airship
/
treasuremap
Code Issues Proposed changes
treasuremap/manifests/site/dex-test-site/README.md

4.6 KiB
Raw Blame History

Deploy Dex on Target Cluster (Azure cloud)

This test site provides the manifests to customize and deploy a target cluster on Azure named dex-target-cluster as well as Dex service.

Dex-AIO Function

The dex-aio function provides the manifests to deploy Dex through a Helm Operator, and pulling correspoding charts from a Helm Collator. This function relies on charts being available in the Target cluster through the Helm Collator service (aka, Helm repository).

NOTE: Refer to the functions for the Helm operator and Helm (Chart) Collator in the airshipit/airshipctl project.

Dex Test Site

The dex-test-site provides the manifests to deploy a Target cluster on Azure cloud, and workload manifests for the Helm operator, Helm Chart Collator (a.k.a., Helm repository based on ChartMuseum), and Dex.

See dex-test-site directory structure below:

dex-test-site/
├── config
│   └── variable-catalogue.yaml
├── ephemeral
│   └── controlplane
├── metadata.yaml
├── phases
└── target
    ├── initinfra
    ├── workers
    └── workload
        ├── dex-helm-release
        ├── helm-chart-collator
        └── helm-operator

This test site relies on the Replacement transformer and Kustomize patches to customize it. All customizable values can be found at *config/variable-catalogue.yaml" file.

Deploying the Target Cluster

The manifests for deploying the Target cluster through airshipctl phase run are located in the following tree structure:

dex-test-site/
├── ephemeral
│   └── controlplane
└── target
    ├── initinfra
    └── workers

The sequence for deploying the Target cluster is provided below:

  1. Initialize Airship config file: invokde tools/deployment/22_test_configs.sh
  2. Create ephemeral cluster: invoke script ../airshipctl/tools/document/start_kind.sh
  3. Initialize Ephemeral cluster with CAPI/CAPZ components: invoke script tools/deployment/phases/phase-clusterctl-init-ephemeral-script.sh
  4. Deploy Target control plane node(s): invoke script tools/deployment/phases/phase-controlplane-ephemeral-script.sh
  5. Deploy Calico CNI: invoke script tools/deployment/phases/phase-initinfra-target-script.sh
  6. Initialize Target cluster with CAPI/CAPZ components: invoke script tools/deployment/phases/phase-clusterctl-init-target-script.sh
  7. Move CAPI resources to Target cluster: tools/deployment/phases/phase-clusterctl-move-script.sh
  8. Deploy Target worker node(s): tools/deployment/phases/phase-workers-target-script.sh

NOTE: The phase clusterctl-init-ephemeral provides the OIDC flags for the Target cluster's API Server, which is required for integrating with Dex service.

Workload Phases

Three phases have been implemented for testing the deployment of Dex.

dex-test-site/
└── phases
    └── phases.yaml
        ├── dex-helm-release
        ├── helm-chart-collator
        └── helm-operator
  • helm-operator: Used to deploy flux/helm-controller (aka, Helm operator) and corresponding services.
  • helm-chart-collator: Used to deploy a Helm repository based on ChartMuseum, which contains Dex Helm charts.
  • dex-helm-release: Used to deploy Dex through the Helm operator.

Deploying the Workload Services

The manifests for deploying the workload services are located under target/workload directory:

dex-test-site/
└── target
    └── workload
        ├── dex-helm-release
        ├── helm-chart-collator
        └── helm-operator

In order to test and validate Dex deployment, you need to first deploy the Helm operator (manifest/composite/flux-helm) from airshipctl project, as well as the Helm Chart Collator (manifest/function/helm-chart-collator) from the same project. These two services are referenced by the kustomization file in target/workload/helm-operator and target/workload/helm-chart-collator, respectively.

The kustomization file for deploying Dex service is located in target/workload/dex-helm-release folder.

New phases have been implemented to deploy the Helm operator, Helm repository and Dex. The corresponding phase manifest can be found in phases/phases.yaml.

  1. Deploy Helm operator service: invoke script tools/deployment/phases/phase-helm-operator-target-script.sh
  2. Deploy Helm Chart Collator service: invoke script tools/deployment/phases/phase-helm-collator-target-script.sh
  3. Deploy Dex service: invoke script tools/deployment/phases/phase-dex-release-target-script.sh