Create secret with ssh-key for hostconfig-operator
This commit adds secret creation to hostconfig-operator. Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com> Change-Id: I8a92a07e1aaf653708b6e4d9fa8e300ebb3a9468
This commit is contained in:
parent
5ab8941ba8
commit
87a82989b6
|
@ -5,3 +5,4 @@ resources:
|
||||||
- hostconfig.airshipit.org_hostconfigs_crd.yaml
|
- hostconfig.airshipit.org_hostconfigs_crd.yaml
|
||||||
- rbac
|
- rbac
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
|
- ssh-key.yaml
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ssh-key-replacement.yaml
|
|
@ -0,0 +1,21 @@
|
||||||
|
# These rules inject env vars into the k8scontrol function.
|
||||||
|
apiVersion: airshipit.org/v1alpha1
|
||||||
|
kind: ReplacementTransformer
|
||||||
|
metadata:
|
||||||
|
name: hco-generated-ssh-key-replacements
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |-
|
||||||
|
container:
|
||||||
|
image: quay.io/airshipit/replacement-transformer:v2.0.2
|
||||||
|
replacements:
|
||||||
|
- source:
|
||||||
|
objref:
|
||||||
|
kind: VariableCatalogue
|
||||||
|
name: generated-secrets
|
||||||
|
fieldref: "{.sshKeys.privateKey}"
|
||||||
|
target:
|
||||||
|
objref:
|
||||||
|
kind: Secret
|
||||||
|
name: hco-ssh-auth
|
||||||
|
fieldrefs:
|
||||||
|
- "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"
|
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: hco-ssh-auth
|
||||||
|
type: kubernetes.io/ssh-auth
|
||||||
|
data:
|
||||||
|
ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
|
||||||
|
username: ZGVwbG95ZXIK
|
||||||
|
|
|
@ -3,5 +3,6 @@ resources:
|
||||||
- ../catalogues
|
- ../catalogues
|
||||||
transformers:
|
transformers:
|
||||||
- ../../../../type/airship-core/target/initinfra/replacements
|
- ../../../../type/airship-core/target/initinfra/replacements
|
||||||
|
- ../../../../function/hostconfig-operator/replacements
|
||||||
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
|
- ../../../../../../airshipctl/manifests/function/flux/source-controller/replacements
|
||||||
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
|
- ../../../../../../airshipctl/manifests/function/flux/helm-controller/replacements
|
||||||
|
|
|
@ -34,3 +34,24 @@ kubectl \
|
||||||
|
|
||||||
./tools/deployment/31_deploy_initinfra_target_node.sh
|
./tools/deployment/31_deploy_initinfra_target_node.sh
|
||||||
|
|
||||||
|
hosts=$(`kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s get nodes -o name`)
|
||||||
|
|
||||||
|
# Annotate node for hostconfig-operator
|
||||||
|
for i in "${!hosts[@]}"
|
||||||
|
do
|
||||||
|
kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth
|
||||||
|
kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s label ${hosts[i]} node-type=controlplane
|
||||||
|
kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s label ${hosts[i]} kubernetes.io/role=master
|
||||||
|
done
|
||||||
|
|
|
@ -14,6 +14,8 @@
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
|
export KUBECONFIG=${KUBECONFIG:-"$HOME/.airship/kubeconfig"}
|
||||||
|
export KUBECONFIG_TARGET_CONTEXT=${KUBECONFIG_TARGET_CONTEXT:-"target-cluster"}
|
||||||
: ${AIRSHIPCTL_PROJECT:="../airshipctl"}
|
: ${AIRSHIPCTL_PROJECT:="../airshipctl"}
|
||||||
|
|
||||||
export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \
|
export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \
|
||||||
|
@ -23,3 +25,21 @@ export WORKER_NODE=${WORKER_NODE:-"$(airshipctl phase render workers-target \
|
||||||
|
|
||||||
cd ${AIRSHIPCTL_PROJECT}
|
cd ${AIRSHIPCTL_PROJECT}
|
||||||
./tools/deployment/34_deploy_worker_node.sh
|
./tools/deployment/34_deploy_worker_node.sh
|
||||||
|
|
||||||
|
hosts=$(`kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s get nodes -o name`)
|
||||||
|
|
||||||
|
# Annotate node for hostconfig-operator
|
||||||
|
for i in "${!hosts[@]}"
|
||||||
|
do
|
||||||
|
kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s annotate ${hosts[i]} secret=hco-ssh-auth
|
||||||
|
kubectl \
|
||||||
|
--kubeconfig $KUBECONFIG \
|
||||||
|
--context $KUBECONFIG_TARGET_CONTEXT \
|
||||||
|
--request-timeout 10s label ${hosts[i]} kubernetes.io/role=master
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue