diff --git a/manifests/function/k8scontrol/cluster.yaml b/manifests/function/k8scontrol/cluster.yaml index be34d6888..16af8a097 100644 --- a/manifests/function/k8scontrol/cluster.yaml +++ b/manifests/function/k8scontrol/cluster.yaml @@ -1,4 +1,13 @@ --- +apiVersion: v1 +kind: Secret +metadata: + name: target-cluster-ca +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUNwc09vRXhyRzdnRTVMOVJSamdnT01UOG53d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09TM1ZpWlhKdVpYUmxjeUJCVUVrd0hoY05NakF3T1RFMU1ERXdORE0zV2hjTgpNekF3T1RFek1ERXdORE0zV2pBWk1SY3dGUVlEVlFRRERBNUxkV0psY201bGRHVnpJRUZRU1RDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtBZFo0UWJHZmlLTExpTXNHcFJKS3d5ZkRGWVI5U0MKbGtVb3hlTU1BZVBkeVNNU0paTTlFMFBOaDM5TUtTVjNSZDRIZWt1eGdHK3J4em83WmcrZU1aY1hyNFk3ektQMwo1SW0vaERkMm1TYThsMEkxZTRwV3B0Z25vZjdvRWJpSXVIU2YxQmRhMU4wWm1EUUdtckxyQnFOZFE3c1BVenNWCllPejZVUFZlamNIeEFjMXBvMWZsQXYrWVNZejVXa28wRVRnTXZYRGtxT0hrWFc1WnhPcHBVbiszOVpvWTZMK3gKVmUwUHFQdHlmSVZ1M3dtcnZFNGd4SmxtWEk3dUxmdzZONHpwS2RuK0k0K1RJRWF5aE1EMWRRenNwQzRMM0IrcApYcHFPMWNWM2ZKMlBycS9mNU14SnIxWTVHUTZlQlZyTGVod1ZWTEhEMzF3ZWFpZ3UzeStyM3RVQ0F3RUFBYU9CCmt6Q0JrREFkQmdOVkhRNEVGZ1FVT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRvd1ZBWURWUjBqQkUwd1M0QVUKT1d5YTNFd2J5c25UUy9ZajFWTEtjMGh4aDRxaEhhUWJNQmt4RnpBVkJnTlZCQU1NRGt0MVltVnlibVYwWlhNZwpRVkJKZ2hRd0ttdzZnVEdzYnVBVGt2MUZHT0NBNHhQeWZEQU1CZ05WSFJNRUJUQURBUUgvTUFzR0ExVWREd1FFCkF3SUJCakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBTVp1U2tJbTdQdlA4MW5HSjlYOVZFOFVZTVdDSU5GMEEKYit1UURFaHRGc0dxdnZFZHhQcURUWUpwdlF1SUJlOVd0cmlWRzh0MENIL1NnZ0g2TlJod0wyYkJwMm5WaEFVVwphK3hZL1RpTmMzUEl5RHNFeEY3VHVENGJzaW1BQUJTZ2ZtbXRxV1dqajRyOStodS9vZ09jLzQyYk9JT0JWbHNkCi9VNzBiR3dZQjU5QXgvL2dIWVJmVDl3L3p0VHBvY2tzdEhhSjZsVDd5SFlqYUkzaU5EWnZNSnFRSWNxME4vTEMKcVBjWjBWQXBMUTZRUHRpMWpVSzBGM1VlZEF6TVc3ZFF4NkV3Qjd5UHo4NWdZS3ZJdWdyaStrc2YwbGMyeHVDRwpXTGg2YjFNWk9Cc1NZNkppVHpSUUpYdXNCRUdaTGN5VkRJSEU3Y0Q4NWhOQmZpdDAvejFmZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2dIV2VFR3huNGlpeTQKakxCcVVTU3NNbnd4V0VmVWdwWkZLTVhqREFIajNja2pFaVdUUFJORHpZZC9UQ2tsZDBYZUIzcExzWUJ2cThjNgpPMllQbmpHWEY2K0dPOHlqOStTSnY0UTNkcGttdkpkQ05YdUtWcWJZSjZIKzZCRzRpTGgwbjlRWFd0VGRHWmcwCkJwcXk2d2FqWFVPN0QxTTdGV0RzK2xEMVhvM0I4UUhOYWFOWDVRTC9tRW1NK1ZwS05CRTRETDF3NUtqaDVGMXUKV2NUcWFWSi90L1dhR09pL3NWWHRENmo3Y255RmJ0OEpxN3hPSU1TWlpseU83aTM4T2plTTZTblovaU9Qa3lCRwpzb1RBOVhVTTdLUXVDOXdmcVY2YWp0WEZkM3lkajY2djMrVE1TYTlXT1JrT25nVmF5M29jRlZTeHc5OWNIbW9vCkx0OHZxOTdWQWdNQkFBRUNnZ0VBWjNRNFUySlRlSVNHK3NOa3BYMUNiY1M4L0FFbmdFYlVJMkdCNHY3NkphcEMKOE5jajBpdnZTNnI3OXFOV0hyQWZRNk9mUUZNelFuUkNhUHpDS0NzMXJZT1BWUE5FZVZtTm4vZFB6YXBpc0dYQQpjZll1bWFiOWJNTEc1L1k0cFB3cCtxamVtQ3lIUjBqblVBNUlYSHlCTUlMdFpXczBnd09BT2Y1TzJ3dTZHbW5CCnlDbk5FaFFjbmZUdnN0MVBINUlTeEZ0TjFtODlnQ2orNEhsdHkybUdOdUNEczZ2QnZyWmEyeEJRZUtTcTl1eXEKY1dsdDkrRzI2ZmZFRmw0UEwwWit2Y0wrVDZLd0I4NFl2ampUd25pNEMzb1BmV3lZeEpkSjF0U3NFK1lSM3NIOApEdmlobmMwak00c0Fxb3hrMk5UV2kvNHpUUkppdytRcGhyRnNJWFNvUVFLQmdRRFNRaU44djFEUFk4VzdJUkFXClp6MTN5SWdrRTJHZXUzc2tFMkhweDN6ZFdMZWdmazF6SW42eUtpN0RzVTZhV2xjQURpMm5mU3BVSCtZQ2M0dVkKcmlnZ0xFMG9iZHJLVEFGdm1YYjA1WFRhR3FtcFE4TGxiWmxMTXVycXp0aG5BWmN3M2NySmxMb25kNkZISW9icAp3QU50K2p5a3pTaGs1T3MwSi9XajZiL3prUUtCZ1FEQzhxTkdndWVIbGw5QVNKeHJmM2hTeGJXWFhhTnJqMTJGCkEwNHlnNTFkbHg1QksweUVsZ3VZQ3RtZW5mZWgySWw5U1E3Yng4Z0Z5OWdWeDI5d1Z4eFp2b0xMaU16WU16RGMKWU5UTW9ETEtITjA3dHZ6ZDVza3piWFA3cFUwc25SMDV2RkJ2SHZtTHhWVlkvVHd6ZTdpZDVlNGtISTRWRmUxWQpnUDBYV0ZITkJRS0JnQTRXWGxoU1hUQzRCNXlGRjVYWXJ2YWltZlNJMCthVnV5ZHNvUWZQMU43anZkSGtCSDV0ClZqM0xzN3hxMmRCZnN5cU95S0pMTVpYWFdVcmF3UVNtem90eFRHNGtCaCs5dmU3alFtUWdKNWNoYURLdUZwWFcKcFFtenpLZVUya3owZjFQSDJIbHZISlhlWHhEc0VFd0RFSGZDNTJOSFY2aUM2ZnRobmdTd2VhcnhBb0dBRVd0Ywo2NUFHNERhdmpDN3d5eW80dGl5MGJUSVF5Q3VuVDV0Y0FXZUJTRHVZbUhvbC9ETHNGa25oNkNwMVZpRGpLQzYvCkJTUjAydys3M3paUzN0YnAwWnNVVk51RWNrMGdzSkIyYzFKZE4zSWMwcGtuUHl6QURiaGFCTUpnZ3Z3SEFJR3oKTGpxMlVhYndXV05IWGRKUVRNdWUyOXN4VnZEK3BFbmlVNU93dTRFQ2dZQmptRkRMZEZuT0VtOGlOZEFNVFM0SQpXM0VnckgvQVhsZ0dIOTVJVElKZCtuTmM3QUJQcktYUGEzTTlPRytCTUlpVlJZZ2JMVitXWU1hbHUvZWFJeWFXClR3TGpxaW5nak8rQXhKWFJkT1M3NGpOamFSWGtmM0RWQ1F3WUd0T0xqdE1qRVhmTWdORnViQXZ4TFVOUmZFblIKa09nR0pWQkgwSyttcVVaNVFiVWUwZz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +--- apiVersion: cluster.x-k8s.io/v1alpha3 kind: Cluster metadata: diff --git a/tools/deployment/22_test_configs.sh b/tools/deployment/22_test_configs.sh index 263ffbd2f..e503bf67a 100755 --- a/tools/deployment/22_test_configs.sh +++ b/tools/deployment/22_test_configs.sh @@ -37,10 +37,14 @@ export AIRSHIP_CONFIG_PRIMARY_REPO_BRANCH=${BRANCH:-"master"} export AIRSHIP_CONFIG_PRIMARY_REPO_URL=${REPO:-"https://review.opendev.org/airship/airshipctl"} export AIRSHIP_SITE_NAME=${AIRSHIP_SITE_NAME:-"manifests/site/test-site"} export AIRSHIP_CONFIG_MANIFEST_DIRECTORY=${AIRSHIP_CONFIG_MANIFEST_DIRECTORY:-"/tmp/airship"} -export AIRSHIP_CONFIG_CA_DATA=$(cat tools/deployment/certificates/airship_config_ca_data| base64 -w0) -export AIRSHIP_CONFIG_EPHEMERAL_IP=${IP_Ephemeral:-"10.23.25.101"} -export AIRSHIP_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/airship_config_client_cert_data| base64 -w0) -export AIRSHIP_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/airship_config_client_key_data| base64 -w0) +export EPHEMERAL_CONFIG_CA_DATA=$(cat tools/deployment/certificates/ephemeral_config_ca_data| base64 -w0) +export EPHEMERAL_IP=${EPHEMERAL_IP:-"10.23.25.101"} +export EPHEMERAL_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/ephemeral_config_client_cert_data| base64 -w0) +export EPHEMERAL_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/ephemeral_config_client_key_data| base64 -w0) +export TARGET_IP=${TARGET_IP:-"10.23.25.102"} +export TARGET_CONFIG_CA_DATA=$(cat tools/deployment/certificates/target_config_ca_data| base64 -w0) +export TARGET_CONFIG_CLIENT_CERT_DATA=$(cat tools/deployment/certificates/target_config_client_cert_data| base64 -w0) +export TARGET_CONFIG_CLIENT_KEY_DATA=$(cat tools/deployment/certificates/target_config_client_key_data| base64 -w0) # Remove the contents of the .airship folder, preserving the kustomize plugin directory rm -rf $HOME/.airship/*config* diff --git a/tools/deployment/25_deploy_ephemeral_node.sh b/tools/deployment/25_deploy_ephemeral_node.sh index 5fb66f5bf..1e11cff21 100755 --- a/tools/deployment/25_deploy_ephemeral_node.sh +++ b/tools/deployment/25_deploy_ephemeral_node.sh @@ -17,6 +17,7 @@ set -xe #Default wait timeout is 3600 seconds export TIMEOUT=${TIMEOUT:-3600} export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_EPHEMERAL_CONTEXT=${KUBECONFIG_EPHEMERAL_CONTEXT:-"ephemeral-context"} echo "Deploy ephemeral node using redfish with iso" airshipctl baremetal remotedirect --debug @@ -27,7 +28,7 @@ MAX_RETRY=30 DELAY=60 until [ "$N" -ge ${MAX_RETRY} ] do - if timeout 20 kubectl --kubeconfig $KUBECONFIG get node; then + if timeout 20 kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT get node; then break fi @@ -42,4 +43,4 @@ if [ "$N" -ge ${MAX_RETRY} ]; then fi echo "List all pods" -kubectl --kubeconfig $KUBECONFIG get pods --all-namespaces +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT get pods --all-namespaces diff --git a/tools/deployment/26_deploy_metal3_capi_ephemeral_node.sh b/tools/deployment/26_deploy_metal3_capi_ephemeral_node.sh index 32f7e681d..2dc665be4 100755 --- a/tools/deployment/26_deploy_metal3_capi_ephemeral_node.sh +++ b/tools/deployment/26_deploy_metal3_capi_ephemeral_node.sh @@ -16,16 +16,17 @@ set -xe export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} export WAIT_TIMEOUT=${WAIT_TIMEOUT:-"2000s"} +export KUBECONFIG_EPHEMERAL_CONTEXT=${KUBECONFIG_EPHEMERAL_CONTEXT:-"ephemeral-context"} echo "Deploy metal3.io components to ephemeral node" airshipctl phase apply initinfra --wait-timeout $WAIT_TIMEOUT --debug echo "Getting metal3 pods as debug information" -kubectl --kubeconfig $KUBECONFIG --namespace metal3 get pods +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT --namespace metal3 get pods echo "Deploy cluster components to ephemeral node" airshipctl cluster init --debug echo "Waiting for clusterapi pods to come up" -kubectl --kubeconfig $KUBECONFIG wait --for=condition=available deploy --all --timeout=1000s -A -kubectl --kubeconfig $KUBECONFIG get pods --all-namespaces +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT wait --for=condition=available deploy --all --timeout=1000s -A +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT get pods --all-namespaces diff --git a/tools/deployment/30_deploy_controlplane.sh b/tools/deployment/30_deploy_controlplane.sh index b3961fad3..66e4280c6 100755 --- a/tools/deployment/30_deploy_controlplane.sh +++ b/tools/deployment/30_deploy_controlplane.sh @@ -18,6 +18,8 @@ TARGET_IMAGE_DIR="/srv/iso" EPHEMERAL_DOMAIN_NAME="air-ephemeral" TARGET_IMAGE_URL="https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img" export WAIT_TIMEOUT=${WAIT_TIMEOUT:-"2000s"} +export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-context"} # TODO (dukov) this is needed due to sushy tools inserts cdrom image to # all vms. This can be removed once sushy tool is fixed @@ -49,35 +51,9 @@ md5sum /srv/iso/target-image.qcow2 | cut -d ' ' -f 1 > ${TARGET_IMAGE_DIR}/targe echo "Create target k8s cluster resources" airshipctl phase apply controlplane --wait-timeout $WAIT_TIMEOUT --debug -echo "Get kubeconfig from secret" -KUBECONFIG="" -N=0 -MAX_RETRY=6 -DELAY=10 -until [ "$N" -ge ${MAX_RETRY} ] -do - KUBECONFIG=$(kubectl --request-timeout 10s --kubeconfig ${HOME}/.airship/kubeconfig \ - get secret target-cluster-kubeconfig -o jsonpath='{.data.value}' || true) - - if [[ ! -z "$KUBECONFIG" ]]; then - break - fi - - N=$((N+1)) - echo "$N: Retry to get kubeconfig from secret." - sleep ${DELAY} -done - -if [[ -z "$KUBECONFIG" ]]; then - echo "Could not get kubeconfig from sceret." - exit 1 -fi - -echo "Create kubeconfig" -echo ${KUBECONFIG} | base64 -d > /tmp/targetkubeconfig - -echo "Import target kubeconfig" -airshipctl config import /tmp/targetkubeconfig +echo "Switch context to target cluster and set manifest" +airshipctl config use-context target-context +airshipctl config set-context target-context --manifest dummy_manifest echo "Wait for apiserver to become available" N=0 @@ -85,7 +61,7 @@ MAX_RETRY=30 DELAY=60 until [ "$N" -ge ${MAX_RETRY} ] do - if timeout 20 kubectl --kubeconfig /tmp/targetkubeconfig get node; then + if timeout 20 kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get node; then break fi @@ -100,7 +76,4 @@ if [ "$N" -ge ${MAX_RETRY} ]; then fi echo "List all pods" -kubectl --kubeconfig /tmp/targetkubeconfig get pods --all-namespaces - -echo "Get cluster state" -kubectl --kubeconfig ${HOME}/.airship/kubeconfig get cluster +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get pods --all-namespaces diff --git a/tools/deployment/31_deploy_initinfra_target_node.sh b/tools/deployment/31_deploy_initinfra_target_node.sh index b09e5e986..e611393f1 100755 --- a/tools/deployment/31_deploy_initinfra_target_node.sh +++ b/tools/deployment/31_deploy_initinfra_target_node.sh @@ -18,16 +18,17 @@ export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} export TIMEOUT=${TIMEOUT:-60} NODENAME="node01" export WAIT_TIMEOUT=${WAIT_TIMEOUT:-"2000s"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-context"} # TODO need to run another config command after use-context to update kubeconfig echo "Switch context to target cluster and set manifest" -airshipctl config use-context target-cluster-admin@target-cluster -airshipctl config set-context target-cluster-admin@target-cluster --manifest dummy_manifest +airshipctl config use-context target-context +airshipctl config set-context target-context --manifest dummy_manifest end=$(($(date +%s) + $TIMEOUT)) echo "Waiting $TIMEOUT seconds for $NODENAME to be created." while true; do - if (kubectl --request-timeout 10s --kubeconfig $KUBECONFIG get nodes | grep -q $NODENAME) ; then + if (kubectl --request-timeout 10s --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get nodes | grep -q $NODENAME) ; then echo -e "\n$NODENAME found" break else @@ -42,10 +43,10 @@ while true; do done # TODO remove taint -kubectl --kubeconfig $KUBECONFIG taint node $NODENAME node-role.kubernetes.io/master- +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT taint node $NODENAME node-role.kubernetes.io/master- echo "Deploy infra to cluster" airshipctl phase apply initinfra --debug --wait-timeout $WAIT_TIMEOUT echo "List all pods" -kubectl --kubeconfig $KUBECONFIG get pods --all-namespaces +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get pods --all-namespaces diff --git a/tools/deployment/32_cluster_init_target_node.sh b/tools/deployment/32_cluster_init_target_node.sh index ba62c066d..7d3571586 100755 --- a/tools/deployment/32_cluster_init_target_node.sh +++ b/tools/deployment/32_cluster_init_target_node.sh @@ -15,15 +15,16 @@ set -xe export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-context"} # TODO need to run another config command after use-context to update kubeconfig echo "Switch context to target cluster and set manifest" -airshipctl config use-context target-cluster-admin@target-cluster -airshipctl config set-context target-cluster-admin@target-cluster --manifest dummy_manifest +airshipctl config use-context target-context +airshipctl config set-context target-context --manifest dummy_manifest echo "Deploy CAPI components" airshipctl cluster init --debug echo "Waiting for pods to be ready" -kubectl --kubeconfig $KUBECONFIG wait --all-namespaces --for=condition=Ready pods --all --timeout=600s -kubectl --kubeconfig $KUBECONFIG get pods --all-namespaces +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT wait --all-namespaces --for=condition=Ready pods --all --timeout=600s +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get pods --all-namespaces diff --git a/tools/deployment/33_cluster_move_target_node.sh b/tools/deployment/33_cluster_move_target_node.sh index fc816ee92..f6b4fecab 100755 --- a/tools/deployment/33_cluster_move_target_node.sh +++ b/tools/deployment/33_cluster_move_target_node.sh @@ -17,37 +17,39 @@ set -xe #Default wait timeout is 3600 seconds export TIMEOUT=${TIMEOUT:-3600} export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_EPHEMERAL_CONTEXT=${KUBECONFIG_EPHEMERAL_CONTEXT:-"ephemeral-context"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-context"} echo "Switch context to ephemeral cluster and set manifest" -airshipctl config use-context dummy_cluster -airshipctl config set-context dummy_cluster --manifest dummy_manifest +airshipctl config use-context ephemeral-context +airshipctl config set-context ephemeral-context --manifest dummy_manifest echo "Check Cluster Status" -kubectl --kubeconfig $KUBECONFIG get cluster target-cluster -o json | jq '.status.controlPlaneReady' +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT get cluster target-cluster -o json | jq '.status.controlPlaneReady' echo "Annotate BMH for target node" -kubectl --kubeconfig $KUBECONFIG annotate bmh node01 baremetalhost.metal3.io/paused=true +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_EPHEMERAL_CONTEXT annotate bmh node01 baremetalhost.metal3.io/paused=true echo "Move Cluster Object to Target Cluster" -clusterctl --v 20 move --kubeconfig $KUBECONFIG --kubeconfig-context dummy_cluster --to-kubeconfig $KUBECONFIG --to-kubeconfig-context target-cluster-admin@target-cluster +clusterctl --v 20 move --kubeconfig $KUBECONFIG --kubeconfig-context $KUBECONFIG_EPHEMERAL_CONTEXT --to-kubeconfig $KUBECONFIG --to-kubeconfig-context $KUBECONFIG_TARGET_CONTEXT echo "Switch context to target cluster and set manifest" -airshipctl config use-context target-cluster-admin@target-cluster -airshipctl config set-context target-cluster-admin@target-cluster --manifest dummy_manifest +airshipctl config use-context target-context +airshipctl config set-context target-context --manifest dummy_manifest echo "Waiting for pods to be ready" -kubectl --kubeconfig $KUBECONFIG wait --all-namespaces --for=condition=Ready pods --all --timeout=3000s -kubectl --kubeconfig $KUBECONFIG get pods --all-namespaces +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT wait --all-namespaces --for=condition=Ready pods --all --timeout=3000s +kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get pods --all-namespaces #Wait till crds are created end=$(($(date +%s) + $TIMEOUT)) echo "Waiting $TIMEOUT seconds for crds to be created." while true; do - if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get cluster target-cluster -o json | jq '.status.controlPlaneReady' | grep -q true) ; then + if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get cluster target-cluster -o json | jq '.status.controlPlaneReady' | grep -q true) ; then echo -e "\nGet CRD status" - kubectl --kubeconfig $KUBECONFIG get bmh - kubectl --kubeconfig $KUBECONFIG get machines - kubectl --kubeconfig $KUBECONFIG get clusters + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get