From e231c6774f393265b638c06421c7e233f95511c8 Mon Sep 17 00:00:00 2001 From: Sidney Shiba Date: Fri, 5 Mar 2021 17:43:10 -0600 Subject: [PATCH] Dex (airship-core) Type - Treasure Map This patchset provides the updates to the "airship-core" to add oidc flags to the "KubeadmControlPlane" object (airship-core/ephemeral/controlplane) as well as adding "dex-aio" service as part of the workload part. Change-Id: I3481b5ec82a97a187c0cf89e4bffb6d85b3e390c --- .../ephemeral/controlplane/kustomization.yaml | 1 + .../replacements/kustomization.yaml | 1 + .../workload/dex-aio/kustomization.yaml | 6 ++ .../replacements/dex-cleanup-catalogue.yaml | 10 +++ .../dex-aio/replacements/kustomization.yaml | 7 ++ .../replacements/type-dex-replacements.yaml | 75 +++++++++++++++++++ .../workload/dex-aio/type-dex-catalogue.yaml | 42 +++++++++++ 7 files changed, 142 insertions(+) create mode 100644 manifests/type/airship-core/target/workload/dex-aio/kustomization.yaml create mode 100644 manifests/type/airship-core/target/workload/dex-aio/replacements/dex-cleanup-catalogue.yaml create mode 100644 manifests/type/airship-core/target/workload/dex-aio/replacements/kustomization.yaml create mode 100644 manifests/type/airship-core/target/workload/dex-aio/replacements/type-dex-replacements.yaml create mode 100644 manifests/type/airship-core/target/workload/dex-aio/type-dex-catalogue.yaml diff --git a/manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml b/manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml index f5f94e51f..513e7f423 100644 --- a/manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml +++ b/manifests/type/airship-core/ephemeral/controlplane/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../../../../../airshipctl/manifests/function/k8scontrol + - ../../../../function/dex-aio/api-server diff --git a/manifests/type/airship-core/ephemeral/controlplane/replacements/kustomization.yaml b/manifests/type/airship-core/ephemeral/controlplane/replacements/kustomization.yaml index 01c1fddc6..6b7c5f1e2 100644 --- a/manifests/type/airship-core/ephemeral/controlplane/replacements/kustomization.yaml +++ b/manifests/type/airship-core/ephemeral/controlplane/replacements/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../../../../../../airshipctl/manifests/function/k8scontrol/replacements + - ../../../../../function/dex-aio/api-server/replacements diff --git a/manifests/type/airship-core/target/workload/dex-aio/kustomization.yaml b/manifests/type/airship-core/target/workload/dex-aio/kustomization.yaml new file mode 100644 index 000000000..b06f2490d --- /dev/null +++ b/manifests/type/airship-core/target/workload/dex-aio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - type-dex-catalogue.yaml + - ../../../../../function/dex-aio/dex diff --git a/manifests/type/airship-core/target/workload/dex-aio/replacements/dex-cleanup-catalogue.yaml b/manifests/type/airship-core/target/workload/dex-aio/replacements/dex-cleanup-catalogue.yaml new file mode 100644 index 000000000..470a40117 --- /dev/null +++ b/manifests/type/airship-core/target/workload/dex-aio/replacements/dex-cleanup-catalogue.yaml @@ -0,0 +1,10 @@ +apiVersion: builtin +kind: PatchStrategicMergeTransformer +metadata: + name: dex-type-catalogue-cleanup +patches: |- + apiVersion: airshipit.org/v1alpha1 + kind: VariableCatalogue + metadata: + name: type-dex-catalogue + $patch: delete \ No newline at end of file diff --git a/manifests/type/airship-core/target/workload/dex-aio/replacements/kustomization.yaml b/manifests/type/airship-core/target/workload/dex-aio/replacements/kustomization.yaml new file mode 100644 index 000000000..6bacd23cf --- /dev/null +++ b/manifests/type/airship-core/target/workload/dex-aio/replacements/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - type-dex-replacements.yaml + - ../../../../../../function/dex-aio/dex/replacements + - dex-cleanup-catalogue.yaml diff --git a/manifests/type/airship-core/target/workload/dex-aio/replacements/type-dex-replacements.yaml b/manifests/type/airship-core/target/workload/dex-aio/replacements/type-dex-replacements.yaml new file mode 100644 index 000000000..e49bc1238 --- /dev/null +++ b/manifests/type/airship-core/target/workload/dex-aio/replacements/type-dex-replacements.yaml @@ -0,0 +1,75 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:latest + name: type-cluster-controlplane-replacements +replacements: +# Dex VariableCatalogue Values override + - source: + objref: + name: type-dex-catalogue + fieldref: dex.site.name + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: [".dex.site.name"] + - source: + objref: + name: type-dex-catalogue + fieldref: dex.endpoints.hostname + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: [".dex.endpoints.hostname"] + - source: + objref: + name: type-dex-catalogue + fieldref: dex.oidc.client_id + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: [".dex.oidc.client_id"] + - source: + objref: + name: type-dex-catalogue + fieldref: dex.oidc.client_secret + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: [".dex.oidc.client_secret"] + - source: + objref: + name: type-dex-catalogue + fieldref: dex.service.type + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: [".dex.service.type"] + - source: + objref: + name: type-dex-catalogue + fieldref: dex.idp.connector.connectors + target: + objref: + kind: VariableCatalogue + name: dex-catalogue + fieldrefs: ["dex.idp.connector.connectors"] diff --git a/manifests/type/airship-core/target/workload/dex-aio/type-dex-catalogue.yaml b/manifests/type/airship-core/target/workload/dex-aio/type-dex-catalogue.yaml new file mode 100644 index 000000000..eef80bd85 --- /dev/null +++ b/manifests/type/airship-core/target/workload/dex-aio/type-dex-catalogue.yaml @@ -0,0 +1,42 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster" +# by new cluster name in this file. + +apiVersion: airshipit.org/v1alpha1 +kind: VariableCatalogue +metadata: + name: type-dex-catalogue + labels: + airshipit.org/deploy-k8s: "false" +dex: + site: + name: Dex-Type + endpoints: + hostname: dex.type.local + oidc: + client_id: type-kubernetes + client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok + service: + type: LoadBalancer + kubeadm: + api-server: + extra-args: + oidc-issuer-url: https://dex.type.local:5556/dex + oidc-client-id: type-kubernetes + idp: + connector: + connectors: + - type: ldap + id: ldap + name: LDAP