Create secret with ssh-key for hostconfig-operator
This commit adds secret creation to hostconfig-operator. Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com> Change-Id: I8a92a07e1aaf653708b6e4d9fa8e300ebb3a9468
This commit is contained in:
parent
5ab8941ba8
commit
87a82989b6
@ -5,3 +5,4 @@ resources:
|
||||
- hostconfig.airshipit.org_hostconfigs_crd.yaml
|
||||
- rbac
|
||||
- deployment.yaml
|
||||
- ssh-key.yaml
|
||||
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ssh-key-replacement.yaml
|
@ -0,0 +1,21 @@
|
||||
# These rules inject env vars into the k8scontrol function.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: hco-generated-ssh-key-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:v2.0.2
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: generated-secrets
|
||||
fieldref: "{.sshKeys.privateKey}"
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: hco-ssh-auth
|
||||
fieldrefs:
|
||||
- "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
|
9
manifests/function/hostconfig-operator/ssh-key.yaml
Normal file
9
manifests/function/hostconfig-operator/ssh-key.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: hco-ssh-auth
|
||||
type: kubernetes.io/ssh-auth
|
||||
data:
|
||||
ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
|
||||
username: ZGVwbG95ZXIK
|
||||
|
@ -3,5 +3,6 @@ resources:
|
||||
- ../catalogues
|
||||
transformers:
|
||||
- ../../../../type/airship-core/target/initinfra/replacements
|
||||
- ../../../../function/hostconfig-operator/replacements
|
||||
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
|
||||
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
|
||||
|
@ -34,3 +34,24 @@ kubectl \
|
||||
|
||||
./tools/deployment/31_deploy_initinfra_target_node.sh
|
||||
|
||||
hosts=$(`kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s get nodes -o name`)
|
||||
|
||||
# Annotate node for hostconfig-operator
|
||||
for i in "${!hosts[@]}"
|
||||
do
|
||||
kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth
|
||||
kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s label ${hosts[i]} node-type=controlplane
|
||||
kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s label ${hosts[i]} kubernetes.io/role=master
|
||||
done
|
||||
|
@ -14,6 +14,8 @@
|
||||
|
||||
set -ex
|
||||
|
||||
export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"}
|
||||
export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-cluster"}
|
||||
: ${AIRSHIPCTL_PROJECT:="../airshipctl"}
|
||||
|
||||
export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \
|
||||
@ -23,3 +25,21 @@ export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \
|
||||
|
||||
cd ${AIRSHIPCTL_PROJECT}
|
||||
./tools/deployment/34_deploy_worker_node.sh
|
||||
|
||||
hosts=$(`kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s get nodes -o name`)
|
||||
|
||||
# Annotate node for hostconfig-operator
|
||||
for i in "${!hosts[@]}"
|
||||
do
|
||||
kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth
|
||||
kubectl \
|
||||
--kubeconfig $KUBECONFIG \
|
||||
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||
--request-timeout 10s label ${hosts[i]} kubernetes.io/role=master
|
||||
done
|
||||
|
Loading…
Reference in New Issue
Block a user