Add BMH credentials support
With this change there will be only one supported credential per VINO CR. Since the CR is mounted inside the sushy tools container, sushy startup script can access these credentials and set up authentication. This approach allows to get basic functionality working, in the future, we would probably want to hide these credentials in a secret so they can't be seen in plain text from VINO CR. Change-Id: I4aa2fb1ee1f5633b889acfa901283f5fa51ad2c1
This commit is contained in:
parent
fc0e10f285
commit
eda3300093
@ -36,6 +36,19 @@ spec:
|
||||
spec:
|
||||
description: VinoSpec defines the desired state of Vino
|
||||
properties:
|
||||
bmcCredentials:
|
||||
description: BMCCredentials contain credentials that will be used to
|
||||
create BMH nodes sushy tools will use these credentials as well, to
|
||||
set up authentication
|
||||
properties:
|
||||
password:
|
||||
type: string
|
||||
username:
|
||||
type: string
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
configuration:
|
||||
description: Define CPU configuration
|
||||
properties:
|
||||
@ -182,6 +195,7 @@ spec:
|
||||
a bridge for VMs
|
||||
type: string
|
||||
required:
|
||||
- bmcCredentials
|
||||
- vmBridge
|
||||
type: object
|
||||
status:
|
||||
|
@ -34,4 +34,7 @@ spec:
|
||||
networkDataTemplate:
|
||||
name: "test-template"
|
||||
namespace: "default"
|
||||
bmcCredentials:
|
||||
username: "admin"
|
||||
password: "passw0rd"
|
||||
|
||||
|
@ -9,6 +9,48 @@
|
||||
<p>Package v1 contains API Schema definitions for the airship v1 API group</p>
|
||||
Resource Types:
|
||||
<ul class="simple"></ul>
|
||||
<h3 id="airship.airshipit.org/v1.BMCCredentials">BMCCredentials
|
||||
</h3>
|
||||
<p>
|
||||
(<em>Appears on:</em>
|
||||
<a href="#airship.airshipit.org/v1.VinoSpec">VinoSpec</a>)
|
||||
</p>
|
||||
<p>BMCCredentials contain credentials that will be used to create BMH nodes
|
||||
sushy tools will use these credentials as well, to set up authentication</p>
|
||||
<div class="md-typeset__scrollwrap">
|
||||
<div class="md-typeset__table">
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Field</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<code>username</code><br>
|
||||
<em>
|
||||
string
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>password</code><br>
|
||||
<em>
|
||||
string
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<h3 id="airship.airshipit.org/v1.CPUConfiguration">CPUConfiguration
|
||||
</h3>
|
||||
<p>
|
||||
@ -934,6 +976,20 @@ string
|
||||
<p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>bmcCredentials</code><br>
|
||||
<em>
|
||||
<a href="#airship.airshipit.org/v1.BMCCredentials">
|
||||
BMCCredentials
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<p>BMCCredentials contain credentials that will be used to create BMH nodes
|
||||
sushy tools will use these credentials as well, to set up authentication</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
@ -1046,6 +1102,20 @@ string
|
||||
<p>VMBridge defines the single interface name to be used as a bridge for VMs</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>bmcCredentials</code><br>
|
||||
<em>
|
||||
<a href="#airship.airshipit.org/v1.BMCCredentials">
|
||||
BMCCredentials
|
||||
</a>
|
||||
</em>
|
||||
</td>
|
||||
<td>
|
||||
<p>BMCCredentials contain credentials that will be used to create BMH nodes
|
||||
sushy tools will use these credentials as well, to set up authentication</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
@ -49,6 +49,16 @@ type VinoSpec struct {
|
||||
DaemonSetOptions DaemonSetOptions `json:"daemonSetOptions,omitempty"`
|
||||
// VMBridge defines the single interface name to be used as a bridge for VMs
|
||||
VMBridge string `json:"vmBridge"`
|
||||
// BMCCredentials contain credentials that will be used to create BMH nodes
|
||||
// sushy tools will use these credentials as well, to set up authentication
|
||||
BMCCredentials BMCCredentials `json:"bmcCredentials"`
|
||||
}
|
||||
|
||||
// BMCCredentials contain credentials that will be used to create BMH nodes
|
||||
// sushy tools will use these credentials as well, to set up authentication
|
||||
type BMCCredentials struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
// NodeSelector identifies nodes to create VMs on
|
||||
|
@ -25,6 +25,21 @@ import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *BMCCredentials) DeepCopyInto(out *BMCCredentials) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BMCCredentials.
|
||||
func (in *BMCCredentials) DeepCopy() *BMCCredentials {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(BMCCredentials)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CPUConfiguration) DeepCopyInto(out *CPUConfiguration) {
|
||||
*out = *in
|
||||
@ -445,6 +460,7 @@ func (in *VinoSpec) DeepCopyInto(out *VinoSpec) {
|
||||
}
|
||||
}
|
||||
out.DaemonSetOptions = in.DaemonSetOptions
|
||||
out.BMCCredentials = in.BMCCredentials
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VinoSpec.
|
||||
|
@ -182,8 +182,27 @@ func (r *VinoReconciler) getBMCAddress(
|
||||
|
||||
// reconcileBMHCredentials returns secret name with credentials and error
|
||||
func (r *VinoReconciler) reconcileBMHCredentials(ctx context.Context, vino *vinov1.Vino) (string, error) {
|
||||
// TODO implement this
|
||||
return "credentials", nil
|
||||
ns := getRuntimeNamespace()
|
||||
// coresponds to DS name, since we have only one DS per vino CR
|
||||
credentialSecretName := fmt.Sprintf("%s-%s", r.getDaemonSetName(vino), "credentials")
|
||||
netSecret := &corev1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: credentialSecretName,
|
||||
Namespace: ns,
|
||||
},
|
||||
StringData: map[string]string{
|
||||
"username": vino.Spec.BMCCredentials.Username,
|
||||
"password": vino.Spec.BMCCredentials.Password,
|
||||
},
|
||||
Type: corev1.SecretTypeOpaque,
|
||||
}
|
||||
|
||||
objKey := client.ObjectKeyFromObject(netSecret)
|
||||
|
||||
if err := applyRuntimeObject(ctx, objKey, netSecret, r.Client); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return credentialSecretName, nil
|
||||
}
|
||||
|
||||
func (r *VinoReconciler) reconcileBMHNetworkData(
|
||||
|
@ -51,3 +51,4 @@ bmhCount=$(kubectl get baremetalhosts -n vino-system -o name | wc -l)
|
||||
[[ "$bmhCount" -eq "3" ]]
|
||||
|
||||
kubectl get secret -o yaml -n vino-system default-vino-test-cr-worker
|
||||
kubectl get secret -o yaml -n vino-system default-vino-test-cr-credentials
|
||||
|
Loading…
x
Reference in New Issue
Block a user