|
|
@ -0,0 +1,35 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: helm-operator-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
executorRef:
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubernetesApply
|
||||
name: kubernetes-apply
|
||||
documentEntryPoint: target/workload/flux-helm
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: helm-collator-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
executorRef:
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubernetesApply
|
||||
name: kubernetes-apply
|
||||
documentEntryPoint: target/workload/helm-chart-collator
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Phase
|
||||
metadata:
|
||||
name: dex-release-target
|
||||
clusterName: target-cluster
|
||||
config:
|
||||
executorRef:
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: KubernetesApply
|
||||
name: kubernetes-apply
|
||||
documentEntryPoint: target/workload/dex-aio
|
|
@ -0,0 +1,33 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: PhasePlan
|
||||
metadata:
|
||||
name: phasePlan
|
||||
phaseGroups:
|
||||
- name: group1
|
||||
phases:
|
||||
# Deploy Target Cluster
|
||||
- name: clusterctl-init-ephemeral
|
||||
- name: controlplane-ephemeral
|
||||
- name: initinfra-target
|
||||
- name: clusterctl-init-target
|
||||
- name: clusterctl-move
|
||||
- name: workers-target
|
||||
# Deploying Workload
|
||||
- name: helm-operator-target
|
||||
- name: helm-collator-target
|
||||
- name: dex-release-target
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: Clusterctl
|
||||
metadata:
|
||||
name: clusterctl_init
|
||||
env-vars: true
|
||||
---
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ClusterMap
|
||||
metadata:
|
||||
name: main-map
|
||||
map:
|
||||
cluster-name:
|
||||
parent: ephemeral-cluster
|
||||
ephemeral-cluster: {}
|
|
@ -0,0 +1,118 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Updating Phase initinfra-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: initinfra-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: initinfra-target
|
||||
fieldrefs: ["config.cluster"]
|
||||
# Updating Phase clusterctl-init-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: clusterctl-init-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
# Updating Phase clusterctl-move
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: clusterctl-move
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
# Updating Phase workers-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: workers-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: workers-target
|
||||
fieldrefs: ["config.cluster"]
|
||||
# Updating Phase helm-operator-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: helm-operator-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
# Updating Phase helm-collator-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: helm-collator-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
# Updating Phase dex-release-target
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: Phase
|
||||
name: dex-release-target
|
||||
fieldrefs: ["metadata.clusterName"]
|
||||
# ClusterMap substitution
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterMap
|
||||
target:
|
||||
objref:
|
||||
kind: ClusterMap
|
||||
name: main-map
|
||||
fieldrefs: ["map"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/cni/calico-capz/v3
|
||||
commonLabels:
|
||||
airshipit.org/stage: initinfra
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/workers-capz/v0.4.9
|
||||
- ../../config
|
||||
|
||||
transformers:
|
||||
- replacements.yaml
|
|
@ -0,0 +1,126 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: cluster-worker-replacements
|
||||
replacements:
|
||||
# Kind MachineDeployment replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerReplicas
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.replicas"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.clusterName"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.template.spec.clusterName"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.k8sVersion
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.template.spec.version"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.clusterName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.template.spec.bootstrap.clusterName"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.template.spec.bootstrap.configRef.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerName
|
||||
target:
|
||||
objref:
|
||||
kind: MachineDeployment
|
||||
fieldrefs: ["spec.template.spec.infrastructureRef.name"]
|
||||
|
||||
# KubeadmConfigTemplate replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.kubeadmConfigSecretName
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
fieldrefs: [".spec.template.spec.files.0.contentFrom.secret.name"]
|
||||
|
||||
# AzureMachineTemplate replacements
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerName
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["metadata.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.location
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.location"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.workerVMSize
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.vmSize"]
|
||||
- source:
|
||||
objref:
|
||||
name: cluster-catalogue
|
||||
fieldref: kubernetes.sshPublicKey
|
||||
target:
|
||||
objref:
|
||||
kind: AzureMachineTemplate
|
||||
fieldrefs: ["spec.template.spec.sshPublicKey"]
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../config
|
||||
- ../../../../../type/airship-core/target/workload/dex-aio
|
||||
|
||||
transformers:
|
||||
- replacements
|
||||
- ../../../../../type/airship-core/target/workload/dex-aio/replacements
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- site-dex-replacements.yaml
|
|
@ -0,0 +1,76 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: site-cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Dex VariableCatalogue Values override
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.site.name
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-dex-catalogue
|
||||
fieldrefs: [".dex.site.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.endpoints.hostname
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-dex-catalogue
|
||||
fieldrefs: [".dex.endpoints.hostname"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.oidc.client_id
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_id"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.oidc.client_secret
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_secret"]
|
||||
- source:
|
||||
objref:
|
||||
name: site-dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-dex-catalogue
|
||||
fieldrefs: [".dex.service.type"]
|
||||
# Uncomment "-source" structure below to add your IDP Connector data
|
||||
# - source:
|
||||
# objref:
|
||||
# name: site-dex-catalogue
|
||||
# fieldref: dex.idp.connector.connectors
|
||||
# target:
|
||||
# objref:
|
||||
# kind: VariableCatalogue
|
||||
# name: type-dex-catalogue
|
||||
# fieldrefs: ["dex.idp.connector.connectors"]
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../../type/airship-core/target/workload/flux-helm/
|
|
@ -0,0 +1,23 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: site-collator-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
collator:
|
||||
image: quay.io/sshiba/helm-chart-collator:latest
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- collator-catalogue.yaml
|
||||
- ../../../../../type/airship-core/target/workload/helm-chart-collator/
|
||||
|
||||
transformers:
|
||||
- replacements
|
||||
- ../../../../../type/airship-core/target/workload/helm-chart-collator/replacements
|
|
@ -0,0 +1,29 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: site-dex-controlplane-replacements
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
name: site-collator-catalogue
|
||||
fieldref: collator.image
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: type-collator-catalogue
|
||||
fieldrefs: [".collator.image"]
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- collator-replacements.yaml
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../airshipctl/manifests/function/k8scontrol
|
||||
- ../../../../function/dex-aio/api-server
|
||||
|
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/function/k8scontrol/replacements
|
||||
- ../../../../../function/dex-aio/api-server/replacements
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- type-dex-catalogue.yaml
|
||||
- ../../../../../function/dex-aio/dex
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: dex-type-catalogue-cleanup
|
||||
patches: |-
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: type-dex-catalogue
|
||||
$patch: delete
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- type-dex-replacements.yaml
|
||||
- ../../../../../../function/dex-aio/dex/replacements
|
||||
- dex-cleanup-catalogue.yaml
|
|
@ -0,0 +1,75 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: type-cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Dex VariableCatalogue Values override
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.site.name
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.site.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.endpoints.hostname
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.endpoints.hostname"]
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.oidc.client_id
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_id"]
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.oidc.client_secret
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.oidc.client_secret"]
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: [".dex.service.type"]
|
||||
- source:
|
||||
objref:
|
||||
name: type-dex-catalogue
|
||||
fieldref: dex.idp.connector.connectors
|
||||
target:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: dex-catalogue
|
||||
fieldrefs: ["dex.idp.connector.connectors"]
|
|
@ -0,0 +1,42 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: type-dex-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
dex:
|
||||
site:
|
||||
name: Dex-Type
|
||||
endpoints:
|
||||
hostname: dex.type.local
|
||||
oidc:
|
||||
client_id: type-kubernetes
|
||||
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
service:
|
||||
type: LoadBalancer
|
||||
kubeadm:
|
||||
api-server:
|
||||
extra-args:
|
||||
oidc-issuer-url: https://dex.type.local:5556/dex
|
||||
oidc-client-id: type-kubernetes
|
||||
idp:
|
||||
connector:
|
||||
connectors:
|
||||
- type: ldap
|
||||
id: ldap
|
||||
name: LDAP
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../../../../airshipctl/manifests/composite/flux-helm
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- type-collator-catalogue.yaml
|
||||
- ../../../../../../../airshipctl/manifests/function/helm-chart-collator
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: collator-type-catalogue-cleanup
|
||||
patches: |-
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: type-collator-catalogue
|
||||
$patch: delete
|
|
@ -0,0 +1,30 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: type-dex-controlplane-replacements
|
||||
replacements:
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: type-collator-catalogue
|
||||
fieldref: collator.image
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: helm-chart-collator
|
||||
fieldrefs: [".spec.template.spec.containers[0]image"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- collator-replacements.yaml
|
||||
- collator-cleanup-catalogue.yaml
|
|
@ -0,0 +1,23 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: type-collator-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
collator:
|
||||
image: quay.io/airshipit/type-helm-chart-collator:latest
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue