Add skeleton of airship-core type

This adds a basic airship-core type and test-site definition, which initially
will point back to airshipctl for everything but site-specific configuration.

Gating is added under a dependent changeset:
https://review.opendev.org/#/c/741648

This removes the yaml-lint job / make target, since that chokes on CRs whose
definitions are not present.  YAML validation will be re-enabled by borrowing
the YAML validation from the airshipctl project, which leverages kustomize
and a live kubernetes API server.

Change-Id: I51c469f74be1270325f523343c02d36c2512e739

.zuul.yaml

@@ -13,10 +13,10 @@
 - project:
     check:
       jobs:
-        - treasuremap-lint
+        - noop
     gate:
       jobs:
-        - treasuremap-lint
+        - noop
     post:
       jobs:
         - treasuremap-upload-git-mirror
@@ -27,14 +27,6 @@
     nodes:
       - name: ubuntu-bionic
         label: ubuntu-bionic
-- job:
-    name: treasuremap-lint
-    description: Lint treasuremap using kubeval
-    nodeset: treasuremap-single-node
-    timeout: 900
-    pre-run:
-      - tools/gate/playbooks/deploy-kubeval.yaml
-    run: tools/gate/playbooks/yaml-lint.yaml
 
 - secret:
     name: airshipit-github-secret

Makefile

@@ -35,7 +35,3 @@ build_docs:
 format:
 	tox -e fmt
 
-lint:
-	mkdir -p build
-	./tools/gate/install-kubeval.sh $(BUILD_DIR)
-	./tools/gate/run-lint.sh

manifests/site/test-site/ephemeral/bootstrap/baremetalhost.yaml

@@ -0,0 +1,20 @@
+# This patches the node02 BMH to be suitable for ephemeral purposes
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  annotations:
+  labels:
+    airshipit.org/ephemeral-node: "true"
+    airshipit.org/deploy-k8s: "false"
+  name: node02
+spec:
+  online: true
+  bmc:
+    address: redfish+https://localhost:8443/redfish/v1/Systems/air-ephemeral
+status:
+  provisioning:
+# we need this status to make sure, that the host is not going to be
+# reprovisioned by the ephemeral baremetal operator.
+# when we have more flexible labeling system in place, we will not
+# deliver this document to ephemeral cluster
+    state: externally provisioned

manifests/site/test-site/ephemeral/bootstrap/hostgenerator/host-generation.yaml

@@ -0,0 +1,10 @@
+# Site-level, phase-specific lists of hosts to generate
+# This is used by the hostgenerator-m3 function to narrow down the site-level
+# host-catalogue to just the hosts needed for a particular phase.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: host-generation-catalogue
+hosts:
+  m3:
+    - node02

manifests/site/test-site/ephemeral/bootstrap/hostgenerator/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
+  - ../../../shared/catalogues/
+  - host-generation.yaml
+
+transformers:
+  - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements

manifests/site/test-site/ephemeral/bootstrap/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../type/airship-core/ephemeral/bootstrap
+
+generators:
+  - hostgenerator
+
+patchesStrategicMerge:
+  - baremetalhost.yaml

manifests/site/test-site/ephemeral/controlplane/before.yaml

@@ -0,0 +1,128 @@
+apiVersion: v1
+data:
+  password: cjAwdG1l
+  username: cm9vdA==
+kind: Secret
+metadata:
+  labels:
+    airshipit.org/k8s-role: controlplane-host
+  name: node01-bmc-secret
+type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    airshipit.org/k8s-role: controlplane-host
+  name: node01-network-data
+stringData:
+  networkData: "links:\n-\n  id: oam\n  mtu: \"1500\"\n  name: enp0s3\n  type: phy\n
+    \ \n  ethernet_mac_address: 52:54:00:9b:27:4c\n-\n  id: pxe\n  mtu: \"1500\"\n
+    \ name: enp0s4\n  type: phy\n  \n  ethernet_mac_address: 52:54:00:b6:ed:31\nnetworks:\n-\n
+    \ id: oam-ipv4\n  link: oam\n  netmask: 255.255.255.0\n  routes:\n  - gateway:
+    10.23.25.1\n    netmask: 0.0.0.0\n    network: 0.0.0.0\n  type: ipv4\n  \n  ip_address:
+    10.23.25.102\n-\n  id: pxe-ipv4\n  link: pxe\n  netmask: 255.255.255.0\n  type:
+    ipv4\n  \n  ip_address: 10.23.24.102\nservices:\n  - address: 8.8.8.8\n    type:
+    dns\n  - address: 8.8.4.4\n    type: dns\n  \n"
+type: Opaque
+---
+apiVersion: cluster.x-k8s.io/v1alpha3
+kind: Cluster
+metadata:
+  name: target-cluster
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - 192.168.0.0/18
+    serviceDomain: cluster.local
+    services:
+      cidrBlocks:
+      - 10.96.0.0/12
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
+    kind: KubeadmControlPlane
+    name: cluster-controlplane
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+    kind: Metal3Cluster
+    name: target-cluster
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha3
+kind: KubeadmControlPlane
+metadata:
+  name: cluster-controlplane
+spec:
+  infrastructureTemplate:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+    kind: Metal3MachineTemplate
+    name: cluster-controlplane
+  kubeadmConfigSpec:
+    files:
+    - content: |
+        kubernetes:
+          version: 1.17.3
+        container_runtime:
+          type: docker
+      owner: root:root
+      path: /konfigadm.yml
+      permissions: "0640"
+    initConfiguration:
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-labels: metal3.io/uuid={{ ds.meta_data.uuid }}
+        name: '{{ ds.meta_data.local_hostname }}'
+    joinConfiguration:
+      controlPlane: {}
+      nodeRegistration:
+        kubeletExtraArgs:
+          node-labels: metal3.io/uuid={{ ds.meta_data.uuid }}
+        name: '{{ ds.meta_data.local_hostname }}'
+    postKubeadmCommands:
+    - kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml
+    preKubeadmCommands:
+    - wget -O "/usr/bin/konfigadm" https://github.com/flanksource/konfigadm/releases/download/v0.5.3/konfigadm
+      && chmod +x "/usr/bin/konfigadm"
+    - konfigadm apply --config=/konfigadm.yml
+  replicas: 1
+  version: v1.17.0
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+kind: Metal3Cluster
+metadata:
+  name: target-cluster
+spec:
+  controlPlaneEndpoint:
+    host: 10.23.25.102
+    port: 6443
+  noCloudProvider: true
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+kind: Metal3MachineTemplate
+metadata:
+  name: cluster-controlplane
+spec:
+  template:
+    spec:
+      hostSelector:
+        matchLabels:
+          airshipit.org/k8s-role: controlplane-host
+      image:
+        checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
+        url: http://10.23.24.1:8099/target-image.qcow2
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+  labels:
+    airshipit.org/k8s-role: controlplane-host
+  name: node01
+spec:
+  bmc:
+    address: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-target-1
+    credentialsName: node01-bmc-secret
+  bootMACAddress: 52:54:00:b6:ed:31
+  networkData:
+    name: node01-network-data
+    namespace: default
+  online: false

manifests/site/test-site/ephemeral/controlplane/control-machine-template-patch.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
+kind: Metal3MachineTemplate
+metadata:
+  name: cluster-controlplane
+spec:
+  template:
+    spec:
+      image:
+        url: http://10.23.24.1:8099/target-image.qcow2
+        checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum

manifests/site/test-site/ephemeral/controlplane/hostgenerator/host-generation.yaml

@@ -0,0 +1,10 @@
+# Site-level, phase-specific lists of hosts to generate
+# This is used by the hostgenerator-m3 function to narrow down the site-level
+# host-catalogue to just the hosts needed for a particular phase.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: host-generation-catalogue
+hosts:
+  m3:
+    - node01

manifests/site/test-site/ephemeral/controlplane/hostgenerator/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3
+  - ../../../shared/catalogues/
+  - host-generation.yaml
+
+transformers:
+  - ../../../../../../../airshipctl/manifests/function/hostgenerator-m3/replacements

