Configure ssh from jump host to VMs

The SipCluster CRs reference an ssh-private-keys Secret
which did not exist. This is used to ssh into the VMs
from within the Sip jump hosts. This change adds the Secret
and sources its content from the ssh keys generated for the
target cluster. Once we have a pattern for generating secrets
for sub-clusters in place we should generate separate ssh
key pairs for each sub-cluster.

Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I7eb997e6328bba0fdc49f5b9b5a8c097fc24e143

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml

@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: lma-infra

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
+  - secrets.yaml

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/secrets.yaml

@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: lma-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: lma-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/ssh-private-keys-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml

@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: wordpress-infra

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
+  - secrets.yaml

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/secrets.yaml

@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: wordpress-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: wordpress-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/ssh-private-keys-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+

manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml

@@ -1,2 +1,3 @@
 resources:
   - ../../../../../sub-cluster/workers/replacements
+