From 94e638fab180f3357be7f8387879c0f21577b56e Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Wed, 6 Aug 2025 17:53:22 +0200 Subject: [PATCH] Revert changes in remote bootstrap related to support of Openshift clusters Change-Id: I528691dbc7591e303388ffe5d562b84df80c09f8 Signed-off-by: garciadeblas --- .../scripts/library/krm-functions.rc | 99 ++++------ .../templates/remote-cluster-bootstrap.yaml | 178 ++---------------- 2 files changed, 56 insertions(+), 221 deletions(-) diff --git a/docker/osm-krm-functions/scripts/library/krm-functions.rc b/docker/osm-krm-functions/scripts/library/krm-functions.rc index 1fc5a5f0..04fde1a9 100644 --- a/docker/osm-krm-functions/scripts/library/krm-functions.rc +++ b/docker/osm-krm-functions/scripts/library/krm-functions.rc @@ -279,7 +279,9 @@ function delete_nodegroup() { local PROJECT_NAME="${3:-"${MGMT_PROJECT_NAME}"}" local FLEET_REPO_DIR="${4:-"${FLEET_REPO_DIR}"}" local MGMT_RESOURCES_DIR="${5:-"${MGMT_RESOURCES_DIR}"}" + local NODEGROUP_DIR="${MGMT_RESOURCES_DIR}/${CLUSTER_NAME}/${NODEGROUP_KUSTOMIZATION_NAME}" + # Delete node Kustomizations rm -rf "${NODEGROUP_DIR}" } @@ -505,15 +507,16 @@ function generator_base_kustomizations_new_cluster() { local SW_CATALOGS_REPO_URL="$3" local PROJECT_NAME="${4:-"${MGMT_PROJECT_NAME}"}" local SW_CATALOGS_REPO_DIR="${5:-"${SW_CATALOGS_REPO_DIR}"}" - # Path for the source templates - local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}" - + # Optional inputs: # Paths for each profile in the Git repo - local INFRA_CONTROLLERS_PATH="${7:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local INFRA_CONFIGS_PATH="${8:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local MANAGED_RESOURCES_PATH="${9:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" - local APPS_PATH="${10:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONTROLLERS_PATH="${6:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONFIGS_PATH="${7:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local MANAGED_RESOURCES_PATH="${8:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" + local APPS_PATH="${9:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + + # Path for the source templates + local TEMPLATES="${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates" # Generate export CLUSTER_KUSTOMIZATION_NAME @@ -580,28 +583,16 @@ function generator_bootstrap_new_cluster() { local CLUSTER_KUSTOMIZATION_NAME="${2:-$(safe_name ${CLUSTER_NAME})}" local CLUSTER_AGE_SECRET_NAME="${3:-$(safe_name "sops-age-${CLUSTER_KUSTOMIZATION_NAME}")}" local SW_CATALOGS_REPO_DIR="${4:-"${SW_CATALOGS_REPO_DIR}"}" - local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${5:-"managed-resources"}" - local CLUSTER_KUSTOMIZATION_NAMESPACE="${6:-"managed-resources"}" - local BOOTSTRAP_SECRET_NAMESPACE="${7:-"managed-resources"}" # Paths and names for the templates - local MANIFEST_FILENAME="${7:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}" - local TEMPLATES="${8:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}" - local TEMPLATE_MANIFEST_FILENAME="${9:-"remote-cluster-bootstrap.yaml"}" - - # Variables for kubeconfig secret configuration - local CLUSTER_KUBECONFIG_SECRET_KEY=${CLUSTER_KUBECONFIG_SECRET_KEY:-"kubeconfig"} - local CLUSTER_KUBECONFIG_SECRET_NAME=${CLUSTER_KUBECONFIG_SECRET_NAME:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"} + local MANIFEST_FILENAME="${5:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}" + local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}" + local TEMPLATE_MANIFEST_FILENAME="${7:-"remote-cluster-bootstrap.yaml"}" # Generate manifests export CLUSTER_KUSTOMIZATION_NAME export CLUSTER_NAME export CLUSTER_AGE_SECRET_NAME - export CLUSTER_KUBECONFIG_SECRET_KEY - export CLUSTER_KUBECONFIG_SECRET_NAME - export BOOTSTRAP_KUSTOMIZATION_NAMESPACE - export CLUSTER_KUSTOMIZATION_NAMESPACE - export BOOTSTRAP_SECRET_NAMESPACE join_lists \ <(cat) \ @@ -612,7 +603,7 @@ function generator_bootstrap_new_cluster() { "${TEMPLATE_MANIFEST_FILENAME}" \ "${MANIFEST_FILENAME}" | \ replace_env_vars \ - '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME},${CLUSTER_KUBECONFIG_SECRET_KEY},${CLUSTER_KUBECONFIG_SECRET_NAME},${CLUSTER_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_SECRET_NAMESPACE}' + '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME}' ) } @@ -682,16 +673,10 @@ function create_bootstrap_for_remote_cluster() { local PUBLIC_KEY_NEW_CLUSTER="$9" local PRIVATE_KEY_NEW_CLUSTER="${10:-${PRIVATE_KEY_NEW_CLUSTER}}" local IMPORTED_CLUSTER="${11:-"false"}" - local MGMT_CLUSTER_NAME="${12:-"_management"}" - local CLUSTER_KUBECONFIG_SECRET_NAME=${13:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"} - local CLUSTER_KUBECONFIG_SECRET_KEY=${14:-"kubeconfig"} - local TEMPLATES_DIR="${15:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}" - local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${16:-"managed-resources"}" - local CLUSTER_KUSTOMIZATION_NAMESPACE="${17:-"managed-resources"}" - local BOOTSTRAP_SECRET_NAMESPACE="${18:-"${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}"}" + # Calculates the folder where managed resources are defined - local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" + local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/_management" # Create profile folders echo "" | \ @@ -710,8 +695,7 @@ function create_bootstrap_for_remote_cluster() { "${FLEET_REPO_URL}" \ "${SW_CATALOGS_REPO_URL}" \ "${MGMT_PROJECT_NAME}" \ - "${SW_CATALOGS_REPO_DIR}" \ - "${TEMPLATES_DIR}" | \ + "${SW_CATALOGS_REPO_DIR}" | \ list2folder_cp_over \ "${CLUSTER_FOLDER}" @@ -734,15 +718,11 @@ function create_bootstrap_for_remote_cluster() { "${CLUSTER_NAME}" \ "${CLUSTER_KUSTOMIZATION_NAME}" \ "${CLUSTER_AGE_SECRET_NAME}" \ - "${SW_CATALOGS_REPO_DIR}" \ - "${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}" \ - "${CLUSTER_KUSTOMIZATION_NAMESPACE}" \ - "${BOOTSTRAP_SECRET_NAMESPACE}" | \ + "${SW_CATALOGS_REPO_DIR}" | \ generator_k8s_age_secret_new_cluster \ "${PRIVATE_KEY_NEW_CLUSTER}" \ "${PUBLIC_KEY_MGMT}" \ - "${CLUSTER_AGE_SECRET_NAME}" \ - "${BOOTSTRAP_SECRET_NAMESPACE}" | \ + "${CLUSTER_AGE_SECRET_NAME}" | \ prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \ list2folder_cp_over \ "${MGMT_RESOURCES_DIR}" @@ -1005,23 +985,22 @@ function delete_remote_cluster() { local PROJECT_NAME="${2:-"${MGMT_PROJECT_NAME}"}" local FLEET_REPO_DIR="${3:-"${FLEET_REPO_DIR}"}" local MGMT_RESOURCES_DIR="${4:-"${MGMT_RESOURCES_DIR}"}" - local MGMT_CLUSTER_DIR="${5:-"${MGMT_CLUSTER_DIR}"}" # Optional inputs: Paths for each profile in the Git repo - local INFRA_CONTROLLERS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local INFRA_CONFIGS_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local MANAGED_RESOURCES_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" - local MGMT_CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_DIR}"}" - local APPS_DIR="${10:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local CLUSTER_DIR="${11:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONTROLLERS_DIR="${5:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONFIGS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local MANAGED_RESOURCES_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" + local APPS_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}" # Optional input: Do I need a purge operation first? - local PURGE="${12:-"false"}" + local PURGE="${10:-"false"}" # Perform the purge if needed if [[ "${PURGE,,}" == "true" ]]; then echo "Purging the remote Flux instalation..." + flux uninstall -s --namespace=flux-system fi echo "Deleting cluster profiles and (when applicable) its cloud resources..." @@ -1030,7 +1009,6 @@ function delete_remote_cluster() { rm -rf "${INFRA_CONTROLLERS_DIR}" rm -rf "${INFRA_CONFIGS_DIR}" rm -rf "${MANAGED_RESOURCES_DIR}" - rm -rf "${MGMT_CLUSTER_DIR}" rm -rf "${APPS_DIR}" # Delete base cluster Kustomizations @@ -1076,7 +1054,6 @@ function update_crossplane_cluster() { local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}" local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}" - # Is the provider type supported? local VALID_PROVIDERS=("eks" "aks" "gke") CLUSTER_TYPE="${CLUSTER_TYPE,,}" @@ -1118,6 +1095,7 @@ function update_crossplane_cluster() { "${MANIFEST_FILENAME}" } + # Create remote CAPI cluster for Openstack function create_capi_openstack_cluster() { local