local PROJECT_NAME="${3:-"${MGMT_PROJECT_NAME}"}"
local FLEET_REPO_DIR="${4:-"${FLEET_REPO_DIR}"}"
local MGMT_RESOURCES_DIR="${5:-"${MGMT_RESOURCES_DIR}"}"
-
local NODEGROUP_DIR="${MGMT_RESOURCES_DIR}/${CLUSTER_NAME}/${NODEGROUP_KUSTOMIZATION_NAME}"
-
# Delete node Kustomizations
rm -rf "${NODEGROUP_DIR}"
}
local SW_CATALOGS_REPO_URL="$3"
local PROJECT_NAME="${4:-"${MGMT_PROJECT_NAME}"}"
local SW_CATALOGS_REPO_DIR="${5:-"${SW_CATALOGS_REPO_DIR}"}"
-
+ # Path for the source templates
+ local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}"
+
# Optional inputs:
# Paths for each profile in the Git repo
- local INFRA_CONTROLLERS_PATH="${6:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local INFRA_CONFIGS_PATH="${7:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local MANAGED_RESOURCES_PATH="${8:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local APPS_PATH="${9:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
-
- # Path for the source templates
- local TEMPLATES="${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"
+ local INFRA_CONTROLLERS_PATH="${7:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local INFRA_CONFIGS_PATH="${8:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local MANAGED_RESOURCES_PATH="${9:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local APPS_PATH="${10:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
# Generate
export CLUSTER_KUSTOMIZATION_NAME
local CLUSTER_KUSTOMIZATION_NAME="${2:-$(safe_name ${CLUSTER_NAME})}"
local CLUSTER_AGE_SECRET_NAME="${3:-$(safe_name "sops-age-${CLUSTER_KUSTOMIZATION_NAME}")}"
local SW_CATALOGS_REPO_DIR="${4:-"${SW_CATALOGS_REPO_DIR}"}"
+ local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${5:-"managed-resources"}"
+ local CLUSTER_KUSTOMIZATION_NAMESPACE="${6:-"managed-resources"}"
+ local BOOTSTRAP_SECRET_NAMESPACE="${7:-"managed-resources"}"
# Paths and names for the templates
- local MANIFEST_FILENAME="${5:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}"
- local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}"
- local TEMPLATE_MANIFEST_FILENAME="${7:-"remote-cluster-bootstrap.yaml"}"
+ local MANIFEST_FILENAME="${8:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}"
+ local TEMPLATES="${9:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}"
+ local TEMPLATE_MANIFEST_FILENAME="${10:-"remote-cluster-bootstrap.yaml"}"
+
+ # Variables for kubeconfig secret configuration
+ local CLUSTER_KUBECONFIG_SECRET_KEY=${CLUSTER_KUBECONFIG_SECRET_KEY:-"kubeconfig"}
+ local CLUSTER_KUBECONFIG_SECRET_NAME=${CLUSTER_KUBECONFIG_SECRET_NAME:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"}
# Generate manifests
export CLUSTER_KUSTOMIZATION_NAME
export CLUSTER_NAME
export CLUSTER_AGE_SECRET_NAME
+ export CLUSTER_KUBECONFIG_SECRET_KEY
+ export CLUSTER_KUBECONFIG_SECRET_NAME
+ export BOOTSTRAP_KUSTOMIZATION_NAMESPACE
+ export CLUSTER_KUSTOMIZATION_NAMESPACE
+ export BOOTSTRAP_SECRET_NAMESPACE
join_lists \
<(cat) \
"${TEMPLATE_MANIFEST_FILENAME}" \
"${MANIFEST_FILENAME}" | \
replace_env_vars \
- '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME}'
+ '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME},${CLUSTER_KUBECONFIG_SECRET_KEY},${CLUSTER_KUBECONFIG_SECRET_NAME},${CLUSTER_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_SECRET_NAMESPACE}'
)
}
local PUBLIC_KEY_NEW_CLUSTER="$9"
local PRIVATE_KEY_NEW_CLUSTER="${10:-${PRIVATE_KEY_NEW_CLUSTER}}"
local IMPORTED_CLUSTER="${11:-"false"}"
-
+ local MGMT_CLUSTER_NAME="${12:-"_management"}"
+ local CLUSTER_KUBECONFIG_SECRET_NAME=${13:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"}
+ local CLUSTER_KUBECONFIG_SECRET_KEY=${14:-"kubeconfig"}
+ local TEMPLATES_DIR="${15:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}"
+ local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${16:-"managed-resources"}"
+ local CLUSTER_KUSTOMIZATION_NAMESPACE="${17:-"managed-resources"}"
+ local BOOTSTRAP_SECRET_NAMESPACE="${18:-"${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}"}"
# Calculates the folder where managed resources are defined
- local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/_management"
+ local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
# Create profile folders
echo "" | \
"${FLEET_REPO_URL}" \
