ab0d3f097c
- This patchset installs ClusterIssuer that references the selfsigned certificates generated via Issuer in config/samples - Passing in the generated secret from Issuer in SIP CR so that it can be consumed by ClusterIssuer - Changes made in overall structure of config/samples since Issuer and Secret required for dex needs to be in cert-manager namespace - Changes made in install-k8s.sh since minikube installation needs that apiserver-names param for dex endpoint to work - Changes made in deploy-sip.sh for installation of Cert-Manager since we need to enable it temporarily for gates - Added TODO for Auth related Test cases, for more details https://github.com/airshipit/sip/issues/14 Note: This patchset doesn't install Dex but the pre-req for Dex Change-Id: If1962ead2a38dd0082a5e8978e5869f5c06aa757
63 lines
2.9 KiB
YAML
63 lines
2.9 KiB
YAML
apiVersion: airship.airshipit.org/v1
|
|
kind: SIPCluster
|
|
metadata:
|
|
name: sipcluster-system
|
|
namespace: sipcluster-system
|
|
finalizers:
|
|
- sip.airship.airshipit.org/finalizer
|
|
spec:
|
|
nodes:
|
|
ControlPlane:
|
|
labelSelector:
|
|
vino.airshipit.org/flavor: control-plane
|
|
topologyKey: vino.airshipit.org/rack
|
|
count:
|
|
active: 1
|
|
standby: 1
|
|
Worker:
|
|
labelSelector:
|
|
vino.airshipit.org/flavor: worker
|
|
topologyKey: vino.airshipit.org/host
|
|
count:
|
|
active: 1
|
|
standby: 1 # Slew for upgrades
|
|
services:
|
|
auth:
|
|
- image: quay.io/dexidp/dex:v2.20.0
|
|
nodeInterfaceId: oam-ipv4
|
|
nodePort: 30556
|
|
caSecret: dex-ca-key-pair
|
|
jumpHost:
|
|
- image: quay.io/airshipit/jump-host:latest
|
|
# NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os: linux
|
|
nodePort: 30000
|
|
nodeInterfaceId: oam-ipv4
|
|
# NOTE: clusterIP has not yet been implemented.
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|
|
bmc:
|
|
proxy: false
|
|
sshAuthorizedKeys:
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2
|
|
nodeSSHPrivateKeys: ssh-private-keys
|
|
loadBalancerControlPlane:
|
|
- image: haproxy:2.3.2
|
|
# NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os
|
|
nodePort: 30001
|
|
nodeInterfaceId: oam-ipv4
|
|
# NOTE: clusterIP has not yet been implemented.
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|
|
loadBalancerWorker:
|
|
- image: haproxy:2.3.2
|
|
# NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os
|
|
nodePort: 30002
|
|
nodeInterfaceId: oam-ipv4
|
|
# NOTE: clusterIP has not yet been implemented.
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|