From b47694500fdb2e810fff98b03998ab9acf65a424 Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Wed, 6 Aug 2025 18:08:18 +0200 Subject: [PATCH] Fix remote cluster bootstrap related to support Openshift clusters" This reverts commit 94e638fab180f3357be7f8387879c0f21577b56e. Change-Id: I55795b9b6fe2403cfce64a228a961264dcc2c799 Signed-off-by: garciadeblas --- .../scripts/library/krm-functions.rc | 99 ++++++---- .../templates/remote-cluster-bootstrap.yaml | 178 ++++++++++++++++-- 2 files changed, 221 insertions(+), 56 deletions(-) diff --git a/docker/osm-krm-functions/scripts/library/krm-functions.rc b/docker/osm-krm-functions/scripts/library/krm-functions.rc index 04fde1a9..93331064 100644 --- a/docker/osm-krm-functions/scripts/library/krm-functions.rc +++ b/docker/osm-krm-functions/scripts/library/krm-functions.rc @@ -279,9 +279,7 @@ function delete_nodegroup() { local PROJECT_NAME="${3:-"${MGMT_PROJECT_NAME}"}" local FLEET_REPO_DIR="${4:-"${FLEET_REPO_DIR}"}" local MGMT_RESOURCES_DIR="${5:-"${MGMT_RESOURCES_DIR}"}" - local NODEGROUP_DIR="${MGMT_RESOURCES_DIR}/${CLUSTER_NAME}/${NODEGROUP_KUSTOMIZATION_NAME}" - # Delete node Kustomizations rm -rf "${NODEGROUP_DIR}" } @@ -507,16 +505,15 @@ function generator_base_kustomizations_new_cluster() { local SW_CATALOGS_REPO_URL="$3" local PROJECT_NAME="${4:-"${MGMT_PROJECT_NAME}"}" local SW_CATALOGS_REPO_DIR="${5:-"${SW_CATALOGS_REPO_DIR}"}" - + # Path for the source templates + local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}" + # Optional inputs: # Paths for each profile in the Git repo - local INFRA_CONTROLLERS_PATH="${6:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local INFRA_CONFIGS_PATH="${7:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local MANAGED_RESOURCES_PATH="${8:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" - local APPS_PATH="${9:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - - # Path for the source templates - local TEMPLATES="${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates" + local INFRA_CONTROLLERS_PATH="${7:-"${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONFIGS_PATH="${8:-"${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local MANAGED_RESOURCES_PATH="${9:-"${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" + local APPS_PATH="${10:-"${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" # Generate export CLUSTER_KUSTOMIZATION_NAME @@ -583,16 +580,28 @@ function generator_bootstrap_new_cluster() { local CLUSTER_KUSTOMIZATION_NAME="${2:-$(safe_name ${CLUSTER_NAME})}" local CLUSTER_AGE_SECRET_NAME="${3:-$(safe_name "sops-age-${CLUSTER_KUSTOMIZATION_NAME}")}" local SW_CATALOGS_REPO_DIR="${4:-"${SW_CATALOGS_REPO_DIR}"}" + local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${5:-"managed-resources"}" + local CLUSTER_KUSTOMIZATION_NAMESPACE="${6:-"managed-resources"}" + local BOOTSTRAP_SECRET_NAMESPACE="${7:-"managed-resources"}" # Paths and names for the templates - local MANIFEST_FILENAME="${5:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}" - local TEMPLATES="${6:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}" - local TEMPLATE_MANIFEST_FILENAME="${7:-"remote-cluster-bootstrap.yaml"}" + local MANIFEST_FILENAME="${8:-"cluster-bootstrap-${CLUSTER_KUSTOMIZATION_NAME}.yaml"}" + local TEMPLATES="${9:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/bootstrap/templates"}" + local TEMPLATE_MANIFEST_FILENAME="${10:-"remote-cluster-bootstrap.yaml"}" + + # Variables for kubeconfig secret configuration + local CLUSTER_KUBECONFIG_SECRET_KEY=${CLUSTER_KUBECONFIG_SECRET_KEY:-"kubeconfig"} + local CLUSTER_KUBECONFIG_SECRET_NAME=${CLUSTER_KUBECONFIG_SECRET_NAME:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"} # Generate manifests export CLUSTER_KUSTOMIZATION_NAME export CLUSTER_NAME export CLUSTER_AGE_SECRET_NAME + export CLUSTER_KUBECONFIG_SECRET_KEY + export CLUSTER_KUBECONFIG_SECRET_NAME + export BOOTSTRAP_KUSTOMIZATION_NAMESPACE + export CLUSTER_KUSTOMIZATION_NAMESPACE + export BOOTSTRAP_SECRET_NAMESPACE join_lists \ <(cat) \ @@ -603,7 +612,7 @@ function generator_bootstrap_new_cluster() { "${TEMPLATE_MANIFEST_FILENAME}" \ "${MANIFEST_FILENAME}" | \ replace_env_vars \ - '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME}' + '${CLUSTER_KUSTOMIZATION_NAME},${CLUSTER_NAME},${CLUSTER_AGE_SECRET_NAME},${CLUSTER_KUBECONFIG_SECRET_KEY},${CLUSTER_KUBECONFIG_SECRET_NAME},${CLUSTER_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_KUSTOMIZATION_NAMESPACE},${BOOTSTRAP_SECRET_NAMESPACE}' ) } @@ -673,10 +682,16 @@ function create_bootstrap_for_remote_cluster() { local PUBLIC_KEY_NEW_CLUSTER="$9" local PRIVATE_KEY_NEW_CLUSTER="${10:-${PRIVATE_KEY_NEW_CLUSTER}}" local IMPORTED_CLUSTER="${11:-"false"}" - + local MGMT_CLUSTER_NAME="${12:-"_management"}" + local CLUSTER_KUBECONFIG_SECRET_NAME=${13:-"kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}"} + local CLUSTER_KUBECONFIG_SECRET_KEY=${14:-"kubeconfig"} + local TEMPLATES_DIR="${15:-"${SW_CATALOGS_REPO_DIR}/cloud-resources/flux-remote-bootstrap/cluster-base/templates"}" + local BOOTSTRAP_KUSTOMIZATION_NAMESPACE="${16:-"managed-resources"}" + local CLUSTER_KUSTOMIZATION_NAMESPACE="${17:-"managed-resources"}" + local BOOTSTRAP_SECRET_NAMESPACE="${18:-"${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}"}" # Calculates the folder where managed resources are defined - local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/_management" + local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" # Create profile folders echo "" | \ @@ -695,7 +710,8 @@ function create_bootstrap_for_remote_cluster() { "${FLEET_REPO_URL}" \ "${SW_CATALOGS_REPO_URL}" \ "${MGMT_PROJECT_NAME}" \ - "${SW_CATALOGS_REPO_DIR}" | \ + "${SW_CATALOGS_REPO_DIR}" \ + "${TEMPLATES_DIR}" | \ list2folder_cp_over \ "${CLUSTER_FOLDER}" @@ -718,11 +734,15 @@ function create_bootstrap_for_remote_cluster() { "${CLUSTER_NAME}" \ "${CLUSTER_KUSTOMIZATION_NAME}" \ "${CLUSTER_AGE_SECRET_NAME}" \ - "${SW_CATALOGS_REPO_DIR}" | \ + "${SW_CATALOGS_REPO_DIR}" \ + "${BOOTSTRAP_KUSTOMIZATION_NAMESPACE}" \ + "${CLUSTER_KUSTOMIZATION_NAMESPACE}" \ + "${BOOTSTRAP_SECRET_NAMESPACE}" | \ generator_k8s_age_secret_new_cluster \ "${PRIVATE_KEY_NEW_CLUSTER}" \ "${PUBLIC_KEY_MGMT}" \ - "${CLUSTER_AGE_SECRET_NAME}" | \ + "${CLUSTER_AGE_SECRET_NAME}" \ + "${BOOTSTRAP_SECRET_NAMESPACE}" | \ prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \ list2folder_cp_over \ "${MGMT_RESOURCES_DIR}" @@ -985,22 +1005,23 @@ function delete_remote_cluster() { local PROJECT_NAME="${2:-"${MGMT_PROJECT_NAME}"}" local FLEET_REPO_DIR="${3:-"${FLEET_REPO_DIR}"}" local MGMT_RESOURCES_DIR="${4:-"${MGMT_RESOURCES_DIR}"}" + local MGMT_CLUSTER_DIR="${5:-"${MGMT_CLUSTER_DIR}"}" # Optional inputs: Paths for each profile in the Git repo - local INFRA_CONTROLLERS_DIR="${5:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local INFRA_CONFIGS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local MANAGED_RESOURCES_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" - local APPS_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" - local CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONTROLLERS_DIR="${6:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-controller-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local INFRA_CONFIGS_DIR="${7:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/infra-config-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local MANAGED_RESOURCES_DIR="${8:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${CLUSTER_KUSTOMIZATION_NAME}"}" + local MGMT_CLUSTER_DIR="${9:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_DIR}"}" + local APPS_DIR="${10:-"${FLEET_REPO_DIR}/${PROJECT_NAME}/app-profiles/${CLUSTER_KUSTOMIZATION_NAME}"}" + local CLUSTER_DIR="${11:-"${FLEET_REPO_DIR}/clusters/${CLUSTER_KUSTOMIZATION_NAME}"}" # Optional input: Do I need a purge operation first? - local PURGE="${10:-"false"}" + local PURGE="${12:-"false"}" # Perform the purge if needed if [[ "${PURGE,,}" == "true" ]]; then echo "Purging the remote Flux instalation..." - flux uninstall -s --namespace=flux-system fi echo "Deleting cluster profiles and (when applicable) its cloud resources..." @@ -1009,6 +1030,7 @@ function delete_remote_cluster() { rm -rf "${INFRA_CONTROLLERS_DIR}" rm -rf "${INFRA_CONFIGS_DIR}" rm -rf "${MANAGED_RESOURCES_DIR}" + rm -rf "${MGMT_CLUSTER_DIR}" rm -rf "${APPS_DIR}" # Delete base cluster Kustomizations @@ -1054,6 +1076,7 @@ function update_crossplane_cluster() { local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}" local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}" + # Is the provider type supported? local VALID_PROVIDERS=("eks" "aks" "gke") CLUSTER_TYPE="${CLUSTER_TYPE,,}" @@ -1095,7 +1118,6 @@ function update_crossplane_cluster() { "${MANIFEST_FILENAME}" } - # Create remote CAPI cluster for Openstack function create_capi_openstack_cluster() { local CLUSTER_KUSTOMIZATION_NAME="${1}" @@ -1221,12 +1243,12 @@ function create_capi_openstack_cluster() { prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \ list2folder_cp_over \ "${TARGET_FOLDER}" - + # Bootstrap (unless asked to skip) if [[ "${SKIP_BOOTSTRAP,,}" == "true" ]]; then return 0 fi - + create_bootstrap_for_remote_cluster \ "${CLUSTER_NAME}" \ "${CLUSTER_KUSTOMIZATION_NAME}" \ @@ -1276,13 +1298,13 @@ function update_capi_openstack_cluster() { local MGMT_CLUSTER_NAME="${24:-"_management"}" local BASE_TEMPLATES_PATH="${25:-"cloud-resources/capi"}" local NAMESPACE="${26:-"managed-resources"}" - + # Determine key folders in Fleet local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" # Updating no new cluster local SKIP_BOOTSTRAP="true" - + create_capi_openstack_cluster \ "${CLUSTER_KUSTOMIZATION_NAME}" \ "${CLUSTER_NAME}" \ @@ -1347,7 +1369,7 @@ function create_openshift_cluster { local BASE_TEMPLATES_PATH="${25:-"cloud-resources"}" local TEMPLATE_MANIFEST_FILENAME="${26:-"openshift01.yaml"}" local MANIFEST_FILENAME="${27:-"openshift-${CLUSTER_NAME}.yaml"}" - + local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/cloud-resources/openshift/templates" local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" @@ -1516,7 +1538,7 @@ function update_openshift_cluster { local SKIP_BOOTSTRAP="${23:-"false"}" # Only change if absolutely needeed local MGMT_PROJECT_NAME="${24:-"osm_admin"}" - + # Determine key folders in Fleet local MGMT_RESOURCES_DIR="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}" @@ -1550,7 +1572,6 @@ function update_openshift_cluster { "${MGMT_PROJECT_NAME}" } - # ----- Helper functions for adding/removing a profile from a cluster ----- # Helper function to find profiles of a given type already used in the cluster @@ -2500,6 +2521,7 @@ function create_crossplane_providerconfig() { local OSM_PROJECT_NAME="${12:-"osm_admin"}" local MGMT_CLUSTER_NAME="${13:-"_management"}" + # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2572,6 +2594,7 @@ function delete_crossplane_providerconfig() { local OSM_PROJECT_NAME="${4:-"osm_admin"}" local MGMT_CLUSTER_NAME="${5:-"_management"}" + # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2609,6 +2632,7 @@ function update_crossplane_providerconfig() { local OSM_PROJECT_NAME="${12:-"osm_admin"}" local MGMT_CLUSTER_NAME="${13:-"_management"}" + # Is the provider type supported? local VALID_PROVIDERS=("aws" "azure" "gcp") PROVIDER_TYPE="${PROVIDER_TYPE,,}" @@ -2654,7 +2678,7 @@ function create_capi_openstack_cloudconf() { local CLOUD_CREDENTIALS_CLOUDS_KEY="clouds.yaml" local CLOUD_CREDENTIALS_CACERT_KEY="cacert" local CLOUD_CREDENTIALS_FILENAME="credentials-secret.yaml" - + local CLOUD_CREDENTIALS_TOML_SECRET_NAME="${OPENSTACK_CLOUD_NAME}-capo-config-toml" local CLOUD_CREDENTIALS_TOML_FILENAME="credentials-toml-secret.yaml" @@ -2705,7 +2729,7 @@ function update_capi_openstack_cloudconf() { delete_capi_openstack_cloudconf \ "${CLOUD_CONFIG_NAME}" \ "${CONFIG_DIR}" - + create_capi_openstack_cloudconf \ "${CLOUD_CONFIG_NAME}" \ "${PUBLIC_KEY}" \ @@ -2719,12 +2743,11 @@ function delete_capi_openstack_cloudconf() { local CONFIG_DIR="${2:-"${MGMT_ADDON_CONFIG_DIR}"}" local TARGET_FOLDER="${CONFIG_DIR}/capi-providerconfigs/capo/${OPENSTACK_CLOUD_NAME}-config" - + # Delete the encrypted secrets files. rm -rf "${TARGET_FOLDER}" } - # Helper function to return the relative path of a location in SW Catalogs for an OKA function path_to_catalog() { local OKA_TYPE="$1" diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml index d138660e..e533cfa6 100644 --- a/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml +++ b/installers/flux/templates/sw-catalogs/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml @@ -28,7 +28,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -38,6 +38,7 @@ spec: timeout: 5m dependsOn: - name: ${CLUSTER_KUSTOMIZATION_NAME} + namespace: ${CLUSTER_KUSTOMIZATION_NAMESPACE} prune: true # wait: true # force: true @@ -48,8 +49,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} --- # Creates remote `flux-system.flux-system` secret @@ -57,7 +58,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -77,8 +78,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} patches: - patch: |- apiVersion: v1 @@ -98,13 +99,60 @@ spec: - kind: Secret name: flux-system +--- +# Creates remote `flux-system.managed-resources` secret +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-flux + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + labels: + cluster: ${CLUSTER_KUSTOMIZATION_NAME} +spec: + # interval: 1h + interval: 5m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns + prune: true + # wait: true + force: true + sourceRef: + kind: GitRepository + name: sw-catalogs + namespace: flux-system + path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret + kubeConfig: + secretRef: + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + patches: + - patch: |- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret_name} + namespace: ${secret_namespace} + stringData: + username: ${username} + password: ${password} + # Inputs: + postBuild: + substitute: + secret_name: flux-system + secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} + substituteFrom: + - kind: Secret + name: flux-system + --- # Creates remote `sops-age` secret apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -124,8 +172,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} patches: - patch: |- apiVersion: v1 @@ -150,7 +198,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -170,8 +218,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} patches: - patch: |- apiVersion: v1 @@ -191,13 +239,60 @@ spec: - kind: Secret name: fleet-repo +--- +# Creates remote `fleet-repo.managed-resources` secret +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-fleet + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + labels: + cluster: ${CLUSTER_KUSTOMIZATION_NAME} +spec: + # interval: 1h + interval: 5m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns + prune: true + # wait: true + force: true + sourceRef: + kind: GitRepository + name: sw-catalogs + namespace: flux-system + path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret + kubeConfig: + secretRef: + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + patches: + - patch: |- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret_name} + namespace: ${secret_namespace} + stringData: + username: ${username} + password: ${password} + # Inputs: + postBuild: + substitute: + secret_name: fleet-repo + secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} + substituteFrom: + - kind: Secret + name: fleet-repo + --- # Creates remote `sw-catalogs.flux-system` secret apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -217,8 +312,8 @@ spec: path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} patches: - patch: |- apiVersion: v1 @@ -238,13 +333,60 @@ spec: - kind: Secret name: sw-catalogs +--- +# Creates remote `sw-catalogs.managed-resources` secret +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-managedresources-catalogs + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} + labels: + cluster: ${CLUSTER_KUSTOMIZATION_NAME} +spec: + # interval: 1h + interval: 5m + retryInterval: 1m + timeout: 5m + dependsOn: + - name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns + prune: true + # wait: true + force: true + sourceRef: + kind: GitRepository + name: sw-catalogs + namespace: flux-system + path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret + kubeConfig: + secretRef: + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} + patches: + - patch: |- + apiVersion: v1 + kind: Secret + metadata: + name: ${secret_name} + namespace: ${secret_namespace} + stringData: + username: ${username} + password: ${password} + # Inputs: + postBuild: + substitute: + secret_name: sw-catalogs + secret_namespace: ${BOOTSTRAP_SECRET_NAMESPACE} + substituteFrom: + - kind: Secret + name: sw-catalogs + --- # Remote installation of Flux controller (to let the cluster be autonomous) apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl - namespace: managed-resources + namespace: ${BOOTSTRAP_KUSTOMIZATION_NAMESPACE} labels: cluster: ${CLUSTER_KUSTOMIZATION_NAME} spec: @@ -261,5 +403,5 @@ spec: namespace: flux-system kubeConfig: secretRef: - name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME} - key: kubeconfig + name: ${CLUSTER_KUBECONFIG_SECRET_NAME} + key: ${CLUSTER_KUBECONFIG_SECRET_KEY} -- 2.25.1