From 35906afbc16ed2e3553f313d4f50cc11f54281a1 Mon Sep 17 00:00:00 2001 From: Drew Walters Date: Mon, 5 Apr 2021 18:12:19 +0000 Subject: [PATCH] Add target infra phases to sub-cluster type The current sub-cluster type implementation does not include any phases to deliver the SIPCluster CR or the machine templates required for provisioning a sub-cluster. This change adds the phases to the sub-cluster type so they can be reused across sub-clusters. Change-Id: I708cd087749474c2d73b8dca0318b09e86dca0c1 --- .../versions-treasuremap.yaml | 12 +++ .../wordpress/controlplane/kustomization.yaml | 6 ++ .../provide-infra/kustomization.yaml | 6 ++ .../wordpress/workers/kustomization.yaml | 7 ++ .../workers/metal3machinetemplate.yaml | 10 ++ .../target/catalogues/kustomization.yaml | 1 + .../catalogues/versions-treasuremap.yaml | 11 +++ .../shared/catalogues/kustomization.yaml | 1 - .../catalogues/subcluster-networking.yaml | 15 ++- .../wordpress/controlplane/kustomization.yaml | 2 + .../replacements/kustomization.yaml | 2 + .../wordpress/phases/phases_patch.yaml | 23 +++++ .../provide-infra/kustomization.yaml | 2 + .../replacements/kustomization.yaml | 3 + .../replacements/networking.yaml | 47 ++++++++++ .../provide-infra/replacements/versions.yaml | 40 ++++++++ .../wordpress/provide-infra/sipcluster.yaml | 92 +++++++++++++++++++ .../wordpress/workers/kustomization.yaml | 2 + .../workers/replacements/kustomization.yaml | 2 + .../controlplane/kustomization.yaml | 4 + .../replacements/kustomization.yaml | 4 + manifests/type/sub-cluster/phases/phases.yaml | 38 ++++++++ .../provide-infra/kustomization.yaml | 3 + .../workers/kubeadmconfigtemplate.yaml | 30 ++++++ .../sub-cluster/workers/kustomization.yaml | 5 + .../workers/machinedeployment.yaml | 28 ++++++ .../workers/replacements/kustomization.yaml | 5 + .../workers/replacements/versions.yaml | 20 ++++ .../replacements/workers-env-vars.yaml | 41 +++++++++ .../sub-cluster/workload/kustomization.yaml | 2 + 30 files changed, 461 insertions(+), 3 deletions(-) create mode 100644 manifests/site/virtual-network-cloud/sub-clusters/wordpress/controlplane/kustomization.yaml create mode 100644 manifests/site/virtual-network-cloud/sub-clusters/wordpress/provide-infra/kustomization.yaml create mode 100644 manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml create mode 100644 manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml create mode 100644 manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/kustomization.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/replacements/kustomization.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/versions.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml create mode 100644 manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml create mode 100644 manifests/type/sub-cluster/controlplane/kustomization.yaml create mode 100644 manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml create mode 100644 manifests/type/sub-cluster/provide-infra/kustomization.yaml create mode 100644 manifests/type/sub-cluster/workers/kubeadmconfigtemplate.yaml create mode 100644 manifests/type/sub-cluster/workers/kustomization.yaml create mode 100644 manifests/type/sub-cluster/workers/machinedeployment.yaml create mode 100644 manifests/type/sub-cluster/workers/replacements/kustomization.yaml create mode 100644 manifests/type/sub-cluster/workers/replacements/versions.yaml create mode 100644 manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml diff --git a/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml b/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml index a684e8dd5..85ff4f0a5 100644 --- a/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml +++ b/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml @@ -5,6 +5,12 @@ metadata: labels: airshipit.org/deploy-k8s: "false" spec: + files: + k8scontrol: + subcluster_controlplane_image: + url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img + checksum: 