Merge "Configure ssh from jump host to VMs"

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/kustomization.yaml

@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: lma-infra

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
+  - secrets.yaml

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/replacements/secrets.yaml

@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: lma-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: lma-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"

manifests/type/multi-tenant/sub-clusters/lma/provide-infra/ssh-private-keys-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/kustomization.yaml

@@ -1,5 +1,6 @@
 resources:
-    #  - ../../../../../function/dex-aio
+  #  - ../../../../../function/dex-aio
+  - ssh-private-keys-secret.yaml
   - sipcluster.yaml
   - namespace.yaml
 namespace: wordpress-infra

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/kustomization.yaml

@@ -1,3 +1,4 @@
 resources:
   - networking.yaml
-  - versions.yaml
+  - versions.yaml
+  - secrets.yaml

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/replacements/secrets.yaml

@@ -0,0 +1,22 @@
+# These rules inject env vars into the k8scontrol function.
+apiVersion: airshipit.org/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: wordpress-provide-infra-secrets-replacements
+  annotations:
+    config.kubernetes.io/function: |-
+      container:
+        image: localhost/replacement-transformer
+replacements:
+- source:
+    objref:
+      kind: VariableCatalogue
+      name: generated-secrets
+    fieldref: "{.sshKeys.privateKey}"
+  target:
+    objref:
+      kind: Secret
+      namespace: wordpress-infra
+      name: ssh-private-keys
+    fieldrefs:
+      - "data.ssh-privatekey%REPLACEMENT_SSH_PRIVATEKEY%"

manifests/type/multi-tenant/sub-clusters/wordpress/provide-infra/ssh-private-keys-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ssh-private-keys
+type: kubernetes.io/ssh-auth
+data:
+  ssh-privatekey: REPLACEMENT_SSH_PRIVATEKEY
+

manifests/type/multi-tenant/sub-clusters/wordpress/workers/replacements/kustomization.yaml

@@ -1,2 +1,3 @@
 resources:
   - ../../../../../sub-cluster/workers/replacements
+