From 87a82989b6aaee75028b510e28c2a6cff415da8e Mon Sep 17 00:00:00 2001 From: Sreejith Punnapuzha Date: Thu, 8 Apr 2021 22:26:16 -0500 Subject: [PATCH] Create secret with ssh-key for hostconfig-operator This commit adds secret creation to hostconfig-operator. Signed-off-by: Sreejith Punnapuzha Change-Id: I8a92a07e1aaf653708b6e4d9fa8e300ebb3a9468 --- .../hostconfig-operator/kustomization.yaml | 1 + .../replacements/kustomization.yaml | 4 ++++ .../replacements/ssh-key-replacement.yaml | 21 +++++++++++++++++++ .../function/hostconfig-operator/ssh-key.yaml | 9 ++++++++ .../target/initinfra/kustomization.yaml | 1 + .../31_deploy_initinfra_target_node.sh | 21 +++++++++++++++++++ tools/deployment/34_deploy_worker_node.sh | 20 ++++++++++++++++++ 7 files changed, 77 insertions(+) create mode 100644 manifests/function/hostconfig-operator/replacements/kustomization.yaml create mode 100644 manifests/function/hostconfig-operator/replacements/ssh-key-replacement.yaml create mode 100644 manifests/function/hostconfig-operator/ssh-key.yaml diff --git a/manifests/function/hostconfig-operator/kustomization.yaml b/manifests/function/hostconfig-operator/kustomization.yaml index 56e20c48f..86f2903a6 100644 --- a/manifests/function/hostconfig-operator/kustomization.yaml +++ b/manifests/function/hostconfig-operator/kustomization.yaml @@ -5,3 +5,4 @@ resources: - hostconfig.airshipit.org_hostconfigs_crd.yaml - rbac - deployment.yaml + - ssh-key.yaml diff --git a/manifests/function/hostconfig-operator/replacements/kustomization.yaml b/manifests/function/hostconfig-operator/replacements/kustomization.yaml new file mode 100644 index 000000000..bb1a72699 --- /dev/null +++ b/manifests/function/hostconfig-operator/replacements/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ssh-key-replacement.yaml diff --git a/manifests/function/hostconfig-operator/replacements/ssh-key-replacement.yaml b/manifests/function/hostconfig-operator/replacements/ssh-key-replacement.yaml new file mode 100644 index 000000000..8626c6861 --- /dev/null +++ b/manifests/function/hostconfig-operator/replacements/ssh-key-replacement.yaml @@ -0,0 +1,21 @@ +# These rules inject env vars into the k8scontrol function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: hco-generated-ssh-key-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:v2.0.2 +replacements: +- source: + objref: + kind: VariableCatalogue + name: generated-secrets + fieldref: "{.sshKeys.privateKey}" + target: + objref: + kind: Secret + name: hco-ssh-auth + fieldrefs: + - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%" diff --git a/manifests/function/hostconfig-operator/ssh-key.yaml b/manifests/function/hostconfig-operator/ssh-key.yaml new file mode 100644 index 000000000..730444857 --- /dev/null +++ b/manifests/function/hostconfig-operator/ssh-key.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hco-ssh-auth +type: kubernetes.io/ssh-auth +data: + ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY + username: ZGVwbG95ZXIK + diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml index 5669403d8..eefc27230 100644 --- a/manifests/site/test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/test-site/target/initinfra/kustomization.yaml @@ -3,5 +3,6 @@ resources: - ../catalogues transformers: - ../../../../type/airship-core/target/initinfra/replacements + - ../../../../function/hostconfig-operator/replacements - ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements - ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements diff --git a/tools/deployment/31_deploy_initinfra_target_node.sh b/tools/deployment/31_deploy_initinfra_target_node.sh index fd8ce475b..c0280fa0e 100755 --- a/tools/deployment/31_deploy_initinfra_target_node.sh +++ b/tools/deployment/31_deploy_initinfra_target_node.sh @@ -34,3 +34,24 @@ kubectl \ ./tools/deployment/31_deploy_initinfra_target_node.sh +hosts=$(`kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s get nodes -o name`) + +# Annotate node for hostconfig-operator +for i in "${!hosts[@]}" +do + kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth + kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s label ${hosts[i]} node-type=controlplane + kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s label ${hosts[i]} kubernetes.io/role=master +done diff --git a/tools/deployment/34_deploy_worker_node.sh b/tools/deployment/34_deploy_worker_node.sh index 3e71e1810..b93bb883f 100755 --- a/tools/deployment/34_deploy_worker_node.sh +++ b/tools/deployment/34_deploy_worker_node.sh @@ -14,6 +14,8 @@ set -ex +export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"} +export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-cluster"} : ${AIRSHIPCTL_PROJECT:="../airshipctl"} export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \ @@ -23,3 +25,21 @@ export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \ cd ${AIRSHIPCTL_PROJECT} ./tools/deployment/34_deploy_worker_node.sh + +hosts=$(`kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s get nodes -o name`) + +# Annotate node for hostconfig-operator +for i in "${!hosts[@]}" +do + kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth + kubectl \ + --kubeconfig $KUBECONFIG \ + --context $KUBECONFIG_TARGET_CONTEXT \ + --request-timeout 10s label ${hosts[i]} kubernetes.io/role=master +done