Proxy config for workers/workload

New replacements provide ability to use proxy configuration for worker nodes
and workload deployment.

To use proxy the following env vars should be exported for the session when
running phases: HTTP_PROXY, HTTPS_PROXY and NO_PROXY

Make sure to define all of them, especially NO_PROXY. For example, without
adding cluster IP addresses the deployment will fail.

Change-Id: Id08126f77e0a9da31318f1a239c51a6c78a7c88e

manifests/function/helm-operator/deployment.yaml

@@ -45,6 +45,13 @@ spec:
           requests:
             cpu: 50m
             memory: 64Mi
+        env:
+        - name: http_proxy
+          value: REPLACEMENT_HTTP_PROXY
+        - name: https_proxy
+          value: REPLACEMENT_HTTPS_PROXY
+        - name: no_proxy
+          value: REPLACEMENT_NO_PROXY
       serviceAccountName: helm-operator
       # See https://github.com/fluxcd/flux/pull/2116
       dnsPolicy: None

manifests/function/helm-operator/replacements/helm-operator-env-vars.yaml

@@ -0,0 +1,34 @@
+# These rules inject env vars into the helm-operator function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: helm-operator-env-vars-replacements
+replacements:
+# Replace the proxy vars
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTP_PROXY
+  target:
+    objref:
+      kind: Deployment
+      name: helm-operator
+    fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=http_proxy].value%REPLACEMENT_HTTP_PROXY%"]
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTPS_PROXY
+  target:
+    objref:
+      kind: Deployment
+      name: helm-operator
+    fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=https_proxy].value%REPLACEMENT_HTTPS_PROXY%"]
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.NO_PROXY
+  target:
+    objref:
+      kind: Deployment
+      name: helm-operator
+    fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=no_proxy].value%REPLACEMENT_NO_PROXY%"]

manifests/function/helm-operator/replacements/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - versions.yaml
+  - helm-operator-env-vars.yaml

manifests/site/test-site/target/workers/kubeadmconfigtemplate.yaml

@@ -27,6 +27,20 @@ spec:
           net.bridge.bridge-nf-call-iptables = 1
           EOF
         - sysctl --system
+        - |
+          mkdir -p /etc/systemd/system/docker.service.d/
+          cat <<EOF | tee /etc/systemd/system/docker.service.d/http-proxy.conf
+          [Service]
+          Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
+          Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
+          Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
+          EOF
+        - export HTTP_PROXY=REPLACEMENT_HTTP_PROXY
+        - export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY
+        - export http_proxy=${HTTP_PROXY}
+        - export https_proxy=${HTTPS_PROXY}
+        - export NO_PROXY=REPLACEMENT_NO_PROXY
+        - export no_proxy=${NO_PROXY}
         - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
         - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
         - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
@@ -41,6 +55,7 @@ spec:
         - apt-mark hold kubelet kubeadm
         - systemctl mask ntp
         - systemctl enable --now systemd-timesyncd
+        - unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
       users:
         - name: deployer
           sshAuthorizedKeys:

manifests/site/test-site/target/workers/kustomization.yaml

@@ -5,3 +5,7 @@ resources:
   - kubeadmconfigtemplate.yaml
   - metal3machinetemplate.yaml
   - machinedeployment.yaml
+  - ../../../../function/airshipctl-base-catalogues
+
+transformers:
+  - replacements

manifests/site/test-site/target/workers/replacements/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - workers-env-vars.yaml

manifests/site/test-site/target/workers/replacements/workers-env-vars.yaml

@@ -0,0 +1,34 @@
+# These rules inject env vars into the workers.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: workers-env-vars-replacements
+replacements:
+# Replace the proxy vars
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTP_PROXY
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTP_PROXY%"]
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.HTTPS_PROXY
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTPS_PROXY%"]
+- source:
+    objref:
+      name: env-vars-catalogue
+    fieldref: env.NO_PROXY
+  target:
+    objref:
+      kind: KubeadmConfigTemplate
+      name: worker-1
+    fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_NO_PROXY%"]