Feature 11057: Cluster management in Openshift-based infrastructures
Change-Id: I8bdb1efb3ad1e9c8da688f334b3dcf7f49ad047c
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/flux/scripts/create-new-cluster-folder-structure.sh b/installers/flux/scripts/create-new-cluster-folder-structure.sh
index ef1b0cb..1ea1ded 100755
--- a/installers/flux/scripts/create-new-cluster-folder-structure.sh
+++ b/installers/flux/scripts/create-new-cluster-folder-structure.sh
@@ -111,17 +111,31 @@
# Secrets to access both Git repos
# (NOTE: these are the last secrets to be added imperatively)
kubectl delete secret fleet-repo --namespace flux-system 2> /dev/null || true
-kubectl create secret generic fleet-repo \
- --namespace flux-system \
- --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
- --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ kubectl create secret generic fleet-repo \
+ --namespace flux-system \
+ --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+ --from-literal=password="${FLEET_REPO_GIT_USER_PASS}" \
+ --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+ kubectl create secret generic fleet-repo \
+ --namespace flux-system \
+ --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+ --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
+fi
kubectl delete secret sw-catalogs --namespace flux-system 2> /dev/null || true
-kubectl create secret generic sw-catalogs \
- --namespace flux-system \
- --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
- --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ kubectl create secret generic sw-catalogs \
+ --namespace flux-system \
+ --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+ --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}" \
+ --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+ kubectl create secret generic sw-catalogs \
+ --namespace flux-system \
+ --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+ --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
+fi
# Render Flux `Kustomizations` to sync with default profiles
envsubst < "${TEMPLATES_DIR}/infra-controllers.yaml" > "${CLUSTER_DIR}/infra-controllers.yaml"
envsubst < "${TEMPLATES_DIR}/infra-configs.yaml" > "${CLUSTER_DIR}/infra-configs.yaml"
diff --git a/installers/flux/scripts/mgmt-cluster-bootstrap.sh b/installers/flux/scripts/mgmt-cluster-bootstrap.sh
index c4aa0fc..2917a5a 100755
--- a/installers/flux/scripts/mgmt-cluster-bootstrap.sh
+++ b/installers/flux/scripts/mgmt-cluster-bootstrap.sh
@@ -23,17 +23,49 @@
source "${HERE}/library/trap.sh"
+# Preparation for Openshift
+if [ -n "${OPENSHIFT_MGMT_CLUSTER}" ]; then
+ m "Detected OpenShift management cluster, initilializing flux with SCC..." "${GREEN}"
+ # Preparation for Openshift
+ pushd "${FLEET_REPO_DIR}" > /dev/null
+ FLUX_SYSTEM_DIR="clusters/_management/flux-system"
+ FLUX_SYSTEM_SW_CATALOG_DIR="${HERE}/../templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/cluster-base-openshift/templates/flux-system"
+ mkdir -p "${FLUX_SYSTEM_DIR}"
+ touch "${FLUX_SYSTEM_DIR}/gotk-components.yaml"
+ touch "${FLUX_SYSTEM_DIR}/gotk-sync.yaml"
+ cp "${FLUX_SYSTEM_SW_CATALOG_DIR}/scc.yaml" "${FLUX_SYSTEM_DIR}"
+ cp "${FLUX_SYSTEM_SW_CATALOG_DIR}/kustomization.yaml" "${FLUX_SYSTEM_DIR}"
+ # git status
+ git add -A
+ git commit -m "init flux"
+ git pull origin main
+ git push -u origin main
+ popd > /dev/null
+fi
+
# Bootstrap
GIT_PATH=./clusters/_management
GIT_BRANCH=main
-flux bootstrap git \
- --url=${FLEET_REPO_HTTP_URL} \
- --allow-insecure-http=true \
- --username=${FLEET_REPO_GIT_USERNAME} \
- --password="${FLEET_REPO_GIT_USER_PASS}" \
- --token-auth=true \
- --branch=${GIT_BRANCH} \
- --path=${GIT_PATH}
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+ flux bootstrap git \
+ --url=${FLEET_REPO_HTTP_URL} \
+ --allow-insecure-http=true \
+ --username=${FLEET_REPO_GIT_USERNAME} \
+ --password="${FLEET_REPO_GIT_USER_PASS}" \
+ --token-auth=true \
+ --branch=${GIT_BRANCH} \
+ --ca-file=${MGMT_CLUSTER_CA_FILE} \
+ --path=${GIT_PATH}
+else
+ flux bootstrap git \
+ --url=${FLEET_REPO_HTTP_URL} \
+ --allow-insecure-http=true \
+ --username=${FLEET_REPO_GIT_USERNAME} \
+ --password="${FLEET_REPO_GIT_USER_PASS}" \
+ --token-auth=true \
+ --branch=${GIT_BRANCH} \
+ --path=${GIT_PATH}
+fi
# Check if successful
flux check