Merge "Update sub-cluster machine image replacements"

2021-06-28 23:29:29 +00:00 · 2021-06-28 23:29:29 +00:00 · e3ffca5402
parent a6c9021c5e f2959ec508
commit e3ffca5402
25 changed files with 308 additions and 50 deletions
--- a/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
+++ b/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
@ -10,6 +10,9 @@ spec:
      subcluster_controlplane_image:
        url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img
        checksum: 4a6909d1480ac30d676accd7b37ec711
+      subcluster_dataplane_image:
+        url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img
+        checksum: 4a6909d1480ac30d676accd7b37ec711

  helm_repositories:
    elastic:
--- a/manifests/site/reference-multi-tenant/sub-clusters/lma/catalogues/kustomization.yaml
+++ b/manifests/site/reference-multi-tenant/sub-clusters/lma/catalogues/kustomization.yaml
@ -5,7 +5,10 @@ resources:
  # It also pulls in undercloud-specific values, which will be replaced below
  - ../../../target/catalogues/

+patchesStrategicMerge:
+  - patches/versions-treasuremap.yaml
+
 transformers:
  # This replaces lma-specific network data from the lma stanza
  # of the subcluster-networking catalogue into the standard networking catalogue
-  - ../../../../../type/multi-tenant/sub-clusters/lma/catalogue-replacements
+  - ../../../../../type/multi-tenant/sub-clusters/lma/catalogue-replacements
--- a/manifests/site/reference-multi-tenant/sub-clusters/lma/catalogues/patches/versions-treasuremap.yaml
+++ b/manifests/site/reference-multi-tenant/sub-clusters/lma/catalogues/patches/versions-treasuremap.yaml
@ -0,0 +1,13 @@
+apiVersion: airshipit.org/v1alpha1
+kind: VersionsCatalogue
+metadata:
+  name: versions-treasuremap
+spec:
+  files:
+    k8scontrol:
+      subcluster_controlplane_image:
+        url: http://172.63.0.12:80/images/control-plane.qcow2
+        checksum: http://172.63.0.12:80/images/control-plane.qcow2.md5sum
+      subcluster_dataplane_image:
+        url: http://172.63.0.12:80/images/data-plane.qcow2
+        checksum: http://172.63.0.12:80/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/catalogues/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/catalogues/kustomization.yaml
@ -5,7 +5,10 @@ resources:
  # It also pulls in undercloud-specific values, which will be replaced below
  - ../../../target/catalogues/

+patchesStrategicMerge:
+  - patches/versions-treasuremap.yaml
+
 transformers:
  # This replaces lma-specific network data from the lma stanza
  # of the subcluster-networking catalogue into the standard networking catalogue
-  - ../../../../../type/multi-tenant/sub-clusters/lma/catalogue-replacements
+  - ../../../../../type/multi-tenant/sub-clusters/lma/catalogue-replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/catalogues/patches/versions-treasuremap.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/catalogues/patches/versions-treasuremap.yaml
@ -0,0 +1,13 @@
+apiVersion: airshipit.org/v1alpha1
+kind: VersionsCatalogue
+metadata:
+  name: versions-treasuremap
+spec:
+  files:
+    k8scontrol:
+      subcluster_controlplane_image:
+        url: http://10.23.24.1:8099/images/control-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/control-plane.qcow2.md5sum
+      subcluster_dataplane_image:
+        url: http://10.23.24.1:8099/images/data-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml
@ -1,7 +1,6 @@
 resources:
  - ../../../../../type/multi-tenant/sub-clusters/lma/workers
  - ../catalogues
-  - metal3machinetemplate.yaml

 transformers:
  - ../../../../../type/multi-tenant/sub-clusters/lma/workers/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml
@ -1,10 +0,0 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
-kind: Metal3MachineTemplate
-metadata:
-  name: worker-1
-spec:
-  template:
-    spec:
-      image:
-        url: http://10.23.24.102:80/images/data-plane.qcow2
-        checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/catalogues/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/catalogues/kustomization.yaml
@ -5,7 +5,10 @@ resources:
  # It also pulls in undercloud-specific values, which will be replaced below
  - ../../../target/catalogues/

+patchesStrategicMerge:
+  - patches/versions-treasuremap.yaml
+
 transformers:
  # This replaces wordpress-specific network data from the wordpress stanza
  # of the subcluster-networking catalogue into the standard networking catalogue
-  - ../../../../../type/multi-tenant/sub-clusters/wordpress/catalogue-replacements
+  - ../../../../../type/multi-tenant/sub-clusters/wordpress/catalogue-replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/catalogues/patches/versions-treasuremap.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/catalogues/patches/versions-treasuremap.yaml
@ -0,0 +1,13 @@
+apiVersion: airshipit.org/v1alpha1
+kind: VersionsCatalogue
+metadata:
+  name: versions-treasuremap
+spec:
+  files:
+    k8scontrol:
+      subcluster_controlplane_image:
+        url: http://10.23.24.1:8099/images/control-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/control-plane.qcow2.md5sum
+      subcluster_dataplane_image:
+        url: http://10.23.24.1:8099/images/data-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/kustomization.yaml
@ -1,7 +1,6 @@
 resources:
  - ../../../../../type/multi-tenant/sub-clusters/wordpress/workers
  - ../../../target/catalogues
-  - metal3machinetemplate.yaml

 transformers:
  - ../../../../../type/multi-tenant/sub-clusters/wordpress/workers/replacements
--- a/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml
+++ b/manifests/site/virtual-network-cloud/sub-clusters/wordpress/workers/metal3machinetemplate.yaml
@ -1,10 +0,0 @@
-apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3
-kind: Metal3MachineTemplate
-metadata:
-  name: worker-1
-spec:
-  template:
-    spec:
-      image:
-        url: http://10.23.24.102:80/images/data-plane.qcow2
-        checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/target/catalogues/kustomization.yaml
@ -7,6 +7,6 @@ resources:
  - ../encrypted/results

 patchesStrategicMerge:
-  - versions-airshipctl.yaml
-  - versions-treasuremap.yaml
+  - patches/versions-airshipctl.yaml
+  - patches/versions-treasuremap.yaml
  - networking.yaml
--- a/manifests/site/virtual-network-cloud/target/catalogues/patches/versions-airshipctl.yaml
+++ b/manifests/site/virtual-network-cloud/target/catalogues/patches/versions-airshipctl.yaml
--- a/manifests/site/virtual-network-cloud/target/catalogues/patches/versions-treasuremap.yaml
+++ b/manifests/site/virtual-network-cloud/target/catalogues/patches/versions-treasuremap.yaml
@ -0,0 +1,13 @@
+apiVersion: airshipit.org/v1alpha1
+kind: VersionsCatalogue
+metadata:
+  name: versions-treasuremap
+spec:
+  files:
+    k8scontrol:
+      subcluster_controlplane_image:
+        url: http://10.23.24.1:8099/images/control-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/control-plane.qcow2.md5sum
+      subcluster_dataplane_image:
+        url: http://10.23.24.1:8099/images/data-plane.qcow2
+        checksum: http://10.23.24.1:8099/images/data-plane.qcow2.md5sum
--- a/manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml
+++ b/manifests/site/virtual-network-cloud/target/catalogues/versions-treasuremap.yaml
@ -1,11 +0,0 @@
-apiVersion: airshipit.org/v1alpha1
-kind: VersionsCatalogue
-metadata:
-  name: versions-treasuremap
-spec:
-  files:
-    k8scontrol:
-      # Use locally generated images
-      subcluster_controlplane_image:
-        url: http://10.23.24.1:8099/target-image.qcow2
-        checksum: http://10.23.24.1:8099/target-image.qcow2.md5sum
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/kustomization.yaml
@ -1,10 +1,6 @@
 resources:
  - ../../../../sub-cluster/workers

-patchesJson6902:
- target:
-    group: infrastructure.cluster.x-k8s.io
-    version: v1alpha3
-    kind: Metal3MachineTemplate
-    name: worker-1
-  path: patches/metal3machinetemplate.yaml
+patchesStrategicMerge:
+  - patches/machinedeployment.yaml
+  - patches/metal3machinetemplate.yaml
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/workers/patches/machinedeployment.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/workers/patches/machinedeployment.yaml
@ -0,0 +1,18 @@
+apiVersion: cluster.x-k8s.io/v1alpha3
+kind: MachineDeployment
+metadata:
+  name: worker-1
+  labels:
+    cluster.x-k8s.io/cluster-name: target-cluster
+spec:
+  clusterName: wordpress
+  replicas: 1
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: wordpress
+  template:
+    metadata:
+      labels:
+        cluster.x-k8s.io/cluster-name: wordpress
+    spec:
+      clusterName: wordpress
--- a/manifests/type/sub-cluster/controlplane/replacements/cluster.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/cluster.yaml
@ -0,0 +1,19 @@
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-cluster-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.targetClusterCa}"
+  target:
+    objref:
+      kind: Secret
+      name: target-cluster-ca
+    fieldrefs: ["{.data}"]
--- a/manifests/type/sub-cluster/controlplane/replacements/generated-secrets.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/generated-secrets.yaml
@ -0,0 +1,20 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-generated-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      name: generated-secrets
+    fieldref: "{.sshKeys.publicKey}"
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs:
+      - "spec.kubeadmConfigSpec.users[name=deployer].sshAuthorizedKeys[0]%REPLACE_HOST_SSH_KEY%"
--- a/manifests/type/sub-cluster/controlplane/replacements/k8s-control-env-vars.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/k8s-control-env-vars.yaml
@ -0,0 +1,44 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-env-vars-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+# Replace the proxy vars
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTP_PROXY
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs:
+      - "spec.kubeadmConfigSpec.preKubeadmCommands%REPLACEMENT_HTTP_PROXY%"
+      - "{.spec.kubeadmConfigSpec.files[:].content}%REPLACEMENT_HTTP_PROXY%"
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTPS_PROXY
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs:
+      - "spec.kubeadmConfigSpec.preKubeadmCommands%REPLACEMENT_HTTPS_PROXY%"
+      - "{.spec.kubeadmConfigSpec.files[:].content}%REPLACEMENT_HTTPS_PROXY%"
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.NO_PROXY
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs:
+      - "spec.kubeadmConfigSpec.preKubeadmCommands%REPLACEMENT_NO_PROXY%"
+      - "{.spec.kubeadmConfigSpec.files[:].content}%REPLACEMENT_NO_PROXY%"
--- a/manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/kustomization.yaml
@ -1,4 +1,9 @@
+# Redefine airshipctl function/k8s-control replacement rules for sub-clusters
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ../../../../function/k8scontrol-ha/replacements
+  - versions.yaml
+  - k8s-control-env-vars.yaml
+  - generated-secrets.yaml
+  - networking.yaml
+  - cluster.yaml
--- a/manifests/type/sub-cluster/controlplane/replacements/networking.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/networking.yaml
@ -0,0 +1,92 @@
+# These rules inject networking info into the k8scontrol function.
+# Note! They are applied to Cluster object(s) regardless of name, so
+# that they can be defined/used generically.  If more than one Cluster
+# needs to be submitted to a management cluster, these tranformation
+# rules should be applied to each Cluster in isolation, and then
+# the results "mixed together" via kustomize.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-networking-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+# Replace the pod & service networks
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.kubernetes.serviceCidr
+  target:
+    objref:
+      kind: Cluster
+    fieldrefs: ["spec.clusterNetwork.services.cidrBlocks.0"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.kubernetes.podCidr
+  target:
+    objref:
+      kind: Cluster
+    fieldrefs: ["spec.clusterNetwork.pods.cidrBlocks.0"]
+
+# Replace the k8s controlplane host endpoint
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.kubernetes.controlPlaneEndpoint
+  target:
+    objref:
+      kind: Metal3Cluster
+    fieldrefs: ["spec.controlPlaneEndpoint"]
+
+# Replace the k8s controlplane NTP servers
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.ntp"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[0]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER1%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[1]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER2%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[2]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER3%"]
+- source:
+    objref:
+      kind: NetworkCatalogue
+      name: networking
+    fieldref: spec.ntp.servers[3]
+  target:
+    objref:
+      kind: KubeadmControlPlane
+    fieldrefs: ["spec.kubeadmConfigSpec.files[*].content%REPLACEMENT_NTP_SERVER4%"]
--- a/manifests/type/sub-cluster/controlplane/replacements/versions.yaml
+++ b/manifests/type/sub-cluster/controlplane/replacements/versions.yaml
@ -0,0 +1,32 @@
+# These rules inject versioned artifacts into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: k8scontrol-versions-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+# Replace the Kubernetes version in the KubeadmControlPlane
+- source:
+    objref:
+      kind: VersionsCatalogue
+      name: versions-airshipctl
+    fieldref: "{.spec.kubernetes}"
+  target:
+    objref:
+      kind: KubeadmControlPlane
+      name: cluster-controlplane
+    fieldrefs: ["{.spec.version}"]
+# Replace the controlplane disk image in the Metal3MachineTemplate
+- source:
+    objref:
+      kind: VersionsCatalogue
+      name: versions-treasuremap
+    fieldref: "{.spec.files.k8scontrol.subcluster_controlplane_image}"
+  target:
+    objref:
+      kind: Metal3MachineTemplate
+      name: cluster-controlplane
+    fieldrefs: ["{.spec.template.spec.image}"]
--- a/manifests/type/sub-cluster/workers/metal3machinetemplate.yaml
+++ b/manifests/type/sub-cluster/workers/metal3machinetemplate.yaml
@ -5,9 +5,10 @@ metadata:
 spec:
  template:
    spec:
-      image:
-        url: http://10.23.24.102:80/images/data-plane.qcow2
-        checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum
+      # Replaced from Versions catalogue
+      # image:
+      #   url: https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img
+      #   checksum: 4a6909d1480ac30d676accd7b37ec711
      hostSelector:
        matchLabels:
          sip.airshipit.org/node-type: Worker
--- a/manifests/type/sub-cluster/workers/replacements/versions.yaml
+++ b/manifests/type/sub-cluster/workers/replacements/versions.yaml
@ -12,7 +12,7 @@ replacements:
    objref:
      kind: VersionsCatalogue
      name: versions-treasuremap
-    fieldref: "{.spec.files.k8scontrol.subcluster_controlplane_image}"
+    fieldref: "{.spec.files.k8scontrol.subcluster_dataplane_image}"
  target:
    objref:
      kind: Metal3MachineTemplate