diff --git a/manifests/function/sip/Kptfile b/manifests/function/sip/Kptfile index c3de4032b..435eb2c32 100644 --- a/manifests/function/sip/Kptfile +++ b/manifests/function/sip/Kptfile @@ -5,19 +5,19 @@ dependencies: git: repo: "https://opendev.org/airship/sip" directory: "config/crd" - ref: "194346b22e1df3e922a8fd32dd2fb785856731a9" + ref: "f9226befbd49e4eba8909aa430ce7407551bba62" - name: upstream/default git: repo: "https://opendev.org/airship/sip" directory: "config/default" - ref: "eac22786d83f1a4f524f9f32ea36bb57b164ea1b" + ref: "f9226befbd49e4eba8909aa430ce7407551bba62" - name: upstream/manager git: repo: "https://opendev.org/airship/sip" directory: "config/manager" - ref: "eac22786d83f1a4f524f9f32ea36bb57b164ea1b" + ref: "f9226befbd49e4eba8909aa430ce7407551bba62" - name: upstream/rbac git: repo: "https://opendev.org/airship/sip" directory: "config/rbac" - ref: "eac22786d83f1a4f524f9f32ea36bb57b164ea1b" + ref: "f9226befbd49e4eba8909aa430ce7407551bba62" diff --git a/manifests/function/sip/upstream/crd/Kptfile b/manifests/function/sip/upstream/crd/Kptfile index ec18f39f2..5e8cb3227 100644 --- a/manifests/function/sip/upstream/crd/Kptfile +++ b/manifests/function/sip/upstream/crd/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: 194346b22e1df3e922a8fd32dd2fb785856731a9 + commit: f9226befbd49e4eba8909aa430ce7407551bba62 repo: https://opendev.org/airship/sip directory: config/crd - ref: 194346b22e1df3e922a8fd32dd2fb785856731a9 + ref: f9226befbd49e4eba8909aa430ce7407551bba62 diff --git a/manifests/function/sip/upstream/crd/bases/airship.airshipit.org_sipclusters.yaml b/manifests/function/sip/upstream/crd/bases/airship.airshipit.org_sipclusters.yaml index 95ab61c40..9ec5666a1 100644 --- a/manifests/function/sip/upstream/crd/bases/airship.airshipit.org_sipclusters.yaml +++ b/manifests/function/sip/upstream/crd/bases/airship.airshipit.org_sipclusters.yaml @@ -1,8 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null name: sipclusters.airship.airshipit.org spec: group: airship.airshipit.org @@ -12,277 +13,297 @@ spec: plural: sipclusters singular: sipcluster scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: SIPCluster is the Schema for the sipclusters API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SIPClusterSpec defines the desired state of a SIPCluster - properties: - nodes: - additionalProperties: - description: 'NodeSet are the the list of Nodes objects workers, or - ControlPlane that define expectations for the Tenant Clusters Includes - artifacts to associate with each defined namespace Such as : - Roles - for the Nodes - Flavor for theh Nodes image - Scheduling expectations - - Scale of the group of Nodes' - properties: - count: - description: Count defines the scale expectations for the Nodes - properties: - active: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed - state of cluster Important: Run "make" to regenerate code - after modifying this file' - type: integer - standby: - type: integer - type: object - spreadTopology: - description: PlaceHolder until we define the real expected Implementation - Scheduling define constraints that allow the SIP Scheduler to - identify the required BMH's to allow CAPI to build a cluster - enum: - - PerRack - - PerHost - type: string - vmFlavor: {} - labelSelector: - description: LabelSelector is the BMH label selector to use. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - type: object - description: Nodes defines the set of nodes to schedule for each BMH - role. - type: object - services: - description: Services defines the services that are deployed when a - SIPCluster is provisioned. - properties: - auth: - description: Auth defines the sub-cluster authentication services. - items: - properties: - clusterIP: - type: string - image: - type: string - nodeInterfaceId: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePort: - type: integer - required: - - image - - nodePort - type: object - type: array - jumpHost: - description: JumpHost defines the sub-cluster jump host services. - items: - description: JumpHostService is an infrastructure service type - that represents the sub-cluster jump-host service. - properties: - bmc: - description: BMCOpts contains options for BMC communication. - properties: - proxy: - type: boolean - type: object - clusterIP: - type: string - image: - type: string - nodeInterfaceId: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePort: - type: integer - sshkey: {} - nodeSSHPrivateKeys: - description: NodeSSHPrivateKeys holds the name of a Secret - in the same namespace as the SIPCluster CR, whose key values - each represent an ssh private key that can be used to access - the cluster nodes. They are mounted into the jumphost with - the secret keys serving as file names relative to a common - directory, and then configured as identity files in the - SSH config file of the default user. - type: string - sshAuthorizedKeys: - items: - type: string - type: array - required: - - image - - nodePort - - nodeSSHPrivateKeys - type: object - type: array - loadBalancer: - description: LoadBalancer defines the sub-cluster load balancer - services. - items: - properties: - clusterIP: - type: string - image: - type: string - nodeInterfaceId: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePort: - type: integer - required: - - image - - nodePort - type: object - type: array - type: object - required: - - services - type: object - status: - description: SIPClusterStatus defines the observed state of SIPCluster - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // - +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: SIPCluster is the Schema for the sipclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SIPClusterSpec defines the desired state of a SIPCluster + properties: + nodes: + additionalProperties: + description: 'NodeSet are the the list of Nodes objects workers, + or ControlPlane that define expectations for the Tenant Clusters + Includes artifacts to associate with each defined namespace Such + as : - Roles for the Nodes - Flavor for the Nodes image - Anti-affinity + expectations - Scale of the group of Nodes' + properties: + count: + description: Count defines the scale expectations for the Nodes + properties: + active: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed + state of cluster Important: Run "make" to regenerate code + after modifying this file' + type: integer + standby: + type: integer + type: object + labelSelector: + description: LabelSelector is the BMH label selector to use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + topologyKey: + description: TopologyKey is similar to the same named field + in the kubernetes Pod anti-affinity API. If two BMHs are labeled + with this key and have identical values for that label, they + are considered to be in the same topology domain, and thus + only one will be scheduled. + type: string + type: object + description: Nodes defines the set of nodes to schedule for each BMH + role. + type: object + services: + description: Services defines the services that are deployed when + a SIPCluster is provisioned. + properties: + jumpHost: + description: JumpHost defines the sub-cluster jump host services. + items: + description: JumpHostService is an infrastructure service type + that represents the sub-cluster jump-host service. + properties: + bmc: + description: BMCOpts contains options for BMC communication. + properties: + proxy: + type: boolean + type: object + clusterIP: + type: string + image: + type: string + nodeInterfaceId: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePort: + type: integer + nodeSSHPrivateKeys: + description: NodeSSHPrivateKeys holds the name of a Secret + in the same namespace as the SIPCluster CR, whose key + values each represent an ssh private key that can be used + to access the cluster nodes. They are mounted into the + jumphost with the secret keys serving as file names relative + to a common directory, and then configured as identity + files in the SSH config file of the default user. + type: string + sshAuthorizedKeys: + items: + type: string + type: array + required: + - image + - nodePort + - nodeSSHPrivateKeys + type: object + type: array + loadBalancerControlPlane: + description: LoadBalancer defines the sub-cluster load balancer + services. + items: + description: LoadBalancerServiceControlPlane is an infrastructure + service type that represents the sub-cluster load balancer + service. + properties: + clusterIP: + type: string + image: + type: string + nodeInterfaceId: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePort: + type: integer + required: + - image + - nodePort + type: object + type: array + loadBalancerWorker: + description: ' LoadBalancer defines the sub-cluster load balancer + services.' + items: + description: LoadBalancerServiceWorker is an infrastructure + service type that represents the sub-cluster load balancer + service. + properties: + clusterIP: + type: string + image: + type: string + nodeInterfaceId: + type: string + nodeLabels: + additionalProperties: + type: string + type: object + nodePort: + type: integer + nodePortRange: + description: 'TODO: Remove the inherited single NodePort + field via refactoring. It is unused for this service since + we have the below node port range instead.' + properties: + end: + description: End is the ending port number in the range. + type: integer + start: + description: Start is the starting port number in the + range. + type: integer + required: + - end + - start + type: object + required: + - image + - nodePort + - nodePortRange + type: object + type: array + type: object + required: + - services + type: object + status: + description: SIPClusterStatus defines the observed state of SIPCluster + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/manifests/function/sip/upstream/default/Kptfile b/manifests/function/sip/upstream/default/Kptfile index 30c11c0e4..2b24a26f7 100644 --- a/manifests/function/sip/upstream/default/Kptfile +++ b/manifests/function/sip/upstream/default/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + commit: f9226befbd49e4eba8909aa430ce7407551bba62 repo: https://opendev.org/airship/sip directory: config/default - ref: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + ref: f9226befbd49e4eba8909aa430ce7407551bba62 diff --git a/manifests/function/sip/upstream/default/kustomization.yaml b/manifests/function/sip/upstream/default/kustomization.yaml index 26d1af388..beb693a98 100644 --- a/manifests/function/sip/upstream/default/kustomization.yaml +++ b/manifests/function/sip/upstream/default/kustomization.yaml @@ -1,17 +1,14 @@ # Adds namespace to all resources. namespace: sipcluster-system - # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. namePrefix: sipcluster- - # Labels to add to all resources and selectors. #commonLabels: # someName: someValue - bases: - ../crd - ../rbac @@ -25,46 +22,7 @@ bases: #- ../prometheus patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/manifests/function/sip/upstream/manager/Kptfile b/manifests/function/sip/upstream/manager/Kptfile index 7dd49d03f..1ba756b05 100644 --- a/manifests/function/sip/upstream/manager/Kptfile +++ b/manifests/function/sip/upstream/manager/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + commit: f9226befbd49e4eba8909aa430ce7407551bba62 repo: https://opendev.org/airship/sip directory: config/manager - ref: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + ref: f9226befbd49e4eba8909aa430ce7407551bba62 diff --git a/manifests/function/sip/upstream/rbac/Kptfile b/manifests/function/sip/upstream/rbac/Kptfile index be6fa638e..95daf9000 100644 --- a/manifests/function/sip/upstream/rbac/Kptfile +++ b/manifests/function/sip/upstream/rbac/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + commit: f9226befbd49e4eba8909aa430ce7407551bba62 repo: https://opendev.org/airship/sip directory: config/rbac - ref: eac22786d83f1a4f524f9f32ea36bb57b164ea1b + ref: f9226befbd49e4eba8909aa430ce7407551bba62 diff --git a/manifests/function/sip/upstream/rbac/kustomization.yaml b/manifests/function/sip/upstream/rbac/kustomization.yaml index 42fd75897..73215338e 100644 --- a/manifests/function/sip/upstream/rbac/kustomization.yaml +++ b/manifests/function/sip/upstream/rbac/kustomization.yaml @@ -5,7 +5,6 @@ resources: - sipcluster_scheduler_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml - # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. diff --git a/manifests/function/sip/upstream/rbac/role.yaml b/manifests/function/sip/upstream/rbac/role.yaml index c899040c5..21f040f98 100644 --- a/manifests/function/sip/upstream/rbac/role.yaml +++ b/manifests/function/sip/upstream/rbac/role.yaml @@ -1,11 +1,14 @@ - ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get - apiGroups: - airship.airshipit.org resources: diff --git a/manifests/function/sip/upstream/rbac/sipcluster_scheduler_role.yaml b/manifests/function/sip/upstream/rbac/sipcluster_scheduler_role.yaml index 98fc2de52..62bc6ef18 100644 --- a/manifests/function/sip/upstream/rbac/sipcluster_scheduler_role.yaml +++ b/manifests/function/sip/upstream/rbac/sipcluster_scheduler_role.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -17,8 +16,10 @@ rules: - update - apiGroups: - "" + - apps resources: - secrets + - deployments verbs: - get - list @@ -49,7 +50,6 @@ rules: - apiGroups: - "" resources: - - namespaces - secrets verbs: - create diff --git a/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml b/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml index b0f31823e..bb2531155 100644 --- a/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml +++ b/manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml @@ -75,15 +75,15 @@ spec: image: quay.io/thanos/thanos:v0.19.0 sip: sip: - auth: - image: quay.io/dexidp/dex:v2.20.0 kube-rbac-proxy: image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 manager: - image: quay.io/airshipit/sip:51e7ff85d617c0e94fa98920fdbacce3ad9e6bc0 + image: quay.io/airshipit/sip:f9226befbd49e4eba8909aa430ce7407551bba62 jump_host: image: quay.io/airshipit/jump-host:latest - load_balancer: + load_balancer_control_plane: + image: haproxy:2.3.2 + load_balancer_worker: image: haproxy:2.3.2 vino: vino: diff --git a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml index 06aec34b3..5c13f4c6f 100644 --- a/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml +++ b/manifests/type/multi-tenant/shared/catalogues/subcluster-networking.yaml @@ -32,10 +32,11 @@ spec: nodePort: 30001 - name: loadBalancerControlPlane nodePort: 30002 - # TODO: Uncomment when SIP supports a Worker load balancer. # Potential ports that can be used by sub-cluster services. - # - name: loadBalancerWorkers - # nodePort: ["30003:30020"] + - name: loadBalancerWorker + nodePortRange: + start: 30003 + end: 30020 wordpress: # This stanza is replaced directly into the Wordpress sub-cluster's @@ -55,7 +56,8 @@ spec: nodePort: 30001 - name: loadBalancerControlPlane nodePort: 30002 - # TODO: Uncomment when SIP supports a Worker load balancer. # Potential ports that can be used by sub-cluster services. - # - name: loadBalancerWorkers - # nodePort: ["30003:30020"] + - name: loadBalancerWorker + nodePortRange: + start: 30003 + end: 30020 diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml index 9693f1d2b..2e1c22f5c 100644 --- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml @@ -7,18 +7,17 @@ metadata: container: image: quay.io/airshipit/replacement-transformer:v2 replacements: - - source: - objref: - kind: VariableCatalogue - name: subcluster-networking - fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}" - target: - objref: - kind: SIPCluster - name: lma - # NOTE: The SIPCluster CR accepts multiple infra service definitions, - # but we only deploy one instance of each. - fieldrefs: ["{.spec.services.auth[0].nodePort}"] + # TODO: Uncomment once subcluster Dex is implemented. + # - source: + # objref: + # kind: VariableCatalogue + # name: subcluster-networking + # fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}" + # target: + # objref: + # kind: HelmRelease + # name: dex-aio + # fieldrefs: ["{.values.params.endpoints.port.https}"] - source: objref: kind: VariableCatalogue @@ -31,8 +30,6 @@ replacements: # NOTE: The SIPCluster CR accepts multiple infra service definitions, # but we only deploy one instance of each. fieldrefs: ["{.spec.services.jumpHost[0].nodePort}"] - # NOTE: newer versions of SIP will have an additional load balancer for the - # worker nodes. - source: objref: kind: VariableCatalogue @@ -44,7 +41,33 @@ replacements: name: lma # NOTE: The SIPCluster CR accepts multiple infra service definitions, # but we only deploy one instance of each. - fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"] + fieldrefs: ["{.spec.services.loadBalancerControlPlane[0].nodePort}"] + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.lma.exposed_services[?(.name == 'loadBalancerWorker')].nodePortRange}" + target: + objref: + kind: SIPCluster + name: lma + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.loadBalancerWorker[0].nodePortRange}"] + # TODO: The nodePort field is ignored, but still required. Remove this replacement rule once the + # field is removed, see https://github.com/airshipit/sip/issues/21. + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.lma.exposed_services[?(.name == 'loadBalancerWorker')].nodePortRange.start}" + target: + objref: + kind: SIPCluster + name: lma + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.loadBalancerWorker[0].nodePort}"] - source: objref: kind: VariableCatalogue diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml index 82830e296..916d01c41 100644 --- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/versions.yaml @@ -8,16 +8,6 @@ metadata: image: quay.io/airshipit/replacement-transformer:v2 replacements: # Replace SIPCluster CR images -- source: - objref: - kind: VersionsCatalogue - name: versions-treasuremap - fieldref: "{.spec.images.sip.sip.auth.image}" - target: - objref: - kind: SIPCluster - name: lma - fieldrefs: ["{.spec.services.auth[*].image}"] - source: objref: kind: VersionsCatalogue @@ -32,9 +22,19 @@ replacements: objref: kind: VersionsCatalogue name: versions-treasuremap - fieldref: "{.spec.images.sip.sip.load_balancer.image}" + fieldref: "{.spec.images.sip.sip.load_balancer_control_plane.image}" target: objref: kind: SIPCluster name: lma - fieldrefs: ["{.spec.services.loadBalancer[*].image}"] + fieldrefs: ["{.spec.services.loadBalancerControlPlane[*].image}"] +- source: + objref: + kind: VersionsCatalogue + name: versions-treasuremap + fieldref: "{.spec.images.sip.sip.load_balancer_worker.image}" + target: + objref: + kind: SIPCluster + name: lma + fieldrefs: ["{.spec.services.loadBalancerWorker[*].image}"] diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml index db45cf0ff..4fe7c1582 100644 --- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml +++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml @@ -8,72 +8,21 @@ spec: nodes: ControlPlane: labelSelector: - vino.airshipit.org/flavor: control-plane - spreadTopology: PerRack + matchLabels: + vino.airshipit.org/flavor: control-plane + topologyKey: vino.airshipit.org/rack count: active: 1 standby: 1 Worker: labelSelector: - vino.airshipit.org/flavor: worker - spreadTopology: PerHost + matchLabels: + vino.airshipit.org/flavor: worker + topologyKey: vino.airshipit.org/host count: active: 2 standby: 1 # Slew for upgrades services: - auth: - - image: quay.io/dexidp/dex - nodeInterfaceId: oam-ipv4 - nodePort: 30556 - TLSCrt: | - -----BEGIN CERTIFICATE----- - MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p - a3ViZUNBMB4XDTIxMDMxNzExNDYzMFoXDTMxMDMxNjExNDYzMFowFTETMBEGA1UE - AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs1 - ujCXS/HDS9dSOJWfotlrQj46V4oL8q5dOmLXSvqfISINzdXK9XrBo/1INQ2RmFL/ - oXbCwvT1PhRkm/KS/LN3dgsbPjb6/meKsrLOpKPtTAm29+c7h87ZkwHi2LPZO+3w - bVp49ERCg89VjfIStvGefJvKaz1Rq3WTZN96216dSY2sShON07ELv4pZPJGjEHg6 - U6c4UgMdnye3FUUxaayqjZbLKcN/mNkI7kMzy4e0RZ4Y3WTlr0nxDVuYiz8v9usa - rHO5Pu9w40FAudlmMrSB9Qj8ED/VtooW4qewm4oUdHrmzJ86vamWLll2keHt4MAY - 5mG0vglWqm2zEL8jJWUCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW - MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW - BBQs35Wcd1nnNOP1YuzwousJxfATmDANBgkqhkiG9w0BAQsFAAOCAQEAbspb0RE5 - vOeObqLY7JEMlNvnxbnHceIpltZpnq5ZGbDHEBUEyBUnDnO7UZrxw2qmDgvpUPot - jNxgWzDcxb7kuli6Ehc1Nbtm8HKFf3xx5d1dTBuPj8i6njB/3kVbYZOHGcFxku62 - ac8KQT8EdaQdTtwoQLhfGl3P++afg7kfvcm962PKYWDGcbXbbJxEf1YDuy2dY2/Z - u5rOyAIhRSOm68edMhy/0Bdq3NBmT5icptMawEBrJXW7tNOnbSLu6qtQqSX8w58u - 2ZnZouCSXMfLYKNuDWVuhe/WfCv9ZKr/Izcz1raBquo8yDt4qsxDPfix/QSqUxRc - kDR2hHk/Mfv+rg== - -----END CERTIFICATE----- - TLSKey: | - -----BEGIN RSA PRIVATE KEY----- - MIIEowIBAAKCAQEAqzW6MJdL8cNL11I4lZ+i2WtCPjpXigvyrl06YtdK+p8hIg3N - 1cr1esGj/Ug1DZGYUv+hdsLC9PU+FGSb8pL8s3d2Cxs+Nvr+Z4qyss6ko+1MCbb3 - 5zuHztmTAeLYs9k77fBtWnj0REKDz1WN8hK28Z58m8prPVGrdZNk33rbXp1JjaxK - E43TsQu/ilk8kaMQeDpTpzhSAx2fJ7cVRTFprKqNlsspw3+Y2QjuQzPLh7RFnhjd - ZOWvSfENW5iLPy/26xqsc7k+73DjQUC52WYytIH1CPwQP9W2ihbip7CbihR0eubM - nzq9qZYuWXaR4e3gwBjmYbS+CVaqbbMQvyMlZQIDAQABAoIBAC3cZ3JqpKIvERqt - YJDbwRCCRa1LjXVh+/Cu8lvVlbUKeSKZFgDlq9nlEttewy9OR8I7zXF1fCmHo8hs - psVUkDI2lr0k4AZ0Nz9fDL0O01VB1DNp+n/LF3bWGyXPMQMD9qSm2XP5oFzEgHBC - V5J3Zt/T90b38r/rJ4WIJOYkD60I/mQ2oB9I6QsUDSxeH9a/L1BEHvGcBtfbqWlA - b7BBRBjRCdtbV67pFpspSnWmIwDBF3GNbjjPyWiRCicLQeZ+Eysc4GbeT89A76xN - q76uPH/+vo5fafm86AURN59QA6/qaCvrlE02gt9FbFW/cN0Bs7y3OSl2e8/si6tz - n4Nwq8ECgYEA4F4oAitnCfAKhHr501qaJk4uj5YuzQktANjPp9Bo5x/FThF497gN - KvumUlq4Z3H7ivXk0WEYb5v2erXtgXoj6o/uAL+5FQyRBpUDa5FpeAi64e0Vzhtk - UUd5RXoC0eITdF8zaXHJsYTNv6jDA33Flqkk7bioTWi0VrTFlwp5mRUCgYEAw1kB - HmuV1LSqmwXf/6NIO2mmSBLNWC4JY/qAV9HlCxKhv9fXhl99m0lQRPs2TZIYrkCY - Q0entaYY+2EQn1HBm7sdGnoy5tOYb9Lg89zzP23MJDLAQ+eXRTyl25W3qQVnrRzx - o00EFX6QhySbuBditiu75wjN1Q2IY+jE81MozxECgYBU6s3xpEOnOzZ/1ZtgJtZY - 0RZGOe0UpPhnbaeKOBK8BwZB+dLyzrINJplYagWJAVbWzSIBLOJ2u2yaHOj7LCMT - z82gcu+1y7/H4fYdbDeiuosgnv61tyBMsuRvKzKOBSaf0LhAnFRd34mPlGvakmuK - DhJv9oecZJh8iIaQF+LV0QKBgFDDQHIqOqTZGNvEvwo6oIdns4aCt4Dob5t1GpC0 - R4SfbF4bR5DXc9+6nMQYNCg36ZpJPGo8errf894iEDQ+IdRXtL2YnejOvGwm/Df2 - Nl8X7tlcXh705ZaLb2rsaCUqBeYNXF2OXszgKbKl0Pd4O6hjRmlLO4YE9UmRF7Qd - wnZxAoGBAKN9LgEmOq3GTDbWvnKRDG8q1MjMOOLRuqryQWXF3KP/+oPB2XUrw7Eg - Sw9yBi8GZ6PseG1W5LnwT2vAeDaLRrAr8QrDmd+Aj+og7CVD82Gy/k8Uh0TyCUlF - DOY0q5Hu9iPlqk3ZQqGJKcms+97jD7JPGsPOH0+LcK9sEI6fJOna - -----END RSA PRIVATE KEY----- - CertManagerNS: cert-manager jumpHost: - image: quay.io/airshipit/jump-host nodePort: 30001 @@ -84,8 +33,14 @@ spec: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2 nodeSSHPrivateKeys: ssh-private-keys - loadBalancer: + loadBalancerControlPlane: - image: haproxy - nodePort: 30000 + nodePort: 30002 + nodeInterfaceId: oam-ipv4 + loadBalancerWorker: + - image: haproxy + nodePort: 30003 + nodePortRange: + start: 30003 + end: 30020 nodeInterfaceId: oam-ipv4 - diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml index 795d332a5..40ac201ca 100644 --- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml @@ -7,18 +7,17 @@ metadata: container: image: quay.io/airshipit/replacement-transformer:v2 replacements: - - source: - objref: - kind: VariableCatalogue - name: subcluster-networking - fieldref: "{.spec.wordpress.exposed_services[?(.name == 'auth')].nodePort}" - target: - objref: - kind: SIPCluster - name: wordpress - # NOTE: The SIPCluster CR accepts multiple infra service definitions, - # but we only deploy one instance of each. - fieldrefs: ["{.spec.services.auth[0].nodePort}"] + # TODO: Uncomment once subcluster Dex is implemented. + # - source: + # objref: + # kind: VariableCatalogue + # name: subcluster-networking + # fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}" + # target: + # objref: + # kind: HelmRelease + # name: dex-aio + # fieldrefs: ["{.values.params.endpoints.port.https}"] - source: objref: kind: VariableCatalogue @@ -31,20 +30,32 @@ replacements: # NOTE: The SIPCluster CR accepts multiple infra service definitions, # but we only deploy one instance of each. fieldrefs: ["{.spec.services.jumpHost[0].nodePort}"] - # NOTE: newer versions of SIP will have an additional load balancer for the - # worker nodes. - source: objref: kind: VariableCatalogue name: subcluster-networking - fieldref: "{.spec.wordpress.exposed_services[?(.name == 'loadBalancerControlPlane')].nodePort}" + fieldref: "{.spec.wordpress.exposed_services[?(.name == 'loadBalancerWorker')].nodePortRange}" target: objref: kind: SIPCluster name: wordpress # NOTE: The SIPCluster CR accepts multiple infra service definitions, # but we only deploy one instance of each. - fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"] + fieldrefs: ["{.spec.services.loadBalancerWorker[0].nodePortRange}"] + # TODO: The nodePort field is ignored, but still required. Remove this replacement rule once the + # field is removed, see https://github.com/airshipit/sip/issues/21. + - source: + objref: + kind: VariableCatalogue + name: subcluster-networking + fieldref: "{.spec.wordpress.exposed_services[?(.name == 'loadBalancerWorker')].nodePortRange.start}" + target: + objref: + kind: SIPCluster + name: wordpress + # NOTE: The SIPCluster CR accepts multiple infra service definitions, + # but we only deploy one instance of each. + fieldrefs: ["{.spec.services.loadBalancerWorker[0].nodePort}"] - source: objref: kind: VariableCatalogue @@ -54,4 +65,4 @@ replacements: objref: kind: HelmRelease name: dex-aio - fieldrefs: ["{.values.params.endpoints.port.https}"] \ No newline at end of file + fieldrefs: ["{.values.params.endpoints.port.https}"] diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml index 6e5d85241..0b3b0a6e5 100644 --- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml +++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml @@ -8,72 +8,21 @@ spec: nodes: ControlPlane: labelSelector: - vino.airshipit.org/flavor: control-plane - spreadTopology: PerRack + matchLabels: + vino.airshipit.org/flavor: control-plane + topologyKey: vino.airshipit.org/rack count: active: 1 standby: 1 Worker: labelSelector: - vino.airshipit.org/flavor: worker - spreadTopology: PerHost + matchLabels: + vino.airshipit.org/flavor: worker + topologyKey: vino.airshipit.org/host count: active: 2 standby: 1 # Slew for upgrades services: - auth: - - image: quay.io/dexidp/dex - nodeInterfaceId: oam-ipv4 - nodePort: 30556 - TLSCrt: | - -----BEGIN CERTIFICATE----- - MIIDBjCCAe6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwptaW5p - a3ViZUNBMB4XDTIxMDMxNzExNDYzMFoXDTMxMDMxNjExNDYzMFowFTETMBEGA1UE - AxMKbWluaWt1YmVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKs1 - ujCXS/HDS9dSOJWfotlrQj46V4oL8q5dOmLXSvqfISINzdXK9XrBo/1INQ2RmFL/ - oXbCwvT1PhRkm/KS/LN3dgsbPjb6/meKsrLOpKPtTAm29+c7h87ZkwHi2LPZO+3w - bVp49ERCg89VjfIStvGefJvKaz1Rq3WTZN96216dSY2sShON07ELv4pZPJGjEHg6 - U6c4UgMdnye3FUUxaayqjZbLKcN/mNkI7kMzy4e0RZ4Y3WTlr0nxDVuYiz8v9usa - rHO5Pu9w40FAudlmMrSB9Qj8ED/VtooW4qewm4oUdHrmzJ86vamWLll2keHt4MAY - 5mG0vglWqm2zEL8jJWUCAwEAAaNhMF8wDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQW - MBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW - BBQs35Wcd1nnNOP1YuzwousJxfATmDANBgkqhkiG9w0BAQsFAAOCAQEAbspb0RE5 - vOeObqLY7JEMlNvnxbnHceIpltZpnq5ZGbDHEBUEyBUnDnO7UZrxw2qmDgvpUPot - jNxgWzDcxb7kuli6Ehc1Nbtm8HKFf3xx5d1dTBuPj8i6njB/3kVbYZOHGcFxku62 - ac8KQT8EdaQdTtwoQLhfGl3P++afg7kfvcm962PKYWDGcbXbbJxEf1YDuy2dY2/Z - u5rOyAIhRSOm68edMhy/0Bdq3NBmT5icptMawEBrJXW7tNOnbSLu6qtQqSX8w58u - 2ZnZouCSXMfLYKNuDWVuhe/WfCv9ZKr/Izcz1raBquo8yDt4qsxDPfix/QSqUxRc - kDR2hHk/Mfv+rg== - -----END CERTIFICATE----- - TLSKey: | - -----BEGIN RSA PRIVATE KEY----- - MIIEowIBAAKCAQEAqzW6MJdL8cNL11I4lZ+i2WtCPjpXigvyrl06YtdK+p8hIg3N - 1cr1esGj/Ug1DZGYUv+hdsLC9PU+FGSb8pL8s3d2Cxs+Nvr+Z4qyss6ko+1MCbb3 - 5zuHztmTAeLYs9k77fBtWnj0REKDz1WN8hK28Z58m8prPVGrdZNk33rbXp1JjaxK - E43TsQu/ilk8kaMQeDpTpzhSAx2fJ7cVRTFprKqNlsspw3+Y2QjuQzPLh7RFnhjd - ZOWvSfENW5iLPy/26xqsc7k+73DjQUC52WYytIH1CPwQP9W2ihbip7CbihR0eubM - nzq9qZYuWXaR4e3gwBjmYbS+CVaqbbMQvyMlZQIDAQABAoIBAC3cZ3JqpKIvERqt - YJDbwRCCRa1LjXVh+/Cu8lvVlbUKeSKZFgDlq9nlEttewy9OR8I7zXF1fCmHo8hs - psVUkDI2lr0k4AZ0Nz9fDL0O01VB1DNp+n/LF3bWGyXPMQMD9qSm2XP5oFzEgHBC - V5J3Zt/T90b38r/rJ4WIJOYkD60I/mQ2oB9I6QsUDSxeH9a/L1BEHvGcBtfbqWlA - b7BBRBjRCdtbV67pFpspSnWmIwDBF3GNbjjPyWiRCicLQeZ+Eysc4GbeT89A76xN - q76uPH/+vo5fafm86AURN59QA6/qaCvrlE02gt9FbFW/cN0Bs7y3OSl2e8/si6tz - n4Nwq8ECgYEA4F4oAitnCfAKhHr501qaJk4uj5YuzQktANjPp9Bo5x/FThF497gN - KvumUlq4Z3H7ivXk0WEYb5v2erXtgXoj6o/uAL+5FQyRBpUDa5FpeAi64e0Vzhtk - UUd5RXoC0eITdF8zaXHJsYTNv6jDA33Flqkk7bioTWi0VrTFlwp5mRUCgYEAw1kB - HmuV1LSqmwXf/6NIO2mmSBLNWC4JY/qAV9HlCxKhv9fXhl99m0lQRPs2TZIYrkCY - Q0entaYY+2EQn1HBm7sdGnoy5tOYb9Lg89zzP23MJDLAQ+eXRTyl25W3qQVnrRzx - o00EFX6QhySbuBditiu75wjN1Q2IY+jE81MozxECgYBU6s3xpEOnOzZ/1ZtgJtZY - 0RZGOe0UpPhnbaeKOBK8BwZB+dLyzrINJplYagWJAVbWzSIBLOJ2u2yaHOj7LCMT - z82gcu+1y7/H4fYdbDeiuosgnv61tyBMsuRvKzKOBSaf0LhAnFRd34mPlGvakmuK - DhJv9oecZJh8iIaQF+LV0QKBgFDDQHIqOqTZGNvEvwo6oIdns4aCt4Dob5t1GpC0 - R4SfbF4bR5DXc9+6nMQYNCg36ZpJPGo8errf894iEDQ+IdRXtL2YnejOvGwm/Df2 - Nl8X7tlcXh705ZaLb2rsaCUqBeYNXF2OXszgKbKl0Pd4O6hjRmlLO4YE9UmRF7Qd - wnZxAoGBAKN9LgEmOq3GTDbWvnKRDG8q1MjMOOLRuqryQWXF3KP/+oPB2XUrw7Eg - Sw9yBi8GZ6PseG1W5LnwT2vAeDaLRrAr8QrDmd+Aj+og7CVD82Gy/k8Uh0TyCUlF - DOY0q5Hu9iPlqk3ZQqGJKcms+97jD7JPGsPOH0+LcK9sEI6fJOna - -----END RSA PRIVATE KEY----- - CertManagerNS: cert-manager jumpHost: - image: quay.io/airshipit/jump-host nodePort: 30001 @@ -84,8 +33,14 @@ spec: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2 nodeSSHPrivateKeys: ssh-private-keys - loadBalancer: + loadBalancerControlPlane: - image: haproxy - nodePort: 30000 + nodePort: 30002 + nodeInterfaceId: oam-ipv4 + loadBalancerWorker: + - image: haproxy + nodePort: 30003 + nodePortRange: + start: 30003 + end: 30020 nodeInterfaceId: oam-ipv4 -