0db9ec08ba
This adds a field to the SIP CRD to reference a Secret containing SSH private keys to inject into the jump host container to be used to SSH into the cluster's nodes. These should correspond to whatever SSH authorized keys that will be included in the nodes. These keys are then added to the jumphost container, and an SSH config file is added to the ubuntu user's SSH config which includes these keys along with host entries for each VM, which allows them to be consumed by bash completion, which this also adds to the jumphost image. Signed-off-by: Sean Eagan <seaneagan1@gmail.com> Change-Id: If2e948f567a867d8ee11353d79f3224faeac9215
57 lines
2.7 KiB
YAML
57 lines
2.7 KiB
YAML
apiVersion: airship.airshipit.org/v1
|
|
kind: SIPCluster
|
|
metadata:
|
|
name: sipcluster-system
|
|
namespace: sipcluster-system
|
|
finalizers:
|
|
- sip.airship.airshipit.org/finalizer
|
|
spec:
|
|
nodes:
|
|
ControlPlane:
|
|
vmFlavor: vino.airshipit.org/flavor=control-plane
|
|
spreadTopology: PerRack
|
|
count:
|
|
active: 1
|
|
standby: 1
|
|
Worker:
|
|
vmFlavor: vino.airshipit.org/flavor=worker
|
|
spreadTopology: PerHost
|
|
count:
|
|
active: 1
|
|
standby: 1 # Slew for upgrades
|
|
services:
|
|
# NOTE: The auth service has not yet been implemented.
|
|
# auth:
|
|
# - image: sshpod:foo
|
|
# # NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os: linux
|
|
# nodePort: 7023
|
|
# nodeInterfaceId: oam-ipv4
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|
|
jumpHost:
|
|
- image: quay.io/airshipit/jump-host:latest
|
|
# NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os: linux
|
|
nodePort: 30001
|
|
nodeInterfaceId: oam-ipv4
|
|
# NOTE: clusterIP has not yet been implemented.
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|
|
bmc:
|
|
proxy: false
|
|
sshAuthorizedKeys:
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyaozS8kZRw2a1d0O4YXhxtJlDPThqIZilGCsXLbukIFOyMUmMTwQAtwWp5epwU1+5ponC2uBENB6xCCj3cl5Rd43d2/B6HxyAPQGKo6/zKYGAKW2nzYDxSWMl6NUSsiJAyXUA7ZlNZQe0m8PmaferlkQyLLZo3NJpizz6U6ZCtxvj43vEl7NYWnLUEIzGP9zMqltIGnD4vYrU9keVKKXSsp+DkApnbrDapeigeGATCammy2xRrUQDuOvGHsfnQbXr2j0onpTIh0PiLrXLQAPDg8UJRgVB+ThX+neI3rQ320djzRABckNeE6e4Kkwzn+QdZsmA2SDvM9IU7boK1jVQlgUPp7zF5q3hbb8Rx7AadyTarBayUkCgNlrMqth+tmTMWttMqCPxJRGnhhvesAHIl55a28Kzz/2Oqa3J9zwzbyDIwlEXho0eAq3YXEPeBhl34k+7gOt/5Zdbh+yacFoxDh0LrshQgboAijcVVaXPeN0LsHEiVvYIzugwIvCkoFMPWoPj/kEGzPY6FCkVneDA7VoLTCoG8dlrN08Lf05/BGC7Wllm66pTNZC/cKXP+cjpQn1iEuiuPxnPldlMHx9sx2y/BRoft6oT/GzqkNy1NTY/xI+MfmxXnF5kwSbcTbzZQ9fZ8xjh/vmpPBgDNrxOEAT4N6OG7GQIhb9HEhXQCQ== example-key
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwpOyZjZ4gB0OTvmofH3llh6cBCWaEiEmHZWSkDXr8Bih6HcXVOtYMcFi/ZnUVGUBPw3ATNQBZUaVCYKeF+nDfKTJ9hmnlsyHxV2LeMsVg1o15Pb6f+QJuavEqtE6HI7mHyId4Z1quVTJXDWDW8OZEG7M3VktauqAn/e9UJvlL0bGmTFD1XkNcbRsWMRWkQgt2ozqlgrpPtvrg2/+bNucxX++VUjnsn+fGgAT07kbnrZwppGnAfjbYthxhv7GeSD0+Z0Lf1kiKy/bhUqXsZIuexOfF0YrRyUH1KBl8GCX2OLBYvXHyusByqsrOPiROqRdjX5PsK6HSAS0lk0niTt1p example-key-2
|
|
nodeSSHPrivateKeys: ssh-private-keys
|
|
loadBalancer:
|
|
- image: haproxy:2.3.2
|
|
# NOTE: nodeLabels not yet implemented.
|
|
# nodeLabels:
|
|
# kubernetes.io/os: linux
|
|
nodePort: 30000
|
|
nodeInterfaceId: oam-ipv4
|
|
# NOTE: clusterIP has not yet been implemented.
|
|
# clusterIP: 1.2.3.4 # IP of the base cluster VIP
|
|
|