diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/controlplane/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/controlplane/kustomization.yaml new file mode 100644 index 000000000..31997043a --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/controlplane/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/controlplane + - ../catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/lma/controlplane/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra-networking/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra-networking/kustomization.yaml new file mode 100644 index 000000000..d00946d49 --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra-networking/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra-networking diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra/kustomization.yaml new file mode 100644 index 000000000..adbc579c2 --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/initinfra/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra + - ../catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/lma/initinfra/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/lma-configs/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/lma-configs/kustomization.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/provide-infra/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/provide-infra/kustomization.yaml new file mode 100644 index 000000000..1020b650a --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/provide-infra/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/provide-infra + - ../catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/lma/provide-infra/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml new file mode 100644 index 000000000..4e7e9fe76 --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/workers + - ../catalogues + - metal3machinetemplate.yaml + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/lma/workers/replacements diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml new file mode 100644 index 000000000..f4405f62a --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workers/metal3machinetemplate.yaml @@ -0,0 +1,10 @@ +apiVersion: infrastructure.cluster.x-k8s.io/v1alpha3 +kind: Metal3MachineTemplate +metadata: + name: worker-1 +spec: + template: + spec: + image: + url: http://10.23.24.102:80/images/data-plane.qcow2 + checksum: http://10.23.24.102:80/images/data-plane.qcow2.md5sum diff --git a/manifests/site/virtual-network-cloud/sub-clusters/lma/workload/kustomization.yaml b/manifests/site/virtual-network-cloud/sub-clusters/lma/workload/kustomization.yaml new file mode 100644 index 000000000..842262c03 --- /dev/null +++ b/manifests/site/virtual-network-cloud/sub-clusters/lma/workload/kustomization.yaml @@ -0,0 +1,6 @@ +resources: + - ../../../../../type/multi-tenant/sub-clusters/lma/workload + - ../catalogues + +transformers: + - ../../../../../type/multi-tenant/sub-clusters/lma/workload/replacements diff --git a/manifests/type/multi-tenant/phases/cluster_map_patch.yaml b/manifests/type/multi-tenant/phases/cluster_map_patch.yaml index e4f7c5b20..f6b482145 100644 --- a/manifests/type/multi-tenant/phases/cluster_map_patch.yaml +++ b/manifests/type/multi-tenant/phases/cluster_map_patch.yaml @@ -21,3 +21,17 @@ map: filesystem: path: ~/.airship/kubeconfig contextName: wordpress + lma: + parent: target-cluster + kubeconfigSources: + - type: "clusterAPI" + clusterAPI: + clusterNamespacedName: + name: lma + namespace: lma + # NOTE: This context does not exist unless added on disk manually. This + # entry is here for backup. + - type: "filesystem" + filesystem: + path: ~/.airship/kubeconfig + contextName: lma diff --git a/manifests/type/multi-tenant/phases/kustomization.yaml b/manifests/type/multi-tenant/phases/kustomization.yaml index f7b69ab84..4c18ce8df 100644 --- a/manifests/type/multi-tenant/phases/kustomization.yaml +++ b/manifests/type/multi-tenant/phases/kustomization.yaml @@ -1,5 +1,6 @@ resources: - ../../airship-core/phases + - ../sub-clusters/lma/phases - ../sub-clusters/wordpress/phases - workload-config.yaml - phases.yaml diff --git a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml index bc97ad99d..06aec34b3 100644 --- a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml +++ b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml @@ -13,7 +13,8 @@ metadata: spec: lma: - # This stanza is replaced directly into lma's networking catalogue + # This stanza is replaced directly into the LMA sub-cluster's networking + # catalogue at the site level. kubernetes: serviceCidr: "10.0.80.0/20" podCidr: "192.168.0.0/18" @@ -24,26 +25,17 @@ spec: # Ideally, improve this in the future. apiserverCertSANs: "[10.23.25.201, 10.23.24.201]" - # TODO: might spin this differently if SIP needs ranges instead of individual ports. - # But really, it makes sense to put all this info in the same place in any case - - # The non-overlapping port range allocated to the lma subcluster - # One of these ports (11000? 11001?) will be automaticaly used by SIP - # to build a loadbalancer for the k8s API - port_range: [11020, 11039] - - # This is consumed by two different targets: - # 1. SIP in the undercloud, to set up lma's load balancers - # 2. NodePorts in the subcluster exposed_services: - - name: lma # Service metadata.name - selector: # Service spec.selector - app: lma - ports: # Service spec.ports - - port: 11022 - targetPort: 80 - protocol: TCP - name: http + - name: auth + nodePort: 30556 + - name: jumpHost + nodePort: 30001 + - name: loadBalancerControlPlane + nodePort: 30002 + # TODO: Uncomment when SIP supports a Worker load balancer. + # Potential ports that can be used by sub-cluster services. + # - name: loadBalancerWorkers + # nodePort: ["30003:30020"] wordpress: # This stanza is replaced directly into the Wordpress sub-cluster's diff --git a/manifests/type/multi-tenant/sub-clusters/lma/controlplane/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/kustomization.yaml new file mode 100644 index 000000000..7de7af44e --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../sub-cluster/controlplane diff --git a/manifests/type/multi-tenant/sub-clusters/lma/controlplane/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/replacements/kustomization.yaml new file mode 100644 index 000000000..f7dd18790 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/controlplane/replacements/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../sub-cluster/controlplane/replacements diff --git a/manifests/type/multi-tenant/sub-clusters/lma/initinfra-networking/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/initinfra-networking/kustomization.yaml new file mode 100644 index 000000000..1e9c202c2 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra-networking/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../sub-cluster/initinfra-networking diff --git a/manifests/type/multi-tenant/sub-clusters/lma/initinfra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/kustomization.yaml new file mode 100644 index 000000000..076007571 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../sub-cluster/initinfra diff --git a/manifests/type/multi-tenant/sub-clusters/lma/initinfra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/replacements/kustomization.yaml new file mode 100644 index 000000000..b0166526e --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/initinfra/replacements/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../sub-cluster/initinfra/replacements diff --git a/manifests/type/multi-tenant/sub-clusters/lma/lma-configs/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/lma-configs/kustomization.yaml new file mode 100644 index 000000000..e07a5d384 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/lma-configs/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - ../../../../../function/lma-configs + +namespace: lma-infra diff --git a/manifests/type/multi-tenant/sub-clusters/lma/phases/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/phases/kustomization.yaml new file mode 100644 index 000000000..41c0085f3 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + sub-cluster: lma + +nameSuffix: "-lma" + +resources: + - ../../../../sub-cluster/phases + - lma_phases.yaml + +patchesStrategicMerge: + - phases_patch.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/lma/phases/lma_phases.yaml b/manifests/type/multi-tenant/sub-clusters/lma/phases/lma_phases.yaml new file mode 100644 index 000000000..5a32f29bb --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/lma_phases.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: lma-configs + clusterName: lma +config: + executorRef: + apiVersion: airshipit.org/v1alpha1 + kind: KubernetesApply + name: kubernetes-apply + documentEntryPoint: sub-clusters/lma/lma-configs diff --git a/manifests/type/multi-tenant/sub-clusters/lma/phases/phases_patch.yaml b/manifests/type/multi-tenant/sub-clusters/lma/phases/phases_patch.yaml new file mode 100644 index 000000000..eb61a10b5 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/phases/phases_patch.yaml @@ -0,0 +1,47 @@ +# NOTE: The contents of these phases are delivered to the target cluster. +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: provide-infra +config: + documentEntryPoint: sub-clusters/lma/provide-infra +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: controlplane +config: + documentEntryPoint: sub-clusters/lma/controlplane +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: workers +config: + documentEntryPoint: sub-clusters/lma/workers + +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: initinfra + clusterName: lma +config: + documentEntryPoint: sub-clusters/lma/initinfra +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: initinfra-networking + clusterName: lma +config: + documentEntryPoint: sub-clusters/lma/initinfra-networking +--- +apiVersion: airshipit.org/v1alpha1 +kind: Phase +metadata: + name: workload + clusterName: lma +config: + documentEntryPoint: sub-clusters/lma/workload diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml new file mode 100644 index 000000000..01dee6264 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - sipcluster.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml new file mode 100644 index 000000000..6ed76bd38 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - networking.yaml + - versions.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml new file mode 100644 index 000000000..226df7e1d --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml @@ -0,0 +1,47 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: subcluster-provide-infra-networking-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2 +replacements: + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}" + target: + objref: + kind: SIPCluster + name: lma + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.auth[0].nodePort}"] + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.lma.exposed_services[?(.name == 'jumpHost')].nodePort}" + target: + objref: + kind: SIPCluster + name: lma + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.jumpHost[0].nodePort}"] + # NOTE: newer versions of SIP will have an additional load balancer for the + # worker nodes. + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.lma.exposed_services[?(.name == 'loadBalancerControlPlane')].nodePort}" + target: + objref: + kind: SIPCluster + name: lma + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"] diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml new file mode 100644 index 000000000..82830e296 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml @@ -0,0 +1,40 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: subcluster-provide-infra-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2 +replacements: +# Replace SIPCluster CR images +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.auth.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.auth[*].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.jump_host.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.jumpHost[*].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.load_balancer.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.loadBalancer[*].image}"] diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml new file mode 100644 index 000000000..72203fac8 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml @@ -0,0 +1,92 @@ +apiVersion: airship.airshipit.org/v1 +kind: SIPCluster +metadata: + name: lma + namespace: sipcluster-system + finalizers: + - sip.airship.airshipit.org/finalizer +spec: + nodes: + ControlPlane: + labelSelector: + vino.airshipit.org/flavor: control-plane + spreadTopology: PerRack + count: + active: 1 + standby: 1 + Worker: + labelSelector: + vino.airshipit.org/flavor: worker + spreadTopology: PerHost + count: + active: 2 + standby: 1 # Slew for upgrades + services: + auth: + - image: quay.io/dexidp/dex + nodeInterfaceId: oam-ipv4 + nodePort: 30556 + TLSCrt: | + -----BEGIN CERTIFICATE----- + MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p + a3ViZUNBMB4XDTIxMDMxNzExNDYzMFoXDTMxMDMxNjExNDYzMFowFTETMBEGA1UE + AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs1 + ujCXS/HDS9dSOJWfotlrQj46V4oL8q5dOmLXSvqfISINzdXK9XrBo/1INQ2RmFL/ + oXbCwvT1PhRkm/KS/LN3dgsbPjb6/meKsrLOpKPtTAm29+c7h87ZkwHi2LPZO+3w + bVp49ERCg89VjfIStvGefJvKaz1Rq3WTZN96216dSY2sShON07ELv4pZPJGjEHg6 + U6c4UgMdnye3FUUxaayqjZbLKcN/mNkI7kMzy4e0RZ4Y3WTlr0nxDVuYiz8v9usa + rHO5Pu9w40FAudlmMrSB9Qj8ED/VtooW4qewm4oUdHrmzJ86vamWLll2keHt4MAY + 5mG0vglWqm2zEL8jJWUCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW + MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW + BBQs35Wcd1nnNOP1YuzwousJxfATmDANBgkqhkiG9w0BAQsFAAOCAQEAbspb0RE5 + vOeObqLY7JEMlNvnxbnHceIpltZpnq5ZGbDHEBUEyBUnDnO7UZrxw2qmDgvpUPot + jNxgWzDcxb7kuli6Ehc1Nbtm8HKFf3xx5d1dTBuPj8i6njB/3kVbYZOHGcFxku62 + ac8KQT8EdaQdTtwoQLhfGl3P++afg7kfvcm962PKYWDGcbXbbJxEf1YDuy2dY2/Z + u5rOyAIhRSOm68edMhy/0Bdq3NBmT5icptMawEBrJXW7tNOnbSLu6qtQqSX8w58u + 2ZnZouCSXMfLYKNuDWVuhe/WfCv9ZKr/Izcz1raBquo8yDt4qsxDPfix/QSqUxRc + kDR2hHk/Mfv+rg== + -----END CERTIFICATE----- + TLSKey: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAqzW6MJdL8cNL11I4lZ+i2WtCPjpXigvyrl06YtdK+p8hIg3N + 1cr1esGj/Ug1DZGYUv+hdsLC9PU+FGSb8pL8s3d2Cxs+Nvr+Z4qyss6ko+1MCbb3 + 5zuHztmTAeLYs9k77fBtWnj0REKDz1WN8hK28Z58m8prPVGrdZNk33rbXp1JjaxK + E43TsQu/ilk8kaMQeDpTpzhSAx2fJ7cVRTFprKqNlsspw3+Y2QjuQzPLh7RFnhjd + ZOWvSfENW5iLPy/26xqsc7k+73DjQUC52WYytIH1CPwQP9W2ihbip7CbihR0eubM + nzq9qZYuWXaR4e3gwBjmYbS+CVaqbbMQvyMlZQIDAQABAoIBAC3cZ3JqpKIvERqt + YJDbwRCCRa1LjXVh+/Cu8lvVlbUKeSKZFgDlq9nlEttewy9OR8I7zXF1fCmHo8hs + psVUkDI2lr0k4AZ0Nz9fDL0O01VB1DNp+n/LF3bWGyXPMQMD9qSm2XP5oFzEgHBC + V5J3Zt/T90b38r/rJ4WIJOYkD60I/mQ2oB9I6QsUDSxeH9a/L1BEHvGcBtfbqWlA + b7BBRBjRCdtbV67pFpspSnWmIwDBF3GNbjjPyWiRCicLQeZ+Eysc4GbeT89A76xN + q76uPH/+vo5fafm86AURN59QA6/qaCvrlE02gt9FbFW/cN0Bs7y3OSl2e8/si6tz + n4Nwq8ECgYEA4F4oAitnCfAKhHr501qaJk4uj5YuzQktANjPp9Bo5x/FThF497gN + KvumUlq4Z3H7ivXk0WEYb5v2erXtgXoj6o/uAL+5FQyRBpUDa5FpeAi64e0Vzhtk + UUd5RXoC0eITdF8zaXHJsYTNv6jDA33Flqkk7bioTWi0VrTFlwp5mRUCgYEAw1kB + HmuV1LSqmwXf/6NIO2mmSBLNWC4JY/qAV9HlCxKhv9fXhl99m0lQRPs2TZIYrkCY + Q0entaYY+2EQn1HBm7sdGnoy5tOYb9Lg89zzP23MJDLAQ+eXRTyl25W3qQVnrRzx + o00EFX6QhySbuBditiu75wjN1Q2IY+jE81MozxECgYBU6s3xpEOnOzZ/1ZtgJtZY + 0RZGOe0UpPhnbaeKOBK8BwZB+dLyzrINJplYagWJAVbWzSIBLOJ2u2yaHOj7LCMT + z82gcu+1y7/H4fYdbDeiuosgnv61tyBMsuRvKzKOBSaf0LhAnFRd34mPlGvakmuK + DhJv9oecZJh8iIaQF+LV0QKBgFDDQHIqOqTZGNvEvwo6oIdns4aCt4Dob5t1GpC0 + R4SfbF4bR5DXc9+6nMQYNCg36ZpJPGo8errf894iEDQ+IdRXtL2YnejOvGwm/Df2 + Nl8X7tlcXh705ZaLb2rsaCUqBeYNXF2OXszgKbKl0Pd4O6hjRmlLO4YE9UmRF7Qd + wnZxAoGBAKN9LgEmOq3GTDbWvnKRDG8q1MjMOOLRuqryQWXF3KP/+oPB2XUrw7Eg + Sw9yBi8GZ6PseG1W5LnwT2vAeDaLRrAr8QrDmd+Aj+og7CVD82Gy/k8Uh0TyCUlF + DOY0q5Hu9iPlqk3ZQqGJKcms+97jD7JPGsPOH0+LcK9sEI6fJOna + -----END RSA PRIVATE KEY----- + CertManagerNS: cert-manager + jumpHost: + - image: quay.io/airshipit/jump-host + nodePort: 30001 + nodeInterfaceId: oam-ipv4 + bmc: + proxy: false + sshAuthorizedKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2 + nodeSSHPrivateKeys: ssh-private-keys + loadBalancer: + - image: haproxy + nodePort: 30000 + nodeInterfaceId: oam-ipv4 + diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workers/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workers/kustomization.yaml new file mode 100644 index 000000000..900c0405c --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/kustomization.yaml @@ -0,0 +1,8 @@ +resources: + - ../../../../sub-cluster/workers + +commonLabels: + cluster.x-k8s.io/cluster-name: lma + +patchesStrategicMerge: + - patches/machinedeployment.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workers/patches/machinedeployment.