Merge "Dex deployment for subclusters using existing dex HelmRelease in treasuremap"

manifests/function/dex-aio/dex-helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
       endpoints:
         hostname: dex.function.local
         port:
-          https: 32556
+          https: 30556
           http: 32554
           k8s: 6443
         tls:

manifests/function/k8scontrol-ha/oidc-apiserver-flags_patch.json

@@ -8,7 +8,7 @@
           "oidc-ca-file": "/etc/kubernetes/certs/dex-cert",
           "oidc-client-id": "function-kubernetes",
           "oidc-groups-claim": "group",
-          "oidc-issuer-url": "https://dex.function.local:32556/dex",
+          "oidc-issuer-url": "https://dex.function.local:30556/dex",
           "oidc-username-claim": "email"
         },
         "extraVolumes":

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml

@@ -1,2 +1,4 @@
 resources:
+  - ../../../../../function/dex-aio
   - sipcluster.yaml
+namespace: lma-infra

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,3 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml

@@ -45,3 +45,13 @@ replacements:
       # NOTE: The SIPCluster CR accepts multiple infra service definitions,
       # but we only deploy one instance of each.
       fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"]
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}"
+    target:
+      objref:
+        kind: HelmRelease
+        name: dex-aio
+      fieldrefs: ["{.values.params.endpoints.port.https}"]

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml

@@ -2,7 +2,6 @@ apiVersion: airship.airshipit.org/v1
 kind: SIPCluster
 metadata:
   name: lma
-  namespace: sipcluster-system
   finalizers:
     - sip.airship.airshipit.org/finalizer
 spec:

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml

@@ -1,2 +1,4 @@
 resources:
+  - ../../../../../function/dex-aio
   - sipcluster.yaml
+namespace: wordpress-infra

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,3 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml

@@ -45,3 +45,13 @@ replacements:
       # NOTE: The SIPCluster CR accepts multiple infra service definitions,
       # but we only deploy one instance of each.
       fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"]
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.wordpress.exposed_services[?(.name == 'auth')].nodePort}"
+    target:
+      objref:
+        kind: HelmRelease
+        name: dex-aio
+      fieldrefs: ["{.values.params.endpoints.port.https}"]

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml

@@ -2,7 +2,6 @@ apiVersion: airship.airshipit.org/v1
 kind: SIPCluster
 metadata:
   name: wordpress
-  namespace: sipcluster-system
   finalizers:
     - sip.airship.airshipit.org/finalizer
 spec: