airship/treasuremap
Code Issues Proposed changes

Enable SSH access on to target and worker nodes

Browse Source 
Allow ssh access to target and worker nodes on test site in treasuremap.

Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: Id5ee27ec59bbbee85c169449a546c49d56885886
This commit is contained in:
Sreejith Punnapuzha
2021-04-07 00:16:44 -05:00
parent 46c1671f43
commit b97569e857
5 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/site/test-site/target/workers/provision/kubeadmconfigtemplate.yaml
View File

@@ -22,9 +22,10 @@ spec:
preKubeadmCommands: preKubeadmCommands:
# Restart docker to apply any proxy settings # Restart docker to apply any proxy settings
- export HOME=/root - export HOME=/root
- systemctl daemon-reload
- systemctl restart docker - systemctl restart docker
users: users:
- name: deployer - name: deployer
sshAuthorizedKeys: sshAuthorizedKeys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1 - REPLACE_HOST_SSH_KEY
sudo: ALL=(ALL) NOPASSWD:ALL sudo: ALL=(ALL) NOPASSWD:ALL

2
manifests/site/test-site/target/workers/provision/kustomization.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../../../../../../airshipctl/manifests/function/airshipctl-base-catalogues - ../../catalogues
- ../../../../../../../airshipctl/manifests/type/gating/hwccprofiles - ../../../../../../../airshipctl/manifests/type/gating/hwccprofiles
- kubeadmconfigtemplate.yaml - kubeadmconfigtemplate.yaml
- metal3machinetemplate.yaml - metal3machinetemplate.yaml

20
manifests/site/test-site/target/workers/replacements/generated-secrets.yaml Normal file
View File

@@ -0,0 +1,20 @@
# These rules inject env vars into the workers.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: workers-generated-secret-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:v2
replacements:
- source:
objref:
name: generated-secrets
fieldref: "{.sshKeys.publicKey}"
target:
objref:
kind: KubeadmConfigTemplate
name: worker-1
fieldrefs:
- "spec.template.spec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"

1
manifests/site/test-site/target/workers/replacements/kustomization.yaml
View File

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- workers-env-vars.yaml - workers-env-vars.yaml
- generated-secrets.yaml

6
manifests/type/airship-core/target/generator/secret-template.yaml
View File

@@ -7,6 +7,8 @@ metadata:
container: container:
image: quay.io/airshipit/templater:latest image: quay.io/airshipit/templater:latest
values: values:
sshKeyGen:
encBit: 4096
ephemeralCluster: ephemeralCluster:
ca: ca:
subj: "/CN=Kubernetes API" subj: "/CN=Kubernetes API"
@@ -52,3 +54,7 @@ template: |
passwords: passwords:
root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }} root: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }} deployer: {{ derivePassword 1 "long" (randAscii 10) "user" "airshipit.org"|quote }}
{{- $sshKey := genSSHKeyPair .sshKeyGen.encBit }}
sshKeys:
privateKey: {{ $sshKey.Private|quote }}
publicKey: {{ $sshKey.Public|quote }}