Configure ssh from jump host to VMs
The SipCluster CRs reference an ssh-private-keys Secret which did not exist. This is used to ssh into the VMs from within the Sip jump hosts. This change adds the Secret and sources its content from the ssh keys generated for the target cluster. Once we have a pattern for generating secrets for sub-clusters in place we should generate separate ssh key pairs for each sub-cluster. Signed-off-by: Sean Eagan <seaneagan1@gmail.com> Change-Id: I7eb997e6328bba0fdc49f5b9b5a8c097fc24e143
This commit is contained in:
parent
2be9965660
commit
d28af1ffae
@ -1,5 +1,6 @@
|
|||||||
resources:
|
resources:
|
||||||
# - ../../../../../function/dex-aio
|
# - ../../../../../function/dex-aio
|
||||||
|
- ssh-private-keys-secret.yaml
|
||||||
- sipcluster.yaml
|
- sipcluster.yaml
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
namespace: lma-infra
|
namespace: lma-infra
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
resources:
|
resources:
|
||||||
- networking.yaml
|
- networking.yaml
|
||||||
- versions.yaml
|
- versions.yaml
|
||||||
|
- secrets.yaml
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
# These rules inject env vars into the k8scontrol function.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: lma-provide-infra-secrets-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: localhost/replacement-transformer
|
||||||
|
replacements:
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.sshKeys.privateKey}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: Secret
|
||||||
|
namespace: lma-infra
|
||||||
|
name: ssh-private-keys
|
||||||
|
fieldrefs:
|
||||||
|
- "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ssh-private-keys
|
||||||
|
type: kubernetes.io/ssh-auth
|
||||||
|
data:
|
||||||
|
ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
|
||||||
|
|
@ -1,5 +1,6 @@
|
|||||||
resources:
|
resources:
|
||||||
# - ../../../../../function/dex-aio
|
# - ../../../../../function/dex-aio
|
||||||
|
- ssh-private-keys-secret.yaml
|
||||||
- sipcluster.yaml
|
- sipcluster.yaml
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
namespace: wordpress-infra
|
namespace: wordpress-infra
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
resources:
|
resources:
|
||||||
- networking.yaml
|
- networking.yaml
|
||||||
- versions.yaml
|
- versions.yaml
|
||||||
|
- secrets.yaml
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
# These rules inject env vars into the k8scontrol function.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: wordpress-provide-infra-secrets-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: localhost/replacement-transformer
|
||||||
|
replacements:
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.sshKeys.privateKey}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: Secret
|
||||||
|
namespace: wordpress-infra
|
||||||
|
name: ssh-private-keys
|
||||||
|
fieldrefs:
|
||||||
|
- "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ssh-private-keys
|
||||||
|
type: kubernetes.io/ssh-auth
|
||||||
|
data:
|
||||||
|
ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
|
||||||
|
|
@ -1,2 +1,3 @@
|
|||||||
resources:
|
resources:
|
||||||
- ../../../../../sub-cluster/workers/replacements
|
- ../../../../../sub-cluster/workers/replacements
|
||||||
|
|
Loading…
Reference in New Issue
Block a user