osm.etsi.org Git - osm/devops.git/blob

   1 #######################################################################################
   2 # Copyright ETSI Contributors and Others.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #    http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  13 # implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16 #######################################################################################
  17
  18 ---
  19 # TEMPLATE PARAMETERS:
  20 # ===================
  21 #
  22 # CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (i.e., the `Kustomization`).
  23 # CLUSTER_NAME: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
  24 # CLUSTER_AGE_SECRET_NAME: Name of the secret in the management cluster that keeps the private key for age/sops in the remote cluster.
  25
  26 # Creates required remote namespaces
  27 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
  28 kind: Kustomization
  29 metadata:
  30   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
  31   namespace: managed-resources
  32   labels:
  33     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
  34 spec:
  35   # interval: 1h
  36   interval: 5m
  37   retryInterval: 1m
  38   timeout: 5m
  39   dependsOn:
  40     - name: ${CLUSTER_KUSTOMIZATION_NAME}
  41   prune: true
  42   # wait: true
  43   # force: true
  44   sourceRef:
  45     kind: GitRepository
  46     name: sw-catalogs
  47     namespace: flux-system
  48   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
  49   kubeConfig:
  50     secretRef:
  51       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
  52       key: kubeconfig
  53
  54 ---
  55 # Creates remote `flux-system.flux-system` secret
  56 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
  57 kind: Kustomization
  58 metadata:
  59   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
  60   namespace: managed-resources
  61   labels:
  62     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
  63 spec:
  64   # interval: 1h
  65   interval: 5m
  66   retryInterval: 1m
  67   timeout: 5m
  68   dependsOn:
  69     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
  70   prune: true
  71   # wait: true
  72   force: true
  73   sourceRef:
  74     kind: GitRepository
  75     name: sw-catalogs
  76     namespace: flux-system
  77   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
  78   kubeConfig:
  79     secretRef:
  80       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
  81       key: kubeconfig
  82   patches:
  83     - patch: |-
  84         apiVersion: v1
  85         kind: Secret
  86         metadata:
  87           name: ${secret_name}
  88           namespace: ${secret_namespace}
  89         stringData:
  90           username: ${username}
  91           password: ${password}
  92   # Inputs:
  93   postBuild:
  94     substitute:
  95       secret_name: flux-system
  96       secret_namespace: flux-system
  97     substituteFrom:
  98       - kind: Secret
  99         name: flux-system
 100
 101 ---
 102 # Creates remote `sops-age` secret
 103 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 104 kind: Kustomization
 105 metadata:
 106   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
 107   namespace: managed-resources
 108   labels:
 109     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 110 spec:
 111   # interval: 1h
 112   interval: 5m
 113   retryInterval: 1m
 114   timeout: 5m
 115   dependsOn:
 116     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 117   prune: true
 118   # wait: true
 119   force: true
 120   sourceRef:
 121     kind: GitRepository
 122     name: sw-catalogs
 123     namespace: flux-system
 124   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 125   kubeConfig:
 126     secretRef:
 127       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
 128       key: kubeconfig
 129   patches:
 130     - patch: |-
 131         apiVersion: v1
 132         kind: Secret
 133         metadata:
 134           name: ${secret_name}
 135           namespace: ${secret_namespace}
 136         stringData:
 137           age.agekey: ${agekey}
 138   # Inputs:
 139   postBuild:
 140     substitute:
 141       secret_name: sops-age
 142       secret_namespace: flux-system
 143     substituteFrom:
 144       - kind: Secret
 145         name: ${CLUSTER_AGE_SECRET_NAME}
 146
 147 ---
 148 # Creates remote `fleet-repo.flux-system` secret
 149 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 150 kind: Kustomization
 151 metadata:
 152   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
 153   namespace: managed-resources
 154   labels:
 155     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 156 spec:
 157   # interval: 1h
 158   interval: 5m
 159   retryInterval: 1m
 160   timeout: 5m
 161   dependsOn:
 162     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 163   prune: true
 164   # wait: true
 165   force: true
 166   sourceRef:
 167     kind: GitRepository
 168     name: sw-catalogs
 169     namespace: flux-system
 170   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 171   kubeConfig:
 172     secretRef:
 173       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
 174       key: kubeconfig
 175   patches:
 176     - patch: |-
 177         apiVersion: v1
 178         kind: Secret
 179         metadata:
 180           name: ${secret_name}
 181           namespace: ${secret_namespace}
 182         stringData:
 183           username: ${username}
 184           password: ${password}
 185   # Inputs:
 186   postBuild:
 187     substitute:
 188       secret_name: fleet-repo
 189       secret_namespace: flux-system
 190     substituteFrom:
 191       - kind: Secret
 192         name: fleet-repo
 193
 194 ---
 195 # Creates remote `sw-catalogs.flux-system` secret
 196 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 197 kind: Kustomization
 198 metadata:
 199   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
 200   namespace: managed-resources
 201   labels:
 202     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 203 spec:
 204   # interval: 1h
 205   interval: 5m
 206   retryInterval: 1m
 207   timeout: 5m
 208   dependsOn:
 209     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 210   prune: true
 211   # wait: true
 212   force: true
 213   sourceRef:
 214     kind: GitRepository
 215     name: sw-catalogs
 216     namespace: flux-system
 217   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 218   kubeConfig:
 219     secretRef:
 220       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
 221       key: kubeconfig
 222   patches:
 223     - patch: |-
 224         apiVersion: v1
 225         kind: Secret
 226         metadata:
 227           name: ${secret_name}
 228           namespace: ${secret_namespace}
 229         stringData:
 230           username: ${username}
 231           password: ${password}
 232   # Inputs:
 233   postBuild:
 234     substitute:
 235       secret_name: sw-catalogs
 236       secret_namespace: flux-system
 237     substituteFrom:
 238       - kind: Secret
 239         name: sw-catalogs
 240
 241 ---
 242 # Remote installation of Flux controller (to let the cluster be autonomous)
 243 apiVersion: kustomize.toolkit.fluxcd.io/v1
 244 kind: Kustomization
 245 metadata:
 246   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
 247   namespace: managed-resources
 248   labels:
 249     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 250 spec:
 251   # Tune interval as needed
 252   interval: 10m0s
 253   path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}/flux-system
 254   dependsOn:
 255     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
 256   # Avoids removing resources unexpectedly
 257   prune: false
 258   sourceRef:
 259     kind: GitRepository
 260     name: flux-system
 261     namespace: flux-system
 262   kubeConfig:
 263     secretRef:
 264       name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
 265       key: kubeconfig