CLUSTER_KUSTOMIZATION_NAME="${1}" @@ -1243,12 +1221,12 @@ function create_capi_openstack_cluster() { prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \ list2folder_cp_over \ "${TARGET_FOLDER}" - + # Bootstrap (unless asked to skip) if [[ "${SKIP_BOOTSTRAP,,}" == "true" ]]; then return 0 fi - + create_bootstrap_for_remote_cluster \ "${CLUSTER_NAME}" \ "${CLUSTER_KUSTOMIZATION_NAME}" \ @@ -1298,13 +1276,13 @@ function update_capi_openstack_cluster() { local MGMT_CLUSTER_NAME="${24:-"_management"}" local BASE_TEMPLATES_PATH="${25:-"cloud-resources/capi"}" local NAMESPACE="${26:-"managed-resources"}" - + # Determine key folders in Fleet local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" # Updating no new cluster local SKIP_BOOTSTRAP="true" - + create_capi_openstack_cluster \ "${CLUSTER_KUSTOMIZATION_NAME}" \ "${CLUSTER_NAME}" \ @@ -1369,7 +1347,7 @@ function create_openshift_cluster { local BASE_TEMPLATES_PATH="${25:-"cloud-resources"}" local TEMPLATE_MANIFEST_FILENAME="${26:-"openshift01.yaml"}" local MANIFEST_FILENAME="${27:-"openshift-${CLUSTER_NAME}.yaml"}" - + local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/cloud-resources/openshift/templates" local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" @@ -1538,7 +1516,7 @@ function update_openshift_cluster { local SKIP_BOOTSTRAP="${23:-"false"}" # Only change if absolutely needeed local MGMT_PROJECT_NAME="${24:-"osm_admin"}" - + # Determine key folders in Fleet local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" @@ -1572,6 +1550,7 @@ function update_openshift_cluster { "${MGMT_PROJECT_NAME}" } + # ----- Helper functions for adding/removing a profile from a cluster ----- # Helper function to find profiles of a given type already used in the cluster @@ -2521,7 +2500,6 @@ function create_crossplane_providerconfig() { local OSM_PROJECT_NAME="${12:-"osm_admin"}" local MGMT_CLUSTER_NAME="${13:-"_management"}" - # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2594,7 +2572,6 @@ function delete_crossplane_providerconfig() { local OSM_PROJECT_NAME="${4:-"osm_admin"}" local MGMT_CLUSTER_NAME="${5:-"_management"}" - # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2632,7 +2609,6 @@ function update_crossplane_providerconfig() { local OSM_PROJECT_NAME="${12:-"osm_admin"}" local MGMT_CLUSTER_NAME="${13:-"_management"}" - # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2678,7 +2654,7 @@ function create_capi_openstack_cloudconf() { local CLOUD_CREDENTIALS_CLOUDS_KEY="clouds.yaml" local CLOUD_CREDENTIALS_CACERT_KEY="cacert" local CLOUD_CREDENTIALS_FILENAME="credentials-secret.yaml" - + local CLOUD_CREDENTIALS_TOML_SECRET_NAME="${OPENSTACK_CLOUD_NAME}-capo-config-toml" local CLOUD_CREDENTIALS_TOML_FILENAME="credentials-toml-secret.yaml" @@ -2729,7 +2705,7 @@ function update_capi_openstack_cloudconf() { delete_capi_openstack_cloudconf \ "${CLOUD_CONFIG_NAME}" \ "${CONFIG_DIR}" - + create_capi_openstack_cloudconf \ "${CLOUD_CONFIG_NAME}" \ "${PUBLIC_KEY}" \ @@ -2743,11 +2719,12 @@ function delete_capi_openstack_cloudconf() { local CONFIG_DIR="${2:-"${MGMT_ADDON_CONFIG_DIR}"}" local TARGET_FOLDER="${CONFIG_DIR}/capi-providerconfigs/capo/${OPENSTACK_CLOUD_NAME}-config" - + # Delete the encrypted secrets files. rm -rf "${TARGET_FOLDER}" } + # Helper function to return the relative path of a location in SW Catalogs for an OKA function path_to_catalog() { local OKA_TYPE="$1" diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml index e533cfa6..d138660e 100644 --- a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml +++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml @@ -28,7 +28,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -38,7 +38,6 @@ spec: timeout: 5m dependsOn: - name: ${CLUSTER_KUSTOMIZATION_NAME} - namespace: ${CLUSTER_KUSTOMIZATION_NAMESPACE} prune: true # wait: true # force: true @@ -49,8 +48,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig --- # Creates remote `flux-system.flux-system` secret @@ -58,7 +57,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -78,8 +77,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig patches: - patch: |- apiVersion: v1 @@ -99,60 +98,13 @@ spec: - kind: Secret name: flux-system ---- -# Creates remote `flux-system.managed-resources` secret -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-flux - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} - labels: - cluster: ${CLUSTER_KUSTOMIZATION_NAME} -spec: - # interval: 1h - interval: 5m - retryInterval: 1m - timeout: 5m - dependsOn: - - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns - prune: true - # wait: true - force: true - sourceRef: - kind: GitRepository - name: sw-catalogs - namespace: flux-system - path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret - kubeConfig: - secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} - patches: - - patch: |- - apiVersion: v1 - kind: Secret - metadata: - name: ${secret_name} - namespace: ${secret_namespace} - stringData: - username: ${username} - password: ${password} - # Inputs: - postBuild: - substitute: - secret_name: flux-system - secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} - substituteFrom: - - kind: Secret - name: flux-system - --- # Creates remote `sops-age` secret apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -172,8 +124,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig patches: - patch: |- apiVersion: v1 @@ -198,7 +150,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -218,8 +170,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig patches: - patch: |- apiVersion: v1 @@ -239,60 +191,13 @@ spec: - kind: Secret name: fleet-repo ---- -# Creates remote `fleet-repo.managed-resources` secret -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-fleet - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} - labels: - cluster: ${CLUSTER_KUSTOMIZATION_NAME} -spec: - # interval: 1h - interval: 5m - retryInterval: 1m - timeout: 5m - dependsOn: - - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns - prune: true - # wait: true - force: true - sourceRef: - kind: GitRepository - name: sw-catalogs - namespace: flux-system - path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret - kubeConfig: - secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} - patches: - - patch: |- - apiVersion: v1 - kind: Secret - metadata: - name: ${secret_name} - namespace: ${secret_namespace} - stringData: - username: ${username} - password: ${password} - # Inputs: - postBuild: - substitute: - secret_name: fleet-repo - secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} - substituteFrom: - - kind: Secret - name: fleet-repo - --- # Creates remote `sw-catalogs.flux-system` secret apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -312,8 +217,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig patches: - patch: |- apiVersion: v1 @@ -333,60 +238,13 @@ spec: - kind: Secret name: sw-catalogs ---- -# Creates remote `sw-catalogs.managed-resources` secret -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-catalogs - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} - labels: - cluster: ${CLUSTER_KUSTOMIZATION_NAME} -spec: - # interval: 1h - interval: 5m - retryInterval: 1m - timeout: 5m - dependsOn: - - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns - prune: true - # wait: true - force: true - sourceRef: - kind: GitRepository - name: sw-catalogs - namespace: flux-system - path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret - kubeConfig: - secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} - patches: - - patch: |- - apiVersion: v1 - kind: Secret - metadata: - name: ${secret_name} - namespace: ${secret_namespace} - stringData: - username: ${username} - password: ${password} - # Inputs: - postBuild: - substitute: - secret_name: sw-catalogs - secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} - substituteFrom: - - kind: Secret - name: sw-catalogs - --- # Remote installation of Flux controller (to let the cluster be autonomous) apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl - namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + namespace: managed-resources labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -403,5 +261,5 @@ spec: namespace: flux-system kubeConfig: secretRef: - name: ${CLUSTER_KUBECONFIG_SECRET_NAME} - key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} + key: kubeconfig -- 2.25.1