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workers/patches/machinedeployment.yaml new file mode 100644 index 000000000..6ccce33df --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/patches/machinedeployment.yaml @@ -0,0 +1,18 @@ +apiVersion: cluster.x-k8s.io/v1alpha3 +kind: MachineDeployment +metadata: + name: worker-1 + labels: + cluster.x-k8s.io/cluster-name: target-cluster +spec: + clusterName: lma + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/cluster-name: lma + template: + metadata: + labels: + cluster.x-k8s.io/cluster-name: lma + spec: + clusterName: lma diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workers/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workers/replacements/kustomization.yaml new file mode 100644 index 000000000..287984ceb --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workers/replacements/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - ../../../../../sub-cluster/workers/replacements diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workload/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workload/kustomization.yaml new file mode 100644 index 000000000..b344d3bb9 --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/kustomization.yaml @@ -0,0 +1,9 @@ +resources: + - ../../../../sub-cluster/workload + - ../../../../../composite/monitoring-stack + - ../../../../../function/minio + +namespace: lma-infra + +patches: + - path: patches/minio.yaml diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workload/patches/minio.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workload/patches/minio.yaml new file mode 100644 index 000000000..97f0631ae --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/patches/minio.yaml @@ -0,0 +1,17 @@ +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: minio +spec: + values: + replicas: 1 + persistence: + enabled: false + existingSecret: minio-admin-secret + buckets: + - name: logs + policy: none + purge: false + - name: metrics + policy: none + purge: false diff --git a/manifests/type/multi-tenant/sub-clusters/lma/workload/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/workload/replacements/kustomization.yaml new file mode 100644 index 000000000..1960ee18c --- /dev/null +++ b/manifests/type/multi-tenant/sub-clusters/lma/workload/replacements/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - ../../../../../../composite/monitoring-stack/replacements + - ../../../../../../function/minio/replacements diff --git a/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml b/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml index 2074f1ea8..48e1e3ea6 100644 --- a/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml +++ b/manifests/type/sub-cluster/initinfra/replacements/kustomization.yaml @@ -1,3 +1,3 @@ resources: - - ../../../../../../../airshipctl/manifests/function/flux/source-controller/replacements - - ../../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements + - ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements + - ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements diff --git a/manifests/type/sub-cluster/workers/machinedeployment.yaml b/manifests/type/sub-cluster/workers/machinedeployment.yaml index e6486c2be..cca90e46f 100644 --- a/manifests/type/sub-cluster/workers/machinedeployment.yaml +++ b/manifests/type/sub-cluster/workers/machinedeployment.yaml @@ -2,8 +2,6 @@ apiVersion: cluster.x-k8s.io/v1alpha3 kind: MachineDeployment metadata: name: worker-1 - labels: - cluster.x-k8s.io/cluster-name: target-cluster spec: clusterName: target-cluster replicas: 1 diff --git a/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml b/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml index ad79874ab..3d90acfd6 100644 --- a/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml +++ b/manifests/type/sub-cluster/workers/replacements/workers-env-vars.yaml @@ -6,7 +6,7 @@ metadata: annotations: config.kubernetes.io/function: |- container: - image: quay.io/airshipit/replacement-transformer:latest + image: quay.io/airshipit/replacement-transformer:v2 replacements: # Replace the proxy vars - source: