Enable SSH access on to target and worker nodes

Allow ssh access to target and worker nodes on test site in treasuremap. Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com> Change-Id: Id5ee27ec59bbbee85c169449a546c49d56885886
2021-04-07 00:16:44 -05:00 · 2021-04-07 00:16:44 -05:00 · b97569e857
parent 46c1671f43
commit b97569e857
5 changed files with 30 additions and 2 deletions
--- a/manifests/site/test-site/target/workers/provision/kubeadmconfigtemplate.yaml
+++ b/manifests/site/test-site/target/workers/provision/kubeadmconfigtemplate.yaml
@ -22,9 +22,10 @@ spec:
      preKubeadmCommands:
        # Restart docker to apply any proxy settings
        - export HOME=/root
+        - systemctl daemon-reload
        - systemctl restart docker
      users:
        - name: deployer
          sshAuthorizedKeys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1
+          - REPLACE_HOST_SSH_KEY
          sudo: ALL=(ALL) NOPASSWD:ALL
--- a/manifests/site/test-site/target/workers/provision/kustomization.yaml
+++ b/manifests/site/test-site/target/workers/provision/kustomization.yaml
@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues
+  - ../../catalogues
  - ../../../../../../../airshipctl/manifests/type/gating/hwccprofiles
  - kubeadmconfigtemplate.yaml
  - metal3machinetemplate.yaml
--- a/manifests/site/test-site/target/workers/replacements/generated-secrets.yaml
+++ b/manifests/site/test-site/target/workers/replacements/generated-secrets.yaml
@ -0,0 +1,20 @@
+# These rules inject env vars into the workers.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: workers-generated-secret-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: quay.io/airshipit/replacement-transformer:v2
+replacements:
+- source:
+    objref:
+      name: generated-secrets
+    fieldref: "{.sshKeys.publicKey}"
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs:
+      - "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"
--- a/manifests/site/test-site/target/workers/replacements/kustomization.yaml
+++ b/manifests/site/test-site/target/workers/replacements/kustomization.yaml
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - workers-env-vars.yaml
+  - generated-secrets.yaml
--- a/manifests/type/airship-core/target/generator/secret-template.yaml
+++ b/manifests/type/airship-core/target/generator/secret-template.yaml
@ -7,6 +7,8 @@ metadata:
      container:
        image: quay.io/airshipit/templater:latest
 values:
+  sshKeyGen:
+    encBit: 4096
  ephemeralCluster:
    ca:
      subj: "/CN=Kubernetes API"
@ -52,3 +54,7 @@ template: |
    passwords:
      root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
      deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
+  {{- $sshKey := genSSHKeyPair .sshKeyGen.encBit }}
+  sshKeys:
+    privateKey: {{ $sshKey.Private|quote }}
+    publicKey: {{ $sshKey.Public|quote }}