"${SW_CATALOGS_REPO_URL}" \
"${MGMT_PROJECT_NAME}" \
- "${SW_CATALOGS_REPO_DIR}" | \
+ "${SW_CATALOGS_REPO_DIR}" \
+ "${TEMPLATES_DIR}" | \
list2folder_cp_over \
"${CLUSTER_FOLDER}"
"${CLUSTER_NAME}" \
"${CLUSTER_KUSTOMIZATION_NAME}" \
"${CLUSTER_AGE_SECRET_NAME}" \
- "${SW_CATALOGS_REPO_DIR}" | \
+ "${SW_CATALOGS_REPO_DIR}" \
+ "${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}" \
+ "${CLUSTER_KUSTOMIZATION_NAMESPACE}" \
+ "${BOOTSTRAP_SECRET_NAMESPACE}" | \
generator_k8s_age_secret_new_cluster \
"${PRIVATE_KEY_NEW_CLUSTER}" \
"${PUBLIC_KEY_MGMT}" \
- "${CLUSTER_AGE_SECRET_NAME}" | \
+ "${CLUSTER_AGE_SECRET_NAME}" \
+ "${BOOTSTRAP_SECRET_NAMESPACE}" | \
prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \
list2folder_cp_over \
"${MGMT_RESOURCES_DIR}"
local PROJECT_NAME="${2:-"${MGMT_PROJECT_NAME}"}"
local FLEET_REPO_DIR="${3:-"${FLEET_REPO_DIR}"}"
local MGMT_RESOURCES_DIR="${4:-"${MGMT_RESOURCES_DIR}"}"
+ local MGMT_CLUSTER_DIR="${5:-"${MGMT_CLUSTER_DIR}"}"
# Optional inputs: Paths for each profile in the Git repo
- local INFRA_CONTROLLERS_DIR="${5:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local INFRA_CONFIGS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local MANAGED_RESOURCES_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local APPS_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
- local CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local INFRA_CONTROLLERS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local INFRA_CONFIGS_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local MANAGED_RESOURCES_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local MGMT_CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_DIR}"}"
+ local APPS_DIR="${10:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}"
+ local CLUSTER_DIR="${11:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}"
# Optional input: Do I need a purge operation first?
- local PURGE="${10:-"false"}"
+ local PURGE="${12:-"false"}"
# Perform the purge if needed
if [[ "${PURGE,,}" == "true" ]]; then
echo "Purging the remote Flux instalation..."
- flux uninstall -s --namespace=flux-system
fi
echo "Deleting cluster profiles and (when applicable) its cloud resources..."
rm -rf "${INFRA_CONTROLLERS_DIR}"
rm -rf "${INFRA_CONFIGS_DIR}"
rm -rf "${MANAGED_RESOURCES_DIR}"
+ rm -rf "${MGMT_CLUSTER_DIR}"
rm -rf "${APPS_DIR}"
# Delete base cluster Kustomizations
local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}"
local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
+
# Is the provider type supported?
local VALID_PROVIDERS=("eks" "aks" "gke")
CLUSTER_TYPE="${CLUSTER_TYPE,,}"
"${MANIFEST_FILENAME}"
}
-
# Create remote CAPI cluster for Openstack
function create_capi_openstack_cluster() {
local CLUSTER_KUSTOMIZATION_NAME="${1}"
prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \
list2folder_cp_over \
"${TARGET_FOLDER}"
-
+
# Bootstrap (unless asked to skip)
if [[ "${SKIP_BOOTSTRAP,,}" == "true" ]]; then
return 0
fi
-
+
create_bootstrap_for_remote_cluster \
"${CLUSTER_NAME}" \
"${CLUSTER_KUSTOMIZATION_NAME}" \
local MGMT_CLUSTER_NAME="${24:-"_management"}"
local BASE_TEMPLATES_PATH="${25:-"cloud-resources/capi"}"
local NAMESPACE="${26:-"managed-resources"}"
-
+
# Determine key folders in Fleet
local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
# Updating no new cluster
local SKIP_BOOTSTRAP="true"
-
+
create_capi_openstack_cluster \
"${CLUSTER_KUSTOMIZATION_NAME}" \
"${CLUSTER_NAME}" \
local BASE_TEMPLATES_PATH="${25:-"cloud-resources"}"
local TEMPLATE_MANIFEST_FILENAME="${26:-"openshift01.yaml"}"
local MANIFEST_FILENAME="${27:-"openshift-${CLUSTER_NAME}.yaml"}"
-
+
local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/cloud-resources/openshift/templates"
local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
local SKIP_BOOTSTRAP="${23:-"false"}"
# Only change if absolutely needeed
local MGMT_PROJECT_NAME="${24:-"osm_admin"}"
-
+
# Determine key folders in Fleet
local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
"${MGMT_PROJECT_NAME}"
}
-
# ----- Helper functions for adding/removing a profile from a cluster -----
# Helper function to find profiles of a given type already used in the cluster
local OSM_PROJECT_NAME="${12:-"osm_admin"}"
local MGMT_CLUSTER_NAME="${13:-"_management"}"
