osm.etsi.org Git - osm/devops.git/blob

   1 #######################################################################################
   2 # Copyright ETSI Contributors and Others.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #    http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  13 # implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16 #######################################################################################
  17
  18 ---
  19 # TEMPLATE PARAMETERS:
  20 # ===================
  21 #
  22 # CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (i.e., the `Kustomization`).
  23 # CLUSTER_NAME: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
  24 # CLUSTER_AGE_SECRET_NAME: Name of the secret in the management cluster that keeps the private key for age/sops in the remote cluster.
  25
  26 # Creates required remote namespaces
  27 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
  28 kind: Kustomization
  29 metadata:
  30   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
  31   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
  32   labels:
  33     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
  34 spec:
  35   # interval: 1h
  36   interval: 5m
  37   retryInterval: 1m
  38   timeout: 5m
  39   dependsOn:
  40     - name: ${CLUSTER_KUSTOMIZATION_NAME}
  41       namespace: ${CLUSTER_KUSTOMIZATION_NAMESPACE}
  42   prune: true
  43   # wait: true
  44   # force: true
  45   sourceRef:
  46     kind: GitRepository
  47     name: sw-catalogs
  48     namespace: flux-system
  49   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
  50   kubeConfig:
  51     secretRef:
  52       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
  53       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
  54
  55 ---
  56 # Creates remote `flux-system.flux-system` secret
  57 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
  58 kind: Kustomization
  59 metadata:
  60   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
  61   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
  62   labels:
  63     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
  64 spec:
  65   # interval: 1h
  66   interval: 5m
  67   retryInterval: 1m
  68   timeout: 5m
  69   dependsOn:
  70     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
  71   prune: true
  72   # wait: true
  73   force: true
  74   sourceRef:
  75     kind: GitRepository
  76     name: sw-catalogs
  77     namespace: flux-system
  78   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
  79   kubeConfig:
  80     secretRef:
  81       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
  82       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
  83   patches:
  84     - patch: |-
  85         apiVersion: v1
  86         kind: Secret
  87         metadata:
  88           name: ${secret_name}
  89           namespace: ${secret_namespace}
  90         stringData:
  91           username: ${username}
  92           password: ${password}
  93   # Inputs:
  94   postBuild:
  95     substitute:
  96       secret_name: flux-system
  97       secret_namespace: flux-system
  98     substituteFrom:
  99       - kind: Secret
 100         name: flux-system
 101
 102 ---
 103 # Creates remote `flux-system.managed-resources` secret
 104 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 105 kind: Kustomization
 106 metadata:
 107   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-flux
 108   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 109   labels:
 110     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 111 spec:
 112   # interval: 1h
 113   interval: 5m
 114   retryInterval: 1m
 115   timeout: 5m
 116   dependsOn:
 117     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 118   prune: true
 119   # wait: true
 120   force: true
 121   sourceRef:
 122     kind: GitRepository
 123     name: sw-catalogs
 124     namespace: flux-system
 125   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 126   kubeConfig:
 127     secretRef:
 128       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 129       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 130   patches:
 131     - patch: |-
 132         apiVersion: v1
 133         kind: Secret
 134         metadata:
 135           name: ${secret_name}
 136           namespace: ${secret_namespace}
 137         stringData:
 138           username: ${username}
 139           password: ${password}
 140   # Inputs:
 141   postBuild:
 142     substitute:
 143       secret_name: flux-system
 144       secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
 145     substituteFrom:
 146       - kind: Secret
 147         name: flux-system
 148
 149 ---
 150 # Creates remote `sops-age` secret
 151 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 152 kind: Kustomization
 153 metadata:
 154   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
 155   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 156   labels:
 157     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 158 spec:
 159   # interval: 1h
 160   interval: 5m
 161   retryInterval: 1m
 162   timeout: 5m
 163   dependsOn:
 164     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 165   prune: true
 166   # wait: true
 167   force: true
 168   sourceRef:
 169     kind: GitRepository
 170     name: sw-catalogs
 171     namespace: flux-system
 172   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 173   kubeConfig:
 174     secretRef:
 175       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 176       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 177   patches:
 178     - patch: |-
 179         apiVersion: v1
 180         kind: Secret
 181         metadata:
 182           name: ${secret_name}
 183           namespace: ${secret_namespace}
 184         stringData:
 185           age.agekey: ${agekey}
 186   # Inputs:
 187   postBuild:
 188     substitute:
 189       secret_name: sops-age
 190       secret_namespace: flux-system
 191     substituteFrom:
 192       - kind: Secret
 193         name: ${CLUSTER_AGE_SECRET_NAME}
 194
 195 ---
 196 # Creates remote `fleet-repo.flux-system` secret
 197 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 198 kind: Kustomization
 199 metadata:
 200   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
 201   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 202   labels:
 203     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 204 spec:
 205   # interval: 1h
 206   interval: 5m
 207   retryInterval: 1m
 208   timeout: 5m
 209   dependsOn:
 210     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 211   prune: true
 212   # wait: true
 213   force: true
 214   sourceRef:
 215     kind: GitRepository
 216     name: sw-catalogs
 217     namespace: flux-system
 218   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 219   kubeConfig:
 220     secretRef:
 221       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 222       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 223   patches:
 224     - patch: |-
 225         apiVersion: v1
 226         kind: Secret
 227         metadata:
 228           name: ${secret_name}
 229           namespace: ${secret_namespace}
 230         stringData:
 231           username: ${username}
 232           password: ${password}
 233   # Inputs:
 234   postBuild:
 235     substitute:
 236       secret_name: fleet-repo
 237       secret_namespace: flux-system
 238     substituteFrom:
 239       - kind: Secret
 240         name: fleet-repo
 241
 242 ---
 243 # Creates remote `fleet-repo.managed-resources` secret
 244 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 245 kind: Kustomization
 246 metadata:
 247   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-fleet
 248   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 249   labels:
 250     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 251 spec:
 252   # interval: 1h
 253   interval: 5m
 254   retryInterval: 1m
 255   timeout: 5m
 256   dependsOn:
 257     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 258   prune: true
 259   # wait: true
 260   force: true
 261   sourceRef:
 262     kind: GitRepository
 263     name: sw-catalogs
 264     namespace: flux-system
 265   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 266   kubeConfig:
 267     secretRef:
 268       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 269       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 270   patches:
 271     - patch: |-
 272         apiVersion: v1
 273         kind: Secret
 274         metadata:
 275           name: ${secret_name}
 276           namespace: ${secret_namespace}
 277         stringData:
 278           username: ${username}
 279           password: ${password}
 280   # Inputs:
 281   postBuild:
 282     substitute:
 283       secret_name: fleet-repo
 284       secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
 285     substituteFrom:
 286       - kind: Secret
 287         name: fleet-repo
 288
 289 ---
 290 # Creates remote `sw-catalogs.flux-system` secret
 291 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 292 kind: Kustomization
 293 metadata:
 294   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
 295   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 296   labels:
 297     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 298 spec:
 299   # interval: 1h
 300   interval: 5m
 301   retryInterval: 1m
 302   timeout: 5m
 303   dependsOn:
 304     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 305   prune: true
 306   # wait: true
 307   force: true
 308   sourceRef:
 309     kind: GitRepository
 310     name: sw-catalogs
 311     namespace: flux-system
 312   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 313   kubeConfig:
 314     secretRef:
 315       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 316       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 317   patches:
 318     - patch: |-
 319         apiVersion: v1
 320         kind: Secret
 321         metadata:
 322           name: ${secret_name}
 323           namespace: ${secret_namespace}
 324         stringData:
 325           username: ${username}
 326           password: ${password}
 327   # Inputs:
 328   postBuild:
 329     substitute:
 330       secret_name: sw-catalogs
 331       secret_namespace: flux-system
 332     substituteFrom:
 333       - kind: Secret
 334         name: sw-catalogs
 335
 336 ---
 337 # Creates remote `sw-catalogs.managed-resources` secret
 338 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 339 kind: Kustomization
 340 metadata:
 341   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-catalogs
 342   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 343   labels:
 344     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 345 spec:
 346   # interval: 1h
 347   interval: 5m
 348   retryInterval: 1m
 349   timeout: 5m
 350   dependsOn:
 351     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
 352   prune: true
 353   # wait: true
 354   force: true
 355   sourceRef:
 356     kind: GitRepository
 357     name: sw-catalogs
 358     namespace: flux-system
 359   path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
 360   kubeConfig:
 361     secretRef:
 362       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 363       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
 364   patches:
 365     - patch: |-
 366         apiVersion: v1
 367         kind: Secret
 368         metadata:
 369           name: ${secret_name}
 370           namespace: ${secret_namespace}
 371         stringData:
 372           username: ${username}
 373           password: ${password}
 374   # Inputs:
 375   postBuild:
 376     substitute:
 377       secret_name: sw-catalogs
 378       secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
 379     substituteFrom:
 380       - kind: Secret
 381         name: sw-catalogs
 382
 383 ---
 384 # Remote installation of Flux controller (to let the cluster be autonomous)
 385 apiVersion: kustomize.toolkit.fluxcd.io/v1
 386 kind: Kustomization
 387 metadata:
 388   name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
 389   namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
 390   labels:
 391     cluster: ${CLUSTER_KUSTOMIZATION_NAME}
 392 spec:
 393   # Tune interval as needed
 394   interval: 10m0s
 395   path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}/flux-system
 396   dependsOn:
 397     - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
 398   # Avoids removing resources unexpectedly
 399   prune: false
 400   sourceRef:
 401     kind: GitRepository
 402     name: flux-system
 403     namespace: flux-system
 404   kubeConfig:
 405     secretRef:
 406       name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
 407       key: ${CLUSTER_KUBECONFIG_SECRET_KEY}