bmh + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get machines + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get clusters break else now=$(date +%s) diff --git a/tools/deployment/34_deploy_worker_node.sh b/tools/deployment/34_deploy_worker_node.sh index e92269491..364087c68 100755 --- a/tools/deployment/34_deploy_worker_node.sh +++ b/tools/deployment/34_deploy_worker_node.sh @@ -17,10 +17,11 @@ set -xe #Default wait timeout is 3600 seconds export TIMEOUT=${TIMEOUT:-3600} export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-context"} echo "Switch context to target cluster and set manifest" -airshipctl config use-context target-cluster-admin@target-cluster -airshipctl config set-context target-cluster-admin@target-cluster --manifest dummy_manifest +airshipctl config use-context target-context +airshipctl config set-context target-context --manifest dummy_manifest echo "Stop ephemeral node" sudo virsh destroy air-ephemeral @@ -32,9 +33,9 @@ airshipctl phase apply workers --debug end=$(($(date +%s) + $TIMEOUT)) echo "Waiting $TIMEOUT seconds for node to be provisioned." while true; do - if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG get node node03 | grep -qw Ready) ; then + if (kubectl --request-timeout 20s --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get node node03 | grep -qw Ready) ; then echo -e "\nGet node status" - kubectl --kubeconfig $KUBECONFIG get node + kubectl --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT get node break else now=$(date +%s) diff --git a/tools/deployment/certificates/airship_config_ca_data b/tools/deployment/certificates/ephemeral_config_ca_data similarity index 100% rename from tools/deployment/certificates/airship_config_ca_data rename to tools/deployment/certificates/ephemeral_config_ca_data diff --git a/tools/deployment/certificates/airship_config_client_cert_data b/tools/deployment/certificates/ephemeral_config_client_cert_data similarity index 100% rename from tools/deployment/certificates/airship_config_client_cert_data rename to tools/deployment/certificates/ephemeral_config_client_cert_data diff --git a/tools/deployment/certificates/airship_config_client_key_data b/tools/deployment/certificates/ephemeral_config_client_key_data similarity index 100% rename from tools/deployment/certificates/airship_config_client_key_data rename to tools/deployment/certificates/ephemeral_config_client_key_data diff --git a/tools/deployment/certificates/target_config_ca_data b/tools/deployment/certificates/target_config_ca_data new file mode 100644 index 000000000..056f5d149 --- /dev/null +++ b/tools/deployment/certificates/target_config_ca_data @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIUMCpsOoExrG7gE5L9RRjggOMT8nwwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOS3ViZXJuZXRlcyBBUEkwHhcNMjAwOTE1MDEwNDM3WhcN +MzAwOTEzMDEwNDM3WjAZMRcwFQYDVQQDDA5LdWJlcm5ldGVzIEFQSTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKAdZ4QbGfiKLLiMsGpRJKwyfDFYR9SC +lkUoxeMMAePdySMSJZM9E0PNh39MKSV3Rd4HekuxgG+rxzo7Zg+eMZcXr4Y7zKP3 +5Im/hDd2mSa8l0I1e4pWptgnof7oEbiIuHSf1Bda1N0ZmDQGmrLrBqNdQ7sPUzsV +YOz6UPVejcHxAc1po1flAv+YSYz5Wko0ETgMvXDkqOHkXW5ZxOppUn+39ZoY6L+x +Ve0PqPtyfIVu3wmrvE4gxJlmXI7uLfw6N4zpKdn+I4+TIEayhMD1dQzspC4L3B+p +XpqO1cV3fJ2Prq/f5MxJr1Y5GQ6eBVrLehwVVLHD31weaigu3y+r3tUCAwEAAaOB +kzCBkDAdBgNVHQ4EFgQUOWya3EwbysnTS/Yj1VLKc0hxh4owVAYDVR0jBE0wS4AU +OWya3EwbysnTS/Yj1VLKc0hxh4qhHaQbMBkxFzAVBgNVBAMMDkt1YmVybmV0ZXMg +QVBJghQwKmw6gTGsbuATkv1FGOCA4xPyfDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAMZuSkIm7PvP81nGJ9X9VE8UYMWCINF0A +b+uQDEhtFsGqvvEdxPqDTYJpvQuIBe9WtriVG8t0CH/SggH6NRhwL2bBp2nVhAUW +a+xY/TiNc3PIyDsExF7TuD4bsimAABSgfmmtqWWjj4r9+hu/ogOc/42bOIOBVlsd +/U70bGwYB59Ax//gHYRfT9w/ztTpockstHaJ6lT7yHYjaI3iNDZvMJqQIcq0N/LC +qPcZ0VApLQ6QPti1jUK0F3UedAzMW7dQx6EwB7yPz85gYKvIugri+ksf0lc2xuCG +WLh6b1MZOBsSY6JiTzRQJXusBEGZLcyVDIHE7cD85hNBfit0/z1ffQ== +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/target_config_client_cert_data b/tools/deployment/certificates/target_config_client_cert_data new file mode 100644 index 000000000..b17fbcd26 --- /dev/null +++ b/tools/deployment/certificates/target_config_client_cert_data @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAf+gAwIBAgIIfgHwEugUbEcwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AwwOS3ViZXJuZXRlcyBBUEkwHhcNMjAwOTE1MDEwNDM3WhcNMjEwOTE1MDEyMjQ2 +WjA0MRcwFQYDVQQKEw5zeXN0ZW06bWFzdGVyczEZMBcGA1UEAxMQa3ViZXJuZXRl +cy1hZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM8z7Ixk/2US +BPQv3Riiin7ToYOA8PfYyy4WLHw10p1V0dl6tSezDygyerwGLyrOLwUEXCoh2Ugm +/Kc4RL5eYeBD1lRdzlcYN+uUmVYIR0JyCBmB22qeC8cdHezq20m1C4Q2DlR6pPmY +/ReHcUVZBuU6thfG4X/NJDDXR5+mO0qYdZGpbpGyMH9A19AuqLQ7EGUT0CSGL+w9 +cPOr98Yr4FEAWIdEdl21kzC91ofkyegunR7gHpmBCqkHT+9fzT2gjUvY/UoTy4gs +Co0huZstlPouZHdCmiQgfW8C36saNrYoGz48dL83miVv/FTmcq1T1n95R9kH24WN +tSEqCASWMUMCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG +AQUFBwMCMB8GA1UdIwQYMBaAFDlsmtxMG8rJ00v2I9VSynNIcYeKMA0GCSqGSIb3 +DQEBCwUAA4IBAQCYMR+q7PNS4jYra/uDyOBMUNcppi/s6OxZCTU3tWUkXUIu4Vf0 +UnIkokXtr7xxCaUR61vqgP8veCUfN1NLD/plQWcxH4YRhN4dbdCpGkypNCHESjNT +ExVtLy2qFhGjzvcAVnM8JhEzHRlLBHYmUiOfT8KyGtv2OiiG5m4XNUFclaRXKlkv +Sht4XagdtWIQOPaoBolcr0/IY8iWRBqJetNxl/g+0LjpBGVtBgDit9sOCEVXilHR +9HlfMBWHZX8mFTY70kzTT5BNuiMtk8cJGWBO2m+vLoJAYoky6y/hGBgb6L3xLc2d +p8vuH/HCzH0nMlnl1M89YjN/EQFNXCzcyNdp +-----END CERTIFICATE----- diff --git a/tools/deployment/certificates/target_config_client_key_data b/tools/deployment/certificates/target_config_client_key_data new file mode 100644 index 000000000..5beb75c0a --- /dev/null +++ b/tools/deployment/certificates/target_config_client_key_data @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzzPsjGT/ZRIE9C/dGKKKftOhg4Dw99jLLhYsfDXSnVXR2Xq1 +J7MPKDJ6vAYvKs4vBQRcKiHZSCb8pzhEvl5h4EPWVF3OVxg365SZVghHQnIIGYHb +ap4Lxx0d7OrbSbULhDYOVHqk+Zj9F4dxRVkG5Tq2F8bhf80kMNdHn6Y7Sph1kalu +kbIwf0DX0C6otDsQZRPQJIYv7D1w86v3xivgUQBYh0R2XbWTML3Wh+TJ6C6dHuAe +mYEKqQdP71/NPaCNS9j9ShPLiCwKjSG5my2U+i5kd0KaJCB9bwLfqxo2tigbPjx0 +vzeaJW/8VOZyrVPWf3lH2QfbhY21ISoIBJYxQwIDAQABAoIBACXM3zatpjoWE3lI +0hkQbhu9GBYZi9xrXIXH3c27M/UoFuSKEkpvzDAVJXbv2eMBQmqz5Ox6yFz1X9pR +1Zi1Nz3mok853c7dyDXeIisjz3w7uWaN3i2RL6zfjvoNznuf37367ppS1Y4Dbwi/ +2NZB65QeJeIokjLyhcuzOonRlbeBzMeCDFgwyIA7hxIwig6VxnE8oll9Fh/l7HFt +Sp+xvYpZjhBxFeRBLt6OBG3OgvGYdMhH6mqOG0s7B/ker97lUyD9eWqAlhcPF1vJ +o43AVbo/IU147paoGbWQoukIlnfxc+DowWjGaTy5ScQjsfB5RGM3LM9C52qUOZPl +T29ye4ECgYEA6Gp8ENlTVjainxQADZDzIxV34uxE3XT8fleHfZqNby3R0b59HcXT +45RendM0xHd7RvzdeshBV110UihQgdHj86yiklITfa6KaiJRb0NGwhOAlw0VdM3h +2JfGlUISXXn9/BhFO0WiA4fdtx3pe/JbuB1kuXgu0SJWDRdvRFXeYDMCgYEA5Dp5 +FN86850Q1S0S2dm2paUwymbGFXa9IQtyak30qZO95C7NjGGZ2Loog7yW/wOvLKnq +8YhEHUxLlBXiTvvw+RG1z0MoHhEFGNyIMH2srjBROiyMTHyOoXcA11mf+A6EJBC2 +KyOZJHdRjaRUG7n1XAn1YUaPaYKScHNFWy0tmrECgYBpJSuFr9ws58DAeRrhCE+G +8sJvDfbFvZQxUEYCw/Xyc2c2HZia7JHEpq37dr6rl2ZVIjbMwmYVMTlbpdNuN9eJ +uPM/gRRCSsFh7K6syGHtkUcejxPC6RWgmGGFywNl+Le34f8IJqN6N3BN1KF5qpZm +AB4+bim4AXGusIhtAO/+0wKBgGDX0wMhSiGPV1Itwx7/u/oD43UvMQRwkwZPlig3 +lgbS8zO9DGlyDNci/wgPYT8qsA1SuKfuu4B3HGbk9levnmwBsNUW2RIRBMms4nk5 +CqoLRJxbxNi7zcYD+i5nEHMwra+kC7i4bUZE/y0MOshdGxkH/MBfMYGC72KZ9yce +P4ixAoGBANAvbb/xxT8o9maSAZWc/nSVtL9rAb0kGBPSKrtAmpbGq2+C69Ny5A1E +uob7gsv2w42HPrg/0TLISIFaWi/R/WQddF1jrQj55z7EiXQUCR4sCqDdOSaYv01V +u6ylCjfUIFeUPoxHC9bO7igMObBmpHGSDKg15qjxnUi8Zqj4Z+n2 +-----END RSA PRIVATE KEY----- diff --git a/tools/deployment/templates/airshipconfig_template b/tools/deployment/templates/airshipconfig_template index a3812f6d0..7cb4d1d26 100644 --- a/tools/deployment/templates/airshipconfig_template +++ b/tools/deployment/templates/airshipconfig_template @@ -23,17 +23,25 @@ managementConfiguration: systemRebootDelay: ${SYSTEM_REBOOT_DELAY} clusters: - dummycluster: + ephemeral-cluster: clusterType: ephemeral: bootstrapInfo: dummy_bootstrap_config - clusterKubeconf: dummycluster_ephemeral + clusterKubeconf: ephemeral-cluster_ephemeral + managementConfiguration: dummy_management_config + target-cluster: + clusterType: + target: + clusterKubeconf: target-cluster_target managementConfiguration: dummy_management_config contexts: - dummy_cluster: - contextKubeconf: dummy_cluster + ephemeral-context: + contextKubeconf: ephemeral-context manifest: dummy_manifest -currentContext: dummy_cluster + target-context: + contextKubeconf: target-context + manifest: dummy_manifest +currentContext: ephemeral-context kind: Config manifests: dummy_manifest: @@ -49,4 +57,5 @@ manifests: subPath: ${AIRSHIP_SITE_NAME} targetPath: ${AIRSHIP_CONFIG_MANIFEST_DIRECTORY} users: - dummy_user: {} + ephemeral-cluster-admin: {} + target-cluster-admin: {} diff --git a/tools/deployment/templates/kubeconfig_template b/tools/deployment/templates/kubeconfig_template index 68422eaae..07d54783d 100644 --- a/tools/deployment/templates/kubeconfig_template +++ b/tools/deployment/templates/kubeconfig_template @@ -1,19 +1,31 @@ apiVersion: v1 clusters: - cluster: - certificate-authority-data: ${AIRSHIP_CONFIG_CA_DATA} - server: https://${AIRSHIP_CONFIG_EPHEMERAL_IP}:6443 - name: dummycluster_ephemeral + certificate-authority-data: ${EPHEMERAL_CONFIG_CA_DATA} + server: https://${EPHEMERAL_IP}:6443 + name: ephemeral-cluster_ephemeral +- cluster: + certificate-authority-data: ${TARGET_CONFIG_CA_DATA} + server: https://${TARGET_IP}:6443 + name: target-cluster_target contexts: - context: - cluster: dummycluster_ephemeral - user: kubernetes-admin - name: dummy_cluster -current-context: dummy_cluster + cluster: ephemeral-cluster_ephemeral + user: ephemeral-cluster-admin + name: ephemeral-context +- context: + cluster: target-cluster_target + user: target-cluster-admin + name: target-context +current-context: ephemeral-context kind: Config preferences: {} users: -- name: kubernetes-admin +- name: ephemeral-cluster-admin user: - client-certificate-data: ${AIRSHIP_CONFIG_CLIENT_CERT_DATA} - client-key-data: ${AIRSHIP_CONFIG_CLIENT_KEY_DATA} + client-certificate-data: ${EPHEMERAL_CONFIG_CLIENT_CERT_DATA} + client-key-data: ${EPHEMERAL_CONFIG_CLIENT_KEY_DATA} +- name: target-cluster-admin + user: + client-certificate-data: ${TARGET_CONFIG_CLIENT_CERT_DATA} + client-key-data: ${TARGET_CONFIG_CLIENT_KEY_DATA}