From 88d18fa126b45f0603575f9b9bc44ca1b587b80a Mon Sep 17 00:00:00 2001
From: sa069q <sa069q@att.com>
Date: Mon, 10 May 2021 16:57:17 +0530
Subject: [PATCH] Dex deployment for subclusters using existing dex HelmRelease
 in treasuremap

Note:
1. As per the latest conclusion, Dex and SIPCluster would be deployed on same namespace, hence dex function added to same Kustomization file

2. As a part of Issue# 136 for catalogue, there would be another patchset to make nodeport flexible

Change-Id: I53b2bb33278dd229450c305ad2e15476d8796073
---
 manifests/function/dex-aio/dex-helmrelease.yaml        |  2 +-
 .../k8scontrol-ha/oidc-apiserver-flags_patch.json      |  2 +-
 .../sub-clusters/lma/provide-infra/kustomization.yaml  |  2 ++
 .../lma/provide-infra/replacements/kustomization.yaml  |  2 +-
 .../lma/provide-infra/replacements/networking.yaml     | 10 ++++++++++
 .../sub-clusters/lma/provide-infra/sipcluster.yaml     |  1 -
 .../wordpress/provide-infra/kustomization.yaml         |  2 ++
 .../provide-infra/replacements/kustomization.yaml      |  2 +-
 .../provide-infra/replacements/networking.yaml         | 10 ++++++++++
 .../wordpress/provide-infra/sipcluster.yaml            |  1 -
 10 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/manifests/function/dex-aio/dex-helmrelease.yaml b/manifests/function/dex-aio/dex-helmrelease.yaml
index 8bd2883ee..e115a06dd 100644
--- a/manifests/function/dex-aio/dex-helmrelease.yaml
+++ b/manifests/function/dex-aio/dex-helmrelease.yaml
@@ -36,7 +36,7 @@ spec:
       endpoints:
         hostname: dex.function.local
         port:
-          https: 32556
+          https: 30556
           http: 32554
           k8s: 6443
         tls:
diff --git a/manifests/function/k8scontrol-ha/oidc-apiserver-flags_patch.json b/manifests/function/k8scontrol-ha/oidc-apiserver-flags_patch.json
index c55412eeb..b7c253552 100644
--- a/manifests/function/k8scontrol-ha/oidc-apiserver-flags_patch.json
+++ b/manifests/function/k8scontrol-ha/oidc-apiserver-flags_patch.json
@@ -8,7 +8,7 @@
           "oidc-ca-file": "/etc/kubernetes/certs/dex-cert",
           "oidc-client-id": "function-kubernetes",
           "oidc-groups-claim": "group",
-          "oidc-issuer-url": "https://dex.function.local:32556/dex",
+          "oidc-issuer-url": "https://dex.function.local:30556/dex",
           "oidc-username-claim": "email"
         },
         "extraVolumes":
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
index 01dee6264..78739aa03 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml
@@ -1,2 +1,4 @@
 resources:
+  - ../../../../../function/dex-aio
   - sipcluster.yaml
+namespace: lma-infra
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
index 6ed76bd38..ee723aad8 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml
@@ -1,3 +1,3 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml
index 226df7e1d..9693f1d2b 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/networking.yaml
@@ -45,3 +45,13 @@ replacements:
       # NOTE: The SIPCluster CR accepts multiple infra service definitions,
       # but we only deploy one instance of each.
       fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"]
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.lma.exposed_services[?(.name == 'auth')].nodePort}"
+    target:
+      objref:
+        kind: HelmRelease
+        name: dex-aio
+      fieldrefs: ["{.values.params.endpoints.port.https}"]
diff --git a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml
index 72203fac8..db45cf0ff 100644
--- a/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/lma/provide-infra/sipcluster.yaml
@@ -2,7 +2,6 @@ apiVersion: airship.airshipit.org/v1
 kind: SIPCluster
 metadata:
   name: lma
-  namespace: sipcluster-system
   finalizers:
     - sip.airship.airshipit.org/finalizer
 spec:
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
index 01dee6264..d269f54aa 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml
@@ -1,2 +1,4 @@
 resources:
+  - ../../../../../function/dex-aio
   - sipcluster.yaml
+namespace: wordpress-infra
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
index 6ed76bd38..ee723aad8 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml
@@ -1,3 +1,3 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml
index 335bad55b..795d332a5 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/networking.yaml
@@ -45,3 +45,13 @@ replacements:
       # NOTE: The SIPCluster CR accepts multiple infra service definitions,
       # but we only deploy one instance of each.
       fieldrefs: ["{.spec.services.loadBalancer[0].nodePort}"]
+  - source:
+      objref:
+        kind: VariableCatalogue
+        name: subcluster-networking
+      fieldref: "{.spec.wordpress.exposed_services[?(.name == 'auth')].nodePort}"
+    target:
+      objref:
+        kind: HelmRelease
+        name: dex-aio
+      fieldrefs: ["{.values.params.endpoints.port.https}"]
\ No newline at end of file
diff --git a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml
index a63721a2c..6e5d85241 100644
--- a/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml
+++ b/manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/sipcluster.yaml
@@ -2,7 +2,6 @@ apiVersion: airship.airshipit.org/v1
 kind: SIPCluster
 metadata:
   name: wordpress
-  namespace: sipcluster-system
   finalizers:
     - sip.airship.airshipit.org/finalizer
 spec: