Feature 11057: Cluster management in Openshift-based infrastructures
Change-Id: I8bdb1efb3ad1e9c8da688f334b3dcf7f49ad047c
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/00-default-install-options.rc b/installers/00-default-install-options.rc
index fa1fb0a..9afcf70 100644
--- a/installers/00-default-install-options.rc
+++ b/installers/00-default-install-options.rc
@@ -44,3 +44,6 @@
export KUBECONFIG_MGMT_CLUSTER=
export KUBECONFIG_OSM_CLUSTER=
export OSM_BEHIND_PROXY=
+export OPENSHIFT_MGMT_CLUSTER=
+export MGMT_CLUSTER_CA_FILE=
+export OSM_K8S_NGINX_IPADDRESS=
\ No newline at end of file
diff --git a/installers/01-export-osm-install-options.sh b/installers/01-export-osm-install-options.sh
index 963c924..2aca744 100755
--- a/installers/01-export-osm-install-options.sh
+++ b/installers/01-export-osm-install-options.sh
@@ -60,6 +60,9 @@
export KUBECONFIG_MGMT_CLUSTER=${KUBECONFIG_MGMT_CLUSTER}
export KUBECONFIG_OSM_CLUSTER=${KUBECONFIG_OSM_CLUSTER}
export OSM_BEHIND_PROXY=${OSM_BEHIND_PROXY}
+export OPENSHIFT_MGMT_CLUSTER=${OPENSHIFT_MGMT_CLUSTER}
+export MGMT_CLUSTER_CA_FILE=${MGMT_CLUSTER_CA_FILE}
+export OSM_K8S_NGINX_IPADDRESS=${OSM_K8S_NGINX_IPADDRESS}
EOF
cat "${OSM_HOME_DIR}/user-install-options.rc"
diff --git a/installers/40-deploy-osm.sh b/installers/40-deploy-osm.sh
index 8e1d1ea..34d7d06 100755
--- a/installers/40-deploy-osm.sh
+++ b/installers/40-deploy-osm.sh
@@ -26,7 +26,6 @@
source "${CREDENTIALS_DIR}/git_environment.rc"
OSM_HELM_WORK_DIR="/etc/osm/helm"
-OSM_K8S_EXTERNAL_IP=${OSM_K8S_EXTERNAL_IP:-""}
KUBECONFIG_AUX_CLUSTER_FILE="${OSM_HOME_DIR}/clusters/kubeconfig-aux-svc.yaml"
KUBECONFIG_MGMT_CLUSTER_FILE="${OSM_HOME_DIR}/clusters/kubeconfig-mgmt.yaml"
[ "${HERE}" == "/usr/share/osm-devops/installers" ] || OSM_HELM_UPDATE_DEPENDENCIES="y"
@@ -41,19 +40,30 @@
fi
export KUBECONFIG="${OSM_HOME_DIR}/clusters/kubeconfig-osm.yaml"
+if [ -z "${OSM_K8S_NGINX_IPADDRESS}" ]; then
+ echo "OSM_K8S_NGINX_IPADDRESS is not set, will try to get it from the cluster"
+ OSM_K8S_NGINX_IPADDRESS=$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null)
+fi
+echo "Using OSM_K8S_NGINX_IPADDRESS=${OSM_K8S_NGINX_IPADDRESS}"
# Create folder to store helm values
sudo mkdir -p ${OSM_HELM_WORK_DIR}
# Saving secrets
echo "Creating namespace ${OSM_NAMESPACE}"
-kubectl create ns ${OSM_NAMESPACE}
+kubectl get ns "${OSM_NAMESPACE}" >/dev/null 2>&1 || kubectl create ns "${OSM_NAMESPACE}"
echo "Saving age keys in OSM cluster"
+kubectl -n ${OSM_NAMESPACE} get secret mgmt-cluster-age-keys >/dev/null 2>&1 || \
kubectl -n ${OSM_NAMESPACE} create secret generic mgmt-cluster-age-keys --from-file=privkey="${CREDENTIALS_DIR}/age.mgmt.key" --from-file=pubkey="${CREDENTIALS_DIR}/age.mgmt.pub"
echo "Creating secrets with kubeconfig files"
-kubectl -n ${OSM_NAMESPACE} create secret generic auxcluster-secret --from-file=kubeconfig="${KUBECONFIG_AUX_CLUSTER_FILE}"
-kubectl -n ${OSM_NAMESPACE} create secret generic mgmtcluster-secret --from-file=kubeconfig="${KUBECONFIG_MGMT_CLUSTER_FILE}"
-
+if [ -f "${KUBECONFIG_AUX_CLUSTER_FILE}" ]; then
+ kubectl -n ${OSM_NAMESPACE} get secret auxcluster-secret >/dev/null 2>&1 || \
+ kubectl -n ${OSM_NAMESPACE} create secret generic auxcluster-secret --from-file=kubeconfig="${KUBECONFIG_AUX_CLUSTER_FILE}"
+fi
+if [ -f "${KUBECONFIG_MGMT_CLUSTER_FILE}" ]; then
+ kubectl -n ${OSM_NAMESPACE} get secret mgmtcluster-secret >/dev/null 2>&1 || \
+ kubectl -n ${OSM_NAMESPACE} create secret generic mgmtcluster-secret --from-file=kubeconfig="${KUBECONFIG_MGMT_CLUSTER_FILE}"
+fi
# Update helm dependencies
[ -n "${OSM_HELM_UPDATE_DEPENDENCIES}" ] && \
echo "Updating helm dependencies" && \
@@ -69,10 +79,11 @@
[ ! "$OSM_DOCKER_TAG" == "testing-daily" ] && OSM_HELM_OPTS="${OSM_HELM_OPTS} --set-string global.image.tag=${OSM_DOCKER_TAG}"
[ ! "$OSM_DOCKER_TAG" == "testing-daily" ] && OSM_HELM_OPTS="${OSM_HELM_OPTS} --set prometheus.server.sidecarContainers.prometheus-config-sidecar.image=${DOCKER_REGISTRY_URL}${DOCKER_USER}/prometheus:${OSM_DOCKER_TAG}"
-OSM_HELM_OPTS="${OSM_HELM_OPTS} --set global.hostname=${OSM_K8S_EXTERNAL_IP}.nip.io"
-OSM_HELM_OPTS="${OSM_HELM_OPTS} --set grafana.ingress.hosts={grafana.${OSM_K8S_EXTERNAL_IP}.nip.io}"
-OSM_HELM_OPTS="${OSM_HELM_OPTS} --set prometheus.server.ingress.hosts={prometheus.${OSM_K8S_EXTERNAL_IP}.nip.io}"
-# OSM_HELM_OPTS="${OSM_HELM_OPTS} --set prometheus.alertmanager.ingress.hosts={alertmanager.${OSM_K8S_EXTERNAL_IP}.nip.io}"
+OSM_BASE_DOMAIN="${OSM_BASE_DOMAIN:-"${OSM_K8S_NGINX_IPADDRESS}.nip.io"}"
+OSM_HELM_OPTS="${OSM_HELM_OPTS} --set global.hostname=${OSM_BASE_DOMAIN}"
+OSM_HELM_OPTS="${OSM_HELM_OPTS} --set grafana.ingress.hosts={grafana.${OSM_BASE_DOMAIN}}"
+OSM_HELM_OPTS="${OSM_HELM_OPTS} --set prometheus.server.ingress.hosts={prometheus.${OSM_BASE_DOMAIN}}"
+# OSM_HELM_OPTS="${OSM_HELM_OPTS} --set prometheus.alertmanager.ingress.hosts={alertmanager.${OSM_BASE_DOMAIN}}"
if [ -z "${OSM_GITOPS_ENABLED}" ]; then
OSM_HELM_OPTS="${OSM_HELM_OPTS} --set global.gitops.enabled=false"
else
@@ -117,7 +128,7 @@
echo -e "Saving OSM enviroment to credentials folder..."
OSM_HOSTNAME=$(kubectl get --namespace osm -o jsonpath="{.spec.rules[0].host}" ingress nbi-ingress)
-# OSM_HOSTNAME="nbi.${OSM_K8S_EXTERNAL_IP}.nip.io:443"
+# OSM_HOSTNAME="nbi.${OSM_BASE_DOMAIN}:443"
echo -e "OSM HOSTNAME: ${OSM_HOSTNAME}"
cat << EOF > "${CREDENTIALS_DIR}/osm_environment.rc"
diff --git a/installers/flux/scripts/create-new-cluster-folder-structure.sh b/installers/flux/scripts/create-new-cluster-folder-structure.sh
index ef1b0cb..1ea1ded 100755
--- a/installers/flux/scripts/create-new-cluster-folder-structure.sh
+++ b/installers/flux/scripts/create-new-cluster-folder-structure.sh
@@ -111,17 +111,31 @@
# Secrets to access both Git repos
# (NOTE: these are the last secrets to be added imperatively)
kubectl delete secret fleet-repo --namespace flux-system 2> /dev/null || true
-kubectl create secret generic fleet-repo \
- --namespace flux-system \
- --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
- --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ kubectl create secret generic fleet-repo \
+ --namespace flux-system \
+ --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+ --from-literal=password="${FLEET_REPO_GIT_USER_PASS}" \
+ --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+ kubectl create secret generic fleet-repo \
+ --namespace flux-system \
+ --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+ --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
+fi
kubectl delete secret sw-catalogs --namespace flux-system 2> /dev/null || true
-kubectl create secret generic sw-catalogs \
- --namespace flux-system \
- --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
- --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ kubectl create secret generic sw-catalogs \
+ --namespace flux-system \
+ --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+ --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}" \
+ --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+ kubectl create secret generic sw-catalogs \
+ --namespace flux-system \
+ --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+ --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
+fi
# Render Flux `Kustomizations` to sync with default profiles
envsubst < "${TEMPLATES_DIR}/infra-controllers.yaml" > "${CLUSTER_DIR}/infra-controllers.yaml"
envsubst < "${TEMPLATES_DIR}/infra-configs.yaml" > "${CLUSTER_DIR}/infra-configs.yaml"
diff --git a/installers/flux/scripts/mgmt-cluster-bootstrap.sh b/installers/flux/scripts/mgmt-cluster-bootstrap.sh
index c4aa0fc..2917a5a 100755
--- a/installers/flux/scripts/mgmt-cluster-bootstrap.sh
+++ b/installers/flux/scripts/mgmt-cluster-bootstrap.sh
@@ -23,17 +23,49 @@
source "${HERE}/library/trap.sh"
+# Preparation for Openshift
+if [ -n "${OPENSHIFT_MGMT_CLUSTER}" ]; then
+ m "Detected OpenShift management cluster, initilializing flux with SCC..." "${GREEN}"
+ # Preparation for Openshift
+ pushd "${FLEET_REPO_DIR}" > /dev/null
+ FLUX_SYSTEM_DIR="clusters/_management/flux-system"
+ FLUX_SYSTEM_SW_CATALOG_DIR="${HERE}/../templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system"
+ mkdir -p "${FLUX_SYSTEM_DIR}"
+ touch "${FLUX_SYSTEM_DIR}/gotk-components.yaml"
+ touch "${FLUX_SYSTEM_DIR}/gotk-sync.yaml"
+ cp "${FLUX_SYSTEM_SW_CATALOG_DIR}/scc.yaml" "${FLUX_SYSTEM_DIR}"
+ cp "${FLUX_SYSTEM_SW_CATALOG_DIR}/kustomization.yaml" "${FLUX_SYSTEM_DIR}"
+ # git status
+ git add -A
+ git commit -m "init flux"
+ git pull origin main
+ git push -u origin main
+ popd > /dev/null
+fi
+
# Bootstrap
GIT_PATH=./clusters/_management
GIT_BRANCH=main
-flux bootstrap git \
- --url=${FLEET_REPO_HTTP_URL} \
- --allow-insecure-http=true \
- --username=${FLEET_REPO_GIT_USERNAME} \
- --password="${FLEET_REPO_GIT_USER_PASS}" \
- --token-auth=true \
- --branch=${GIT_BRANCH} \
- --path=${GIT_PATH}
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ flux bootstrap git \
+ --url=${FLEET_REPO_HTTP_URL} \
+ --allow-insecure-http=true \
+ --username=${FLEET_REPO_GIT_USERNAME} \
+ --password="${FLEET_REPO_GIT_USER_PASS}" \
+ --token-auth=true \
+ --branch=${GIT_BRANCH} \
+ --ca-file=${MGMT_CLUSTER_CA_FILE} \
+ --path=${GIT_PATH}
+else
+ flux bootstrap git \
+ --url=${FLEET_REPO_HTTP_URL} \
+ --allow-insecure-http=true \
+ --username=${FLEET_REPO_GIT_USERNAME} \
+ --password="${FLEET_REPO_GIT_USER_PASS}" \
+ --token-auth=true \
+ --branch=${GIT_BRANCH} \
+ --path=${GIT_PATH}
+fi
# Check if successful
flux check
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml
index d138660..e533cfa 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml
@@ -28,7 +28,7 @@
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -38,6 +38,7 @@
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: ${CLUSTER_KUSTOMIZATION_NAMESPACE}
prune: true
# wait: true
# force: true
@@ -48,8 +49,8 @@
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
---
# Creates remote `flux-system.flux-system` secret
@@ -57,7 +58,7 @@
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -77,8 +78,8 @@
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
@@ -99,12 +100,12 @@
name: flux-system
---
-# Creates remote `sops-age` secret
+# Creates remote `flux-system.managed-resources` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
- namespace: managed-resources
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-flux
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -124,8 +125,55 @@
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: flux-system
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: flux-system
+
+---
+# Creates remote `sops-age` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
@@ -150,7 +198,7 @@
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -170,8 +218,8 @@
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
@@ -192,12 +240,12 @@
name: fleet-repo
---
-# Creates remote `sw-catalogs.flux-system` secret
+# Creates remote `fleet-repo.managed-resources` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
- namespace: managed-resources
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-fleet
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -217,8 +265,55 @@
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: fleet-repo
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: fleet-repo
+
+---
+# Creates remote `sw-catalogs.flux-system` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
@@ -239,12 +334,59 @@
name: sw-catalogs
---
+# Creates remote `sw-catalogs.managed-resources` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-catalogs
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: sw-catalogs
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: sw-catalogs
+
+---
# Remote installation of Flux controller (to let the cluster be autonomous)
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
@@ -261,5 +403,5 @@
namespace: flux-system
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/apps.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/apps.yaml
new file mode 100644
index 0000000..607b8c9
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/apps.yaml
@@ -0,0 +1,41 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: apps
+ namespace: flux-system
+ labels:
+ osm_profile_type: apps
+spec:
+ interval: 10m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${APPS_PATH}
+ prune: true
+ wait: true
+ timeout: 5m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/fleet-repo.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/fleet-repo.yaml
new file mode 100644
index 0000000..4f70cd7
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/fleet-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: fleet-repo
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: fleet-repo
+ url: ${FLEET_REPO_URL}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/gotk-sync.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/gotk-sync.yaml
new file mode 100644
index 0000000..4346fee
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/gotk-sync.yaml
@@ -0,0 +1,44 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: flux-system
+ url: ${FLEET_REPO_URL}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/kustomization.yaml
new file mode 100644
index 0000000..c923e88
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/kustomization.yaml
@@ -0,0 +1,51 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - gotk-components.yaml
+ - gotk-sync.yaml
+ - scc.yaml
+patches:
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ securityContext:
+ $patch: delete
+ containers:
+ - name: manager
+ securityContext:
+ runAsUser: 65534
+ seccompProfile:
+ $patch: delete
+ target:
+ kind: Deployment
+ labelSelector: app.kubernetes.io/part-of=flux
+ - patch: |-
+ - op: remove
+ path: /metadata/labels/pod-security.kubernetes.io~1warn
+ - op: remove
+ path: /metadata/labels/pod-security.kubernetes.io~1warn-version
+ target:
+ kind: Namespace
+ labelSelector: app.kubernetes.io/part-of=flux
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/scc.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/scc.yaml
new file mode 100644
index 0000000..6522067
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system/scc.yaml
@@ -0,0 +1,60 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+# Allow Flux controllers to run as non-root on OpenShift
+# Docs: https://fluxcd.io/flux/installation/configuration/openshift/
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: flux-scc
+rules:
+ - apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ resourceNames:
+ - nonroot
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: flux-scc
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: flux-scc
+subjects:
+ - kind: ServiceAccount
+ name: source-controller
+ namespace: flux-system
+ - kind: ServiceAccount
+ name: kustomize-controller
+ namespace: flux-system
+ - kind: ServiceAccount
+ name: helm-controller
+ namespace: flux-system
+ - kind: ServiceAccount
+ name: notification-controller
+ namespace: flux-system
+ - kind: ServiceAccount
+ name: image-reflector-controller
+ namespace: flux-system
+ - kind: ServiceAccount
+ name: image-automation-controller
+ namespace: flux-system
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-configs.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-configs.yaml
new file mode 100644
index 0000000..d2879eb
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-configs.yaml
@@ -0,0 +1,49 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-configs
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-configs
+spec:
+ dependsOn:
+ - name: infra-controllers
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONFIGS_PATH}
+ prune: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ # patches:
+ # - patch: |
+ # - op: replace
+ # path: /spec/acme/server
+ # value: https://acme-v02.api.letsencrypt.org/directory
+ # target:
+ # kind: ClusterIssuer
+ # name: letsencrypt
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-controllers.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-controllers.yaml
new file mode 100644
index 0000000..671afc8
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/infra-controllers.yaml
@@ -0,0 +1,40 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: infra-controllers
+ namespace: flux-system
+ labels:
+ osm_profile_type: infra-controllers
+spec:
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${INFRA_CONTROLLERS_PATH}
+ prune: true
+ wait: true
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/kustomization.yaml
new file mode 100644
index 0000000..6e3c9af
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/kustomization.yaml
@@ -0,0 +1,36 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ # Repos
+ - fleet-repo.yaml
+ - sw-catalogs-repo.yaml
+
+ # Base cluster structure (CRDs, operators and their configs)
+ - infra-controllers.yaml
+ - infra-configs.yaml
+
+ # Managed resources
+ - managed-resources.yaml
+
+ # Managed apps
+ - apps.yaml
+
+ # Adds also the `flux-system` folder to preserve bootstrap structure
+ - flux-system
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/managed-resources.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/managed-resources.yaml
new file mode 100644
index 0000000..2d59cc9
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/managed-resources.yaml
@@ -0,0 +1,52 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+# Namespace
+# apiVersion: v1
+# kind: Namespace
+# metadata:
+# name: managed-resources
+
+---
+# Managed resources
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: managed-resources
+ namespace: flux-system
+ labels:
+ osm_profile_type: managed-resources
+spec:
+ # interval: 10m0s
+ interval: 7m0s
+ dependsOn:
+ - name: infra-configs
+ sourceRef:
+ kind: GitRepository
+ name: fleet-repo
+ path: ${MANAGED_RESOURCES_PATH}
+ prune: true
+ wait: true
+ # timeout: 5m0s
+ timeout: 7m0s
+ retryInterval: 2m0s
+ # Decryption configuration starts here
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/sw-catalogs-repo.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/sw-catalogs-repo.yaml
new file mode 100644
index 0000000..75bc138
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/sw-catalogs-repo.yaml
@@ -0,0 +1,30 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: sw-catalogs
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: main
+ secretRef:
+ name: sw-catalogs
+ url: ${SW_CATALOGS_REPO_URL}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/hostedcluster.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/hostedcluster.yaml
new file mode 100644
index 0000000..59f206e
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/hostedcluster.yaml
@@ -0,0 +1,69 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: hypershift.openshift.io/v1beta1
+kind: HostedCluster
+metadata:
+ name: ${cluster_name}
+ namespace: ${hosted_cluster_project}
+ labels:
+ cluster: ${cluster_name}
+ "cluster.open-cluster-management.io/clusterset": "default"
+spec:
+ etcd:
+ managed:
+ storage:
+ persistentVolume:
+ size: "${etcd_volume_size}"
+ storageClassName: ${storage_class}
+ type: PersistentVolume
+ managementType: Managed
+ release:
+ image: "quay.io/openshift-release-dev/ocp-release:${openshift_release}"
+ pullSecret:
+ name: "pullsecret-cluster-${cluster_name}"
+ sshKey:
+ name: "sshkey-cluster-${cluster_name}"
+ networking:
+ clusterNetwork:
+ - cidr: 10.132.0.0/14
+ serviceNetwork:
+ - cidr: 172.31.0.0/16
+ networkType: OVNKubernetes
+ controllerAvailabilityPolicy: ${control_plane_availability}
+ infrastructureAvailabilityPolicy: ${control_plane_availability}
+ platform:
+ type: KubeVirt
+ kubevirt:
+ baseDomainPassthrough: true
+ infraID: ${cluster_name}
+ services:
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ - service: OIDC
+ servicePublishingStrategy:
+ type: Route
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ - service: APIServer
+ servicePublishingStrategy:
+ type: LoadBalancer
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/klusterlet.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/klusterlet.yaml
new file mode 100644
index 0000000..c436d31
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/klusterlet.yaml
@@ -0,0 +1,38 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: agent.open-cluster-management.io/v1
+kind: KlusterletAddonConfig
+metadata:
+ name: ${cluster_name}
+ namespace: ${cluster_project}
+ labels:
+ cluster: ${cluster_name}
+spec:
+ clusterName: ${cluster_name}
+ clusterNamespace: ${cluster_project}
+ clusterLabels:
+ cloud: BareMetal
+ vendor: OpenShift
+ applicationManager:
+ enabled: true
+ policyController:
+ enabled: true
+ searchCollector:
+ enabled: true
+ certPolicyController:
+ enabled: true
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/managedcluster.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/managedcluster.yaml
new file mode 100644
index 0000000..e1fc0aa
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/managedcluster.yaml
@@ -0,0 +1,33 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: cluster.open-cluster-management.io/v1
+kind: ManagedCluster
+metadata:
+ annotations:
+ import.open-cluster-management.io/hosting-cluster-name: local-cluster
+ import.open-cluster-management.io/klusterlet-deploy-mode: Hosted
+ open-cluster-management/created-via: hypershift
+ labels:
+ cloud: BareMetal
+ cluster: ${cluster_name}
+ vendor: OpenShift
+ name: ${cluster_name}
+ cluster.open-cluster-management.io/clusterset: "default"
+ name: ${cluster_name}
+spec:
+ hubAcceptsClient: true
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/nodepool.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/nodepool.yaml
new file mode 100644
index 0000000..d7f442d
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/cluster/nodepool.yaml
@@ -0,0 +1,48 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: hypershift.openshift.io/v1beta1
+kind: NodePool
+metadata:
+ name: "${cluster_name}-np1"
+ namespace: ${hosted_cluster_project}
+ labels:
+ cluster: ${cluster_name}
+spec:
+ arch: amd64
+ clusterName: ${cluster_name}
+ replicas: ${worker_count}
+ management:
+ autoRepair: false
+ upgradeType: Replace
+ platform:
+ type: KubeVirt
+ kubevirt:
+ compute:
+ cores: ${worker_cores}
+ memory: "${worker_memory}"
+ rootVolume:
+ type: Persistent
+ persistent:
+ size: "${worker_volume_size}"
+ accessModes:
+ - ReadWriteMany
+ storageClass: ${storage_class}
+ volumeMode: Block
+ # defaultPodNetwork: true
+ release:
+ image: "quay.io/openshift-release-dev/ocp-release:${openshift_release}"
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/namespaces/namespaces.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/namespaces/namespaces.yaml
new file mode 100644
index 0000000..d3745f8
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/manifests/namespaces/namespaces.yaml
@@ -0,0 +1,31 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: "${cluster_project}"
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: "clusters-${cluster_project}"
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: "klusterlet-${cluster_project}"
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/openshift/templates/openshift01.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/templates/openshift01.yaml
new file mode 100644
index 0000000..2684255
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/openshift/templates/openshift01.yaml
@@ -0,0 +1,122 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+---
+# TEMPLATE_PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the ACM management cluster (e.g., for `Kustomization`s).
+# CLUSTER_PROJECT: Name of one of the three projects for the cluster that will be created in the ACM management cluster.
+#
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .spec.postBuild.substitute.cluster_project: Project name to be created
+
+# Cluster projects
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-ns
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ commonMetadata:
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/openshift/manifests/namespaces
+ prune: true
+ # force: true
+ wait: true
+ # Input parameters
+ postBuild:
+ substitute:
+ cluster_project: ${CLUSTER_PROJECT}
+---
+# TEMPLATE_PARAMETERS:
+# ===================
+#
+# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (e.g., for `Kustomization`s).
+# - Alternatively, it can be patched at:
+# .metadata.name
+# .metadata.labels.cluster
+# .spec.commonMetadata.labels.cluster
+# .spec.postBuild.substitute.cluster_resource_name
+#
+# PARAMETERS TO PATCH:
+# ===================
+#
+# .spec.postBuild.substitute.base_domain: Domain name to use as base.
+# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
+# .spec.postBuild.substitute.cluster_project: Project name to use
+# .spec.postBuild.substitute.hosted_cluster_project: Common project name to use for use with all workload clusters.
+# .spec.postBuild.substitute.etcd_volume_size: Volume size of ETCD in Gi
+# .spec.postBuild.substitute.openshift_release: Flavor of worker node VMs.
+# .spec.postBuild.substitute.storage_class: OpenShift StorageClass to use to create volumes.
+# .spec.postBuild.substitute.control_plane_availability: Availability of the contro plane. Valid only SingleReplica or HighAvailability
+# .spec.postBuild.substitute.worker_count: Number of Workers.
+# .spec.postBuild.substitute.worker_cores: CPU count of Workers.
+# .spec.postBuild.substitute.worker_memory: Memory size of Workers in Gi.
+# .spec.postBuild.substitute.worker_volume_size: Volume size of Workers in Gi.
+
+# Cluster resource
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: managed-resources
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-ns
+ commonMetadata:
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+ interval: 1h
+ retryInterval: 1m
+ timeout: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/openshift/manifests/cluster
+ prune: true
+ # force: true
+ wait: true
+ # Input parameters
+ postBuild:
+ substitute:
+ base_domain: ${BASE_DOMAIN}
+ cluster_name: ${CLUSTER_NAME}
+ cluster_project: ${CLUSTER_PROJECT}
+ hosted_cluster_project: ${HOSTED_CLUSTER_PROJECT}
+ etcd_volume_size: ${ETCD_VOLUME_SIZE}
+ openshift_release: ${OPENSHIFT_RELEASE}
+ storage_class: ${STORAGE_CLASS}
+ control_plane_availability: ${CONTROL_PLANE_AVAILABILITY}
+ worker_count: ${WORKER_COUNT}
+ worker_cores: ${WORKER_CORES}
+ worker_memory: ${WORKER_MEMORY}
+ worker_volume_size: ${WORKER_VOLUME_SIZE}
diff --git a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
index 0123e7f..f0e47c7 100644
--- a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
+++ b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
@@ -303,4 +303,5 @@
value: osm_contrib
- name: dry_run
value: "{{inputs.parameters.dry_run}}"
-# ------ end of commit transaction
\ No newline at end of file
+# ------ end of commit transaction
+