4a6909d1480ac30d676accd7b37ec711 + helm_repositories: grafana: url: https://grafana.github.io/helm-charts @@ -71,10 +77,16 @@ spec: image: quay.io/thanos/thanos:v0.17.2 sip: sip: + auth: + image: quay.io/dexidp/dex:v2.20.0 kube-rbac-proxy: image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 manager: image: quay.io/airshipit/sip:51e7ff85d617c0e94fa98920fdbacce3ad9e6bc0 + jump_host: + image: quay.io/airshipit/jump-host:latest + load_balancer: + image: haproxy:2.3.2 vino: vino: kube-rbac-proxy: diff --git a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/controlplane/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/controlplane/kustomization.yaml new file mode 100644 index 000000000..be1241e1e --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/controlplane/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/controlplane + - ../../../target/catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/controlplane/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/provide-infra/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/provide-infra/kustomization.yaml new file mode 100644 index 000000000..5f0322ca9 --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/provide-infra/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/provide-infra + - ../../../target/catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml new file mode 100644 index 000000000..1a797f73e --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/workers + - ../../../target/catalogues + - metal3machinetemplate.yaml + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/wordpress/workers/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml new file mode 100644 index 000000000..f4405f62a --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml @@ -0,0 +1,10 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 +kind: Metal3MachineTemplate +metadata: + name: worker-1 +spec: + template: + spec: + image: + url: http://10.23.24.102:80/images/data-plane.qcow2 + checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum diff --git a/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml b/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml index b7d1f573e..1cb91d2d4 100644 --- a/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml +++ b/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml @@ -8,4 +8,5 @@ resources: patchesStrategicMerge: - versions-airshipctl.yaml + - versions-treasuremap.yaml - networking.yaml diff --git a/manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml b/manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml new file mode 100644 index 000000000..329905fe3 --- /dev/null +++ b/manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml @@ -0,0 +1,11 @@ +apiVersion: airshipit.org/v1alpha1 +kind: VersionsCatalogue +metadata: + name: versions-treasuremap +spec: + files: + k8scontrol: + # Use locally generated images + subcluster_controlplane_image: + url: http://10.23.24.1:8099/target-image.qcow2 + checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum diff --git a/manifests/type/multi-tenant/shared/catalogues/kustomization.yaml b/manifests/type/multi-tenant/shared/catalogues/kustomization.yaml index 247b9bd59..51079fd74 100644 --- a/manifests/type/multi-tenant/shared/catalogues/kustomization.yaml +++ b/manifests/type/multi-tenant/shared/catalogues/kustomization.yaml @@ -3,4 +3,3 @@ kind: Kustomization resources: - ../../../airship-core/shared/catalogues - subcluster-networking.yaml - diff --git a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml index 9482f4e27..bc97ad99d 100644 --- a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml +++ b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml @@ -46,7 +46,8 @@ spec: name: http wordpress: - # This stanza is replaced directly into lma's networking catalogue + # This stanza is replaced directly into the Wordpress sub-cluster's + # networking catalogue at the site level. kubernetes: serviceCidr: "10.0.80.0/20" podCidr: "192.168.0.0/18" @@ -55,4 +56,14 @@ spec: port: 6443 apiserverCertSANs: [10.23.25.201, 10.23.24.201] - port_range: ["11040:11059"] \ No newline at end of file + exposed_services: + - name: auth + nodePort: 30556 + - name: jumpHost + nodePort: 30001 + - name: loadBalancerControlPlane + nodePort: 30002 + # TODO: Uncomment when SIP supports a Worker load balancer. + # Potential ports that can be used by sub-cluster services. + # - name: loadBalancerWorkers + # nodePort: ["30003:30020"] diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/kustomization.yaml new file mode 100644 index 000000000..7de7af44e --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../sub-cluster/controlplane diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/replacements/kustomization.yaml new file mode 100644 index 000000000..f7dd18790 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/controlplane/replacements/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../sub-cluster/controlplane/replacements diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/phases/phases_patch.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/phases/phases_patch.yaml index 4fdf8e8e2..d2053a925 100644 --- a/manifests/type/multi-tenant/sub-clusters/wordpress/phases/phases_patch.yaml +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/phases/phases_patch.yaml @@ -1,3 +1,26 @@ +# NOTE: The contents of these phases are delivered to the target cluster. +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: provide-infra +config: + documentEntryPoint: sub-clusters/wordpress/provide-infra +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: controlplane +config: + documentEntryPoint: sub-clusters/wordpress/controlplane +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: workers +config: + documentEntryPoint: sub-clusters/wordpress/workers + --- apiVersion: airshipit.org/v1alpha1 kind: Phase diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml new file mode 100644 index 000000000..01dee6264 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - sipcluster.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml new file mode 100644 index 000000000..6ed76bd38 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - networking.yaml + - versions.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml new file mode 100644 index 000000000..335bad55b --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml @@ -0,0 +1,47 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: subcluster-provide-infra-networking-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2 +replacements: + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.wordpress.exposed_services[?(.name == 'auth')].nodePort}" + target: + objref: + kind: SIPCluster + name: wordpress + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.auth[0].nodePort}"] + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.wordpress.exposed_services[?(.name == 'jumpHost')].nodePort}" + target: + objref: + kind: SIPCluster + name: wordpress + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.jumpHost[0].nodePort}"] + # NOTE: newer versions of SIP will have an additional load balancer for the + # worker nodes. + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.wordpress.exposed_services[?(.name == 'loadBalancerControlPlane')].nodePort}" + target: + objref: + kind: SIPCluster + name: wordpress + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"] diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/versions.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/versions.yaml new file mode 100644 index 000000000..82830e296 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/versions.yaml @@ -0,0 +1,40 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: subcluster-provide-infra-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2 +replacements: +# Replace SIPCluster CR images +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.auth.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.auth[*].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.jump_host.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.jumpHost[*].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.load_balancer.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.loadBalancer[*].image}"] diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml new file mode 100644 index 000000000..a63721a2c --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml @@ -0,0 +1,92 @@ +apiVersion: airship.airshipit.org/v1 +kind: SIPCluster +metadata: + name: wordpress + namespace: sipcluster-system + finalizers: + - sip.airship.airshipit.org/finalizer +spec: + nodes: + ControlPlane: + labelSelector: + vino.airshipit.org/flavor: control-plane + spreadTopology: PerRack + count: + active: 1 + standby: 1 + Worker: + labelSelector: + vino.airshipit.org/flavor: worker + spreadTopology: PerHost + count: + active: 2 + standby: 1 # Slew for upgrades + services: + auth: + - image: quay.io/dexidp/dex + nodeInterfaceId: oam-ipv4 + nodePort: 30556 + TLSCrt: | + -----BEGIN CERTIFICATE----- + MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p + a3ViZUNBMB4XDTIxMDMxNzExNDYzMFoXDTMxMDMxNjExNDYzMFowFTETMBEGA1UE + AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs1 + ujCXS/HDS9dSOJWfotlrQj46V4oL8q5dOmLXSvqfISINzdXK9XrBo/1INQ2RmFL/ + oXbCwvT1PhRkm/KS/LN3dgsbPjb6/meKsrLOpKPtTAm29+c7h87ZkwHi2LPZO+3w + bVp49ERCg89VjfIStvGefJvKaz1Rq3WTZN96216dSY2sShON07ELv4pZPJGjEHg6 + U6c4UgMdnye3FUUxaayqjZbLKcN/mNkI7kMzy4e0RZ4Y3WTlr0nxDVuYiz8v9usa + rHO5Pu9w40FAudlmMrSB9Qj8ED/VtooW4qewm4oUdHrmzJ86vamWLll2keHt4MAY + 5mG0vglWqm2zEL8jJWUCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW + MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW + BBQs35Wcd1nnNOP1YuzwousJxfATmDANBgkqhkiG9w0BAQsFAAOCAQEAbspb0RE5 + vOeObqLY7JEMlNvnxbnHceIpltZpnq5ZGbDHEBUEyBUnDnO7UZrxw2qmDgvpUPot + jNxgWzDcxb7kuli6Ehc1Nbtm8HKFf3xx5d1dTBuPj8i6njB/3kVbYZOHGcFxku62 + ac8KQT8EdaQdTtwoQLhfGl3P++afg7kfvcm962PKYWDGcbXbbJxEf1YDuy2dY2/Z + u5rOyAIhRSOm68edMhy/0Bdq3NBmT5icptMawEBrJXW7tNOnbSLu6qtQqSX8w58u + 2ZnZouCSXMfLYKNuDWVuhe/WfCv9ZKr/Izcz1raBquo8yDt4qsxDPfix/QSqUxRc + kDR2hHk/Mfv+rg== + -----END CERTIFICATE----- + TLSKey: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAqzW6MJdL8cNL11I4lZ+i2WtCPjpXigvyrl06YtdK+p8hIg3N + 1cr1esGj/Ug1DZGYUv+hdsLC9PU+FGSb8pL8s3d2Cxs+Nvr+Z4qyss6ko+1MCbb3 + 5zuHztmTAeLYs9k77fBtWnj0REKDz1WN8hK28Z58m8prPVGrdZNk33rbXp1JjaxK + E43TsQu/ilk8kaMQeDpTpzhSAx2fJ7cVRTFprKqNlsspw3+Y2QjuQzPLh7RFnhjd + ZOWvSfENW5iLPy/26xqsc7k+73DjQUC52WYytIH1CPwQP9W2ihbip7CbihR0eubM + nzq9qZYuWXaR4e3gwBjmYbS+CVaqbbMQvyMlZQIDAQABAoIBAC3cZ3JqpKIvERqt + YJDbwRCCRa1LjXVh+/Cu8lvVlbUKeSKZFgDlq9nlEttewy9OR8I7zXF1fCmHo8hs + psVUkDI2lr0k4AZ0Nz9fDL0O01VB1DNp+n/LF3bWGyXPMQMD9qSm2XP5oFzEgHBC + V5J3Zt/T90b38r/rJ4WIJOYkD60I/mQ2oB9I6QsUDSxeH9a/L1BEHvGcBtfbqWlA + b7BBRBjRCdtbV67pFpspSnWmIwDBF3GNbjjPyWiRCicLQeZ+Eysc4GbeT89A76xN + q76uPH/+vo5fafm86AURN59QA6/qaCvrlE02gt9FbFW/cN0Bs7y3OSl2e8/si6tz + n4Nwq8ECgYEA4F4oAitnCfAKhHr501qaJk4uj5YuzQktANjPp9Bo5x/FThF497gN + KvumUlq4Z3H7ivXk0WEYb5v2erXtgXoj6o/uAL+5FQyRBpUDa5FpeAi64e0Vzhtk + UUd5RXoC0eITdF8zaXHJsYTNv6jDA33Flqkk7bioTWi0VrTFlwp5mRUCgYEAw1kB + HmuV1LSqmwXf/6NIO2mmSBLNWC4JY/qAV9HlCxKhv9fXhl99m0lQRPs2TZIYrkCY + Q0entaYY+2EQn1HBm7sdGnoy5tOYb9Lg89zzP23MJDLAQ+eXRTyl25W3qQVnrRzx + o00EFX6QhySbuBditiu75wjN1Q2IY+jE81MozxECgYBU6s3xpEOnOzZ/1ZtgJtZY + 0RZGOe0UpPhnbaeKOBK8BwZB+dLyzrINJplYagWJAVbWzSIBLOJ2u2yaHOj7LCMT + z82gcu+1y7/H4fYdbDeiuosgnv61tyBMsuRvKzKOBSaf0LhAnFRd34mPlGvakmuK + DhJv9oecZJh8iIaQF+LV0QKBgFDDQHIqOqTZGNvEvwo6oIdns4aCt4Dob5t1GpC0 + R4SfbF4bR5DXc9+6nMQYNCg36ZpJPGo8errf894iEDQ+IdRXtL2YnejOvGwm/Df2 + Nl8X7tlcXh705ZaLb2rsaCUqBeYNXF2OXszgKbKl0Pd4O6hjRmlLO4YE9UmRF7Qd + wnZxAoGBAKN9LgEmOq3GTDbWvnKRDG8q1MjMOOLRuqryQWXF3KP/+oPB2XUrw7Eg + Sw9yBi8GZ6PseG1W5LnwT2vAeDaLRrAr8QrDmd+Aj+og7CVD82Gy/k8Uh0TyCUlF + DOY0q5Hu9iPlqk3ZQqGJKcms+97jD7JPGsPOH0+LcK9sEI6fJOna + -----END RSA PRIVATE KEY----- + CertManagerNS: cert-manager + jumpHost: + - image: quay.io/airshipit/jump-host + nodePort: 30001 + nodeInterfaceId: oam-ipv4 + bmc: + proxy: false + sshAuthorizedKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2 + nodeSSHPrivateKeys: ssh-private-keys + loadBalancer: + - image: haproxy + nodePort: 30000 + nodeInterfaceId: oam-ipv4 + diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml new file mode 100644 index 000000000..364cf41e8 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../sub-cluster/workers diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml new file mode 100644 index 000000000..287984ceb --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../sub-cluster/workers/replacements diff --git a/manifests/type/sub-cluster/controlplane/kustomization.yaml b/manifests/type/sub-cluster/controlplane/kustomization.yaml new file mode 100644 index 000000000..f01834d0b --- /dev/null +++ b/manifests/type/sub-cluster/controlplane/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../function/k8scontrol-ha diff --git a/manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml b/manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml new file mode 100644 index 000000000..92cf202e3 --- /dev/null +++ b/manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../../function/k8scontrol-ha/replacements diff --git a/manifests/type/sub-cluster/phases/phases.yaml b/manifests/type/sub-cluster/phases/phases.yaml index ebaf970df..deb14de2a 100644 --- a/manifests/type/sub-cluster/phases/phases.yaml +++ b/manifests/type/sub-cluster/phases/phases.yaml @@ -1,3 +1,41 @@ +# NOTE: The contents of these phases are delivered to the target cluster. +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: provide-infra + clusterName: target +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: KubernetesApply + name: kubernetes-apply + documentEntryPoint: sub-clusters/sub-cluster/provide-infra +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: controlplane + clusterName: target +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: KubernetesApply + name: kubernetes-apply + documentEntryPoint: sub-clusters/sub-cluster/controlplane +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: workers + clusterName: target +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: KubernetesApply + name: kubernetes-apply + documentEntryPoint: sub-clusters/sub-cluster/workers + --- apiVersion: airshipit.org/v1alpha1 kind: Phase diff --git a/manifests/type/sub-cluster/provide-infra/kustomization.yaml b/manifests/type/sub-cluster/provide-infra/kustomization.yaml new file mode 100644 index 000000000..58901d1d6 --- /dev/null +++ b/manifests/type/sub-cluster/provide-infra/kustomization.yaml @@ -0,0 +1,3 @@ +# NOTE: This directory should not be inherited; it should be redefined within the +# type that defines the actual sub-cluster. +resources: [] diff --git a/manifests/type/sub-cluster/workers/kubeadmconfigtemplate.yaml b/manifests/type/sub-cluster/workers/kubeadmconfigtemplate.yaml new file mode 100644 index 000000000..b3b0c2551 --- /dev/null +++ b/manifests/type/sub-cluster/workers/kubeadmconfigtemplate.yaml @@ -0,0 +1,30 @@ +apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 +kind: KubeadmConfigTemplate +metadata: + name: worker-1 +spec: + template: + spec: + joinConfiguration: + nodeRegistration: + name: '{{ ds.meta_data.name }}' + kubeletExtraArgs: + node-labels: 'metal3.io/uuid={{ ds.meta_data.uuid }},node-type=worker' + provider-id: 'metal3://{{ ds.meta_data.uuid }}' + feature-gates: "IPv6DualStack=true" + files: + - path: "/etc/systemd/system/docker.service.d/http-proxy.conf" + content: | + [Service] + Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY" + Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY" + Environment="NO_PROXY=REPLACEMENT_NO_PROXY" + preKubeadmCommands: + # Restart docker to apply any proxy settings + - export HOME=/root + - systemctl restart docker + users: + - name: ubuntu + sshAuthorizedKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK5jnOafJwnoN+vp77LgayzLZ7O6tu96cObzwjIEwOowi2KHTk+G4sUXzE4mt2QbPTbyOF45d/omcRZYixrTmYwwtJ9QGPbwWw/qpCRzVo5uV4qbwBd3iRUqXryOmZRCCFac678JXZS9f8AfOP9rHkh2jqhA6dJdtvqYTOpPLtmw8pYjScH/YqBXZObNSFS5PlSPl901UhZH4FNUAuYeR9JGY99wgM+R9XHRRgfBPJzwzvOQ7ZYfvxb+n4TuBr7u7jZtYC+pmG/eOYbIt2/vexO0y/rNomtC+hjDAXZO2VFwHejYW6r+ZPpkNrdr+5U8s0aENGg4BJkVa2n3LwUrZF segorov@node1 + sudo: ALL=(ALL) NOPASSWD:ALL diff --git a/manifests/type/sub-cluster/workers/kustomization.yaml b/manifests/type/sub-cluster/workers/kustomization.yaml new file mode 100644 index 000000000..b1c1a89b1 --- /dev/null +++ b/manifests/type/sub-cluster/workers/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - kubeadmconfigtemplate.yaml + - machinedeployment.yaml diff --git a/manifests/type/sub-cluster/workers/machinedeployment.yaml b/manifests/type/sub-cluster/workers/machinedeployment.yaml new file mode 100644 index 000000000..e6486c2be --- /dev/null +++ b/manifests/type/sub-cluster/workers/machinedeployment.yaml @@ -0,0 +1,28 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: MachineDeployment +metadata: + name: worker-1 + labels: + cluster.x-k8s.io/cluster-name: target-cluster +spec: + clusterName: target-cluster + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/cluster-name: target-cluster + template: + metadata: + labels: + cluster.x-k8s.io/cluster-name: target-cluster + spec: + clusterName: target-cluster + version: v1.18.3 + bootstrap: + configRef: + name: worker-1 + apiVersion: bootstrap.cluster.x-k8s.io/v1alpha3 + kind: KubeadmConfigTemplate + infrastructureRef: + name: worker-1 + apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 + kind: Metal3MachineTemplate diff --git a/manifests/type/sub-cluster/workers/replacements/kustomization.yaml b/manifests/type/sub-cluster/workers/replacements/kustomization.yaml new file mode 100644 index 000000000..a9eb6089f --- /dev/null +++ b/manifests/type/sub-cluster/workers/replacements/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - workers-env-vars.yaml + - versions.yaml diff --git a/manifests/type/sub-cluster/workers/replacements/versions.yaml b/manifests/type/sub-cluster/workers/replacements/versions.yaml new file mode 100644 index 000000000..d81243fea --- /dev/null +++ b/manifests/type/sub-cluster/workers/replacements/versions.yaml @@ -0,0 +1,20 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: subcluster-workers-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2 +replacements: +# Replace the controlplane disk image in the Metal3MachineTemplate +- source: + objref: + kind: VariableCatalogue + name: versions-treasuremap + fieldref: "{.spec.files.k8scontrol.subcluster_controlplane_image}" + target: + objref: + kind: Metal3MachineTemplate + name: worker-1 + fieldrefs: ["{.spec.template.spec.image}"] diff --git a/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml b/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml new file mode 100644 index 000000000..ad79874ab --- /dev/null +++ b/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml @@ -0,0 +1,41 @@ +# These rules inject env vars into the workers. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: workers-env-vars-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:latest +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTP_PROXY%" +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_HTTPS_PROXY%" +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: KubeadmConfigTemplate + name: worker-1 + fieldrefs: + - "spec.template.spec.files[path=/etc/systemd/system/docker.service.d/http-proxy.conf].content%REPLACEMENT_NO_PROXY%" diff --git a/manifests/type/sub-cluster/workload/kustomization.yaml b/manifests/type/sub-cluster/workload/kustomization.yaml index e584213cf..58901d1d6 100644 --- a/manifests/type/sub-cluster/workload/kustomization.yaml +++ b/manifests/type/sub-cluster/workload/kustomization.yaml @@ -1 +1,3 @@ +# NOTE: This directory should not be inherited; it should be redefined within the +# type that defines the actual sub-cluster. resources: []