manifests/site/test-site/ephemeral/controlplane/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../type/airship-core/ephemeral/controlplane
+  # TODO (dukov) It's recocommended to upload BareMetalHost objects separately
+  # otherwise nodes will hang in 'registering' state for quite a long time
+  - nodes
+patchesStrategicMerge:
+  - control-machine-template-patch.yaml

manifests/site/test-site/ephemeral/controlplane/nodes/kustomization.yaml

@@ -0,0 +1,12 @@
+# Note: this weird extra layer between the .. and ../hostgenerator
+# is purely to apply the label below to the generated hosts.
+# When can come up with a better way to declare (e.g. via catalogue)
+# that the host is a controlplane host, we should get rid of this.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+generators:
+  - ../hostgenerator
+
+commonLabels:
+  airshipit.org/k8s-role: controlplane-host

manifests/site/test-site/ephemeral/initinfra/kustomization.yaml

@@ -0,0 +1,4 @@
+resources:
+  - ../../../../type/airship-core/ephemeral/initinfra
+patchesStrategicMerge:
+  - patch_bmo_config.yaml

manifests/site/test-site/ephemeral/initinfra/patch_bmo_config.yaml

@@ -0,0 +1,10 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  labels:
+  name: ironic-vars
+data:
+  PROVISIONING_IP: "10.23.24.101"
+  DHCP_RANGE: "10.23.24.200,10.23.24.250"
+  PROVISIONING_INTERFACE: "enp0s4"

manifests/site/test-site/shared/catalogues/hosts.yaml

@@ -0,0 +1,27 @@
+# Site-level host catalogue.  This info feeds the Templater
+# kustomize plugin config in the hostgenerator-m3 function.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: host-catalogue
+hosts:
+  m3:
+    node01:
+      macAddress: 52:54:00:b6:ed:31
+      bmcAddress: redfish+http://10.23.25.1:8000/redfish/v1/Systems/air-target-1
+      bmcUsername: root
+      bmcPassword: r00tme
+      ipAddresses:
+        oam-ipv4: 10.23.25.102
+        pxe-ipv4: 10.23.24.102
+      macAddresses:
+        oam: 52:54:00:9b:27:4c
+        pxe: 52:54:00:b6:ed:31
+    node02:
+      macAddress: 00:3b:8b:0c:ec:8b
+      bmcAddress: redfish+http://10.23.25.2:8000/redfish/v1/Systems/air-target-2
+      bmcUsername: username
+      bmcPassword: password
+      ipAddresses:
+        oam-ipv4: 10.23.25.101
+        pxe-ipv4: 10.23.24.101

manifests/site/test-site/shared/catalogues/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../type/airship-core/shared/catalogues
+  - hosts.yaml

manifests/type/airship-core/ephemeral/bootstrap/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../airshipctl/manifests/function/ephemeral

manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../../airshipctl/manifests/function/k8scontrol

manifests/type/airship-core/ephemeral/initinfra/kustomization.yaml

@@ -0,0 +1,5 @@
+resources:
+  - ../../shared/clusterctl
+  - ../../../../../../airshipctl/manifests/function/baremetal-operator/
+commonLabels:
+  airshipit.org/stage: initinfra

manifests/type/airship-core/shared/catalogues/common-networking.yaml

@@ -0,0 +1,39 @@
+# Type-level networking catalogue.  This info feeds the Templater
+# kustomize plugin config in the hostgenerator-m3 function.
+apiVersion: airshipit.org/v1alpha1
+kind: VariableCatalogue
+metadata:
+  name: common-networking-catalogue
+commonNetworking:
+  links:
+    - id: oam
+      name: enp0s3
+      type: phy
+      mtu: "1500"
+      # ethernet_mac_address: <from host-catalogue> (optional)
+    - id: pxe
+      name: enp0s4
+      type: phy
+      mtu: "1500"
+      # ethernet_mac_address: <from host-catalogue> (optional)
+  networks:
+    - id: oam-ipv4
+      type: ipv4
+      link: oam
+      # ip_address: <from host-catalogue>
+      netmask: 255.255.255.0
+      routes:
+        - network: 0.0.0.0
+          netmask: 0.0.0.0
+          gateway: 10.23.25.1
+    - id: pxe-ipv4
+      type: ipv4
+      link: pxe
+      # ip_address: <from host-catalogue>
+      netmask: 255.255.255.0
+  services:
+    - address: 8.8.8.8
+      type: dns
+    - address: 8.8.4.4
+      type: dns
+

manifests/type/airship-core/shared/catalogues/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - common-networking.yaml

manifests/type/airship-core/shared/clusterctl/clusterctl.yaml

@@ -0,0 +1,31 @@
+apiVersion: airshipit.org/v1alpha1
+kind: Clusterctl
+metadata:
+  labels:
+    airshipit.org/deploy-k8s: "false"
+  name: clusterctl-v1
+init-options:
+  core-provider: "cluster-api:v0.3.3"
+  bootstrap-providers:
+    - "kubeadm:v0.3.3"
+  infrastructure-providers:
+    - "metal3:v0.3.1"
+  control-plane-providers:
+    - "kubeadm:v0.3.3"
+providers:
+  - name: "metal3"
+    type: "InfrastructureProvider"
+    versions:
+      v0.3.1: ../airshipctl/manifests/function/capm3/v0.3.1
+  - name: "kubeadm"
+    type: "BootstrapProvider"
+    versions:
+      v0.3.3: ../airshipctl/manifests/function/cabpk/v0.3.3
+  - name: "cluster-api"
+    type: "CoreProvider"
+    versions:
+      v0.3.3: ../airshipctl/manifests/function/capi/v0.3.3
+  - name: "kubeadm"
+    type: "ControlPlaneProvider"
+    versions:
+      v0.3.3: ../airshipctl/manifests/function/cacpk/v0.3.3

manifests/type/airship-core/shared/clusterctl/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+  - clusterctl.yaml

tools/gate/install-kubeval.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-
-# Copyright 2019 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -xe
-
-INSTALL_PREFIX=$1
-INSTALL_PREFIX=${INSTALL_PREFIX:-'/tmp/kubeval'}
-KUBEVAL_URL=https://github.com/instrumenta/kubeval/releases/download
-KUBEVAL_VER=${KUBEVAL_VER:-'0.14.0'}
-URL="${KUBEVAL_URL}/${KUBEVAL_VER}/kubeval-linux-amd64.tar.gz"
-
-TMP=$(mktemp -d)
-pushd $TMP
-curl -fL $URL | tar -xz
-install -D -t ${INSTALL_PREFIX}/bin kubeval
-popd
-rm -rf $TMP

tools/gate/playbooks/deploy-kubeval.yaml

@@ -1,21 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-- hosts: all
-  tasks:
-    - name: Install KubeVal
-      shell: |
-        set -xe
-        ./tools/gate/install-kubeval.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes

tools/gate/playbooks/yaml-lint.yaml

@@ -1,23 +0,0 @@
-# Copyright 2019 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-- hosts: ubuntu-bionic
-  tasks:
-    - name: Lint site
-      shell: |
-        set -xe
-        ./tools/gate/run-lint.sh
-      args:
-        chdir: "{{ zuul.project.src_dir }}"
-      become: yes

tools/gate/run-lint.sh

@@ -1,38 +0,0 @@
-#!/bin/bash
-
-# Copyright 2019 AT&T Intellectual Property.  All other rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-set -xe
-
-ROOT=$1
-KUBEVAL_BIN=${KUBEVAL_BIN:-/tmp/kubeval/bin}
-PATH=${KUBEVAL_BIN}:$PATH
-
-EXCLUDE_DIRS=(
-    '*/\.git/*'
-    '*/kustomizeconfig/*'
-    '*/tools/*'
-)
-
-EXCLUDE_FILES=(
-    '.zuul.yaml'
-    'kustomization.yaml'
-)
-
-function join { local d=$1; shift; printf '%s' "${@/#/$d}"; }
-
-FILTER="$(join ' -not -path ' ${EXCLUDE_DIRS[*]})"
-FILTER="$FILTER $(join ' -not -name ' ${EXCLUDE_FILES[*]})"
-find $ROOT -type f \( -name "*\.yaml" $FILTER  \) | xargs -r kubeval