Dex (airship-core) Type - Treasure Map

This patchset provides the updates to the "airship-core" to add oidc
flags to the "KubeadmControlPlane" object
(airship-core/ephemeral/controlplane) as well as adding "dex-aio"
service as part of the workload part.

Change-Id: I3481b5ec82a97a187c0cf89e4bffb6d85b3e390c
This commit is contained in:
Sidney Shiba 2021-03-05 17:43:10 -06:00
parent 772b18afd9
commit e231c6774f
7 changed files with 142 additions and 0 deletions

View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../airshipctl/manifests/function/k8scontrol
- ../../../../function/dex-aio/api-server

View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../../../airshipctl/manifests/function/k8scontrol/replacements
- ../../../../../function/dex-aio/api-server/replacements

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- type-dex-catalogue.yaml
- ../../../../../function/dex-aio/dex

View File

@ -0,0 +1,10 @@
apiVersion: builtin
kind: PatchStrategicMergeTransformer
metadata:
name: dex-type-catalogue-cleanup
patches: |-
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-dex-catalogue
$patch: delete

View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- type-dex-replacements.yaml
- ../../../../../../function/dex-aio/dex/replacements
- dex-cleanup-catalogue.yaml

View File

@ -0,0 +1,75 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
name: type-cluster-controlplane-replacements
replacements:
# Dex VariableCatalogue Values override
- source:
objref:
name: type-dex-catalogue
fieldref: dex.site.name
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.site.name"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.endpoints.hostname
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.endpoints.hostname"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.oidc.client_id
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_id"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.oidc.client_secret
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.oidc.client_secret"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.service.type
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: [".dex.service.type"]
- source:
objref:
name: type-dex-catalogue
fieldref: dex.idp.connector.connectors
target:
objref:
kind: VariableCatalogue
name: dex-catalogue
fieldrefs: ["dex.idp.connector.connectors"]

View File

@ -0,0 +1,42 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
# by new cluster name in this file.
apiVersion: airshipit.org/v1alpha1
kind: VariableCatalogue
metadata:
name: type-dex-catalogue
labels:
airshipit.org/deploy-k8s: "false"
dex:
site:
name: Dex-Type
endpoints:
hostname: dex.type.local
oidc:
client_id: type-kubernetes
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
service:
type: LoadBalancer
kubeadm:
api-server:
extra-args:
oidc-issuer-url: https://dex.type.local:5556/dex
oidc-client-id: type-kubernetes
idp:
connector:
connectors:
- type: ldap
id: ldap
name: LDAP