af84cc8c4e
Airshipctl reference commits:
=> https://review.opendev.org/c/airship/airshipctl/+/792060
Update metadata.yaml to kubernetes style
=> https://review.opendev.org/c/airship/airshipctl/+/793502
Move CAPI resources to target-infra namespace
=> https://review.opendev.org/c/airship/airshipctl/+/789398
Embed validation cfg into phase and plan definition
=> https://review.opendev.org/c/airship/airshipctl/+/794701
Enable static validation for all available plans per site
=> https://review.opendev.org/c/airship/airshipctl/+/796574
Decouple secret from other replacements in workers-capm3
=> https://review.opendev.org/c/airship/airshipctl/+/795167
Added replacements for composite/infra
Change-Id: I2c107b3d2b94acda540b09792640dbafd55b23eb
DEX-AIO function
The DEX-AIO function implements the Dex Authentication service. It contains the HelmRelease manifest for dex-aio, which contains the LDAP connector customization as well as certificates to be used.
The certificate (Secret) used by dex-aio will be generated by the cert-manager, which will be signed by CA that is generated in the Ephemeral cluster and copied to the Target cluster during the airshipctl phase run clusterctl-move operation.
Before you can deploy this helm release, you will need to update the following:
ldap:
bind_password: "your LDAP bind password"
config:
host: "your LDAP FQDN"
bind_dn: "your LDAP bind username"
Also, in the same helm release you will need to update the search criteria for the user and group based on your LDAP schema. See the attributes under spec.values.ldap to update below:
user_search:
base_dn: dc=testservices,dc=test,dc=com
filter: "(objectClass=person)"
username: cn
idAttr: cn
emailAttr: name
nameAttr: name
group_search:
base_dn: ou=groups,dc=testservices,dc=test,dc=com
filter: "(objectClass=group)"
userMatchers:
userAttr: name
groupAttr: member
nameAttr: name