+
# Is the provider type supported?
local VALID_PROVIDERS=("aws" "azure" "gcp")
PROVIDER_TYPE="${PROVIDER_TYPE,,}"
local OSM_PROJECT_NAME="${4:-"osm_admin"}"
local MGMT_CLUSTER_NAME="${5:-"_management"}"
+
# Is the provider type supported?
local VALID_PROVIDERS=("aws" "azure" "gcp")
PROVIDER_TYPE="${PROVIDER_TYPE,,}"
local OSM_PROJECT_NAME="${12:-"osm_admin"}"
local MGMT_CLUSTER_NAME="${13:-"_management"}"
+
# Is the provider type supported?
local VALID_PROVIDERS=("aws" "azure" "gcp")
PROVIDER_TYPE="${PROVIDER_TYPE,,}"
local CLOUD_CREDENTIALS_CLOUDS_KEY="clouds.yaml"
local CLOUD_CREDENTIALS_CACERT_KEY="cacert"
local CLOUD_CREDENTIALS_FILENAME="credentials-secret.yaml"
-
+
local CLOUD_CREDENTIALS_TOML_SECRET_NAME="${OPENSTACK_CLOUD_NAME}-capo-config-toml"
local CLOUD_CREDENTIALS_TOML_FILENAME="credentials-toml-secret.yaml"
delete_capi_openstack_cloudconf \
"${CLOUD_CONFIG_NAME}" \
"${CONFIG_DIR}"
-
+
create_capi_openstack_cloudconf \
"${CLOUD_CONFIG_NAME}" \
"${PUBLIC_KEY}" \
local CONFIG_DIR="${2:-"${MGMT_ADDON_CONFIG_DIR}"}"
local TARGET_FOLDER="${CONFIG_DIR}/capi-providerconfigs/capo/${OPENSTACK_CLOUD_NAME}-config"
-
+
# Delete the encrypted secrets files.
rm -rf "${TARGET_FOLDER}"
}
-
# Helper function to return the relative path of a location in SW Catalogs for an OKA
function path_to_catalog() {
local OKA_TYPE="$1"
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}
+ namespace: ${CLUSTER_KUSTOMIZATION_NAMESPACE}
prune: true
# wait: true
# force: true
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
---
# Creates remote `flux-system.flux-system` secret
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
- kind: Secret
name: flux-system
+---
+# Creates remote `flux-system.managed-resources` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-flux
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: flux-system
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: flux-system
+
---
# Creates remote `sops-age` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
- kind: Secret
name: fleet-repo
+---
+# Creates remote `fleet-repo.managed-resources` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-fleet
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: fleet-repo
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: fleet-repo
+
---
# Creates remote `sw-catalogs.flux-system` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
patches:
- patch: |-
apiVersion: v1
- kind: Secret
name: sw-catalogs
+---
+# Creates remote `sw-catalogs.managed-resources` secret
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-catalogs
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
+ labels:
+ cluster: ${CLUSTER_KUSTOMIZATION_NAME}
+spec:
+ # interval: 1h
+ interval: 5m
+ retryInterval: 1m
+ timeout: 5m
+ dependsOn:
+ - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
+ prune: true
+ # wait: true
+ force: true
+ sourceRef:
+ kind: GitRepository
+ name: sw-catalogs
+ namespace: flux-system
+ path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
+ kubeConfig:
+ secretRef:
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
+ patches:
+ - patch: |-
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: ${secret_name}
+ namespace: ${secret_namespace}
+ stringData:
+ username: ${username}
+ password: ${password}
+ # Inputs:
+ postBuild:
+ substitute:
+ secret_name: sw-catalogs
+ secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE}
+ substituteFrom:
+ - kind: Secret
+ name: sw-catalogs
+
---
# Remote installation of Flux controller (to let the cluster be autonomous)
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
- namespace: managed-resources
+ namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
namespace: flux-system
kubeConfig:
secretRef:
- name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
- key: kubeconfig
+ name: ${CLUSTER_KUBECONFIG_SECRET_NAME}
+ key: ${CLUSTER_KUBECONFIG_SECRET_KEY}
projects / osm / devops.